Package org.keycloak.models
Interface IdentityProviderStorageProvider
- All Superinterfaces:
Provider
- All Known Implementing Classes:
InfinispanIdentityProviderStorageProvider
,JpaIdentityProviderStorageProvider
The
IdentityProviderStorageProvider
is concerned with the storage/retrieval of the configured identity providers
in Keycloak. In other words, it is a provider of identity providers (IDPs) and, as such, handles the CRUD operations for IDPs.
It is not to be confused with the IdentityProvider
found in server-spi-private as that provider is meant to be
implemented by actual identity providers that handle the logic of authenticating users with third party brokers, such
as Microsoft, Google, GitHub, LinkedIn, etc.- Author:
- Stefan Guilhen
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic enum
Enum to control how login identity providers should be fetched.static enum
Enum that contains all fields that are considered when deciding if a provider should be available for login or not. -
Method Summary
Modifier and TypeMethodDescriptionlong
count()
Returns the number of IDPs in the realm.create
(IdentityProviderModel model) Creates a new identity provider from the specified model.Creates a new identity provider mapper from the specified model.default Stream<IdentityProviderModel>
Returns all identity providers in the current realm.Returns all identity providers in the realm filtered according to the specified search options.getByAlias
(String alias) Obtains the identity provider with the specified alias.Returns the aliases of all identity providers whosefirstBrokerLoginFlowId
orpostBrokerLoginFlowId
matches the providedflowId
.Obtains the identity provider with the specified internal id.default IdentityProviderModel
getByIdOrAlias
(String key) Obtains the identity provider whose id or alias match the specified key.default Stream<IdentityProviderModel>
getByOrganization
(String orgId, Integer first, Integer max) Returns all identity providers associated with the organization with the provided id.default Stream<IdentityProviderModel>
getForLogin
(IdentityProviderStorageProvider.FetchMode mode, String organizationId) Returns all identity providers available for login, according to the specified mode.getMapperById
(String id) Obtains the identity provider mapper with the specified id.getMapperByName
(String identityProviderAlias, String name) Obtains the identity provider mapper with the provided identity provider alias and name.getMappersByAliasStream
(String identityProviderAlias) Returns identity provider mappers by the provided alias as a stream.default Stream<IdentityProviderMapperModel>
Returns all identity provider mappers as a stream.Returns all identity provider mappers in the realm filtered according to the specified search options.default boolean
Checks whether the realm has any configured identity providers or not.boolean
Removes the identity provider with the specified alias.void
Removes all identity providers from the realm.void
Removes all identity provider mappers from the realm.boolean
Removes the given identity provider mapper.void
update
(IdentityProviderModel model) Updates the identity provider using the specified model.void
Updates the identity provider mapper using the specified model.
-
Method Details
-
create
Creates a new identity provider from the specified model.- Parameters:
model
- aIdentityProviderModel
containing the identity provider's data.- Returns:
- the model of the created identity provider.
-
update
Updates the identity provider using the specified model.- Parameters:
model
- aIdentityProviderModel
containing the identity provider's data.
-
remove
Removes the identity provider with the specified alias.- Parameters:
providerAlias
- the alias of the identity provider to be removed.- Returns:
true
if an IDP with the specified alias was found and removed;false
otherwise.
-
removeAll
void removeAll()Removes all identity providers from the realm. -
getById
Obtains the identity provider with the specified internal id.- Parameters:
internalId
- the identity provider's internal id.- Returns:
- a reference to the identity provider, or
null
if no provider is found.
-
getByAlias
Obtains the identity provider with the specified alias.- Parameters:
alias
- the identity provider's alias.- Returns:
- a reference to the identity provider, or
null
if no provider is found.
-
getByIdOrAlias
Obtains the identity provider whose id or alias match the specified key.- Parameters:
key
- aString
representing either the identity provider's id or alias.- Returns:
- a reference to the identity provider, or
null
if no provider is found.
-
getAllStream
Returns all identity providers in the current realm.- Returns:
- a non-null stream of
IdentityProviderModel
s.
-
getAllStream
Returns all identity providers in the realm filtered according to the specified search options. The options include:- Regular fields found in
IdentityProviderModel
, such asALIAS
,ENABLED
,HIDE_ON_LOGIN
, etc; - Special search keys also present in
IdentityProviderModel
. Those includeSEARCH
, used to perform exact, prefix, and infix searches by alias, andALIAS_NOT_IN
, used to perform searches for identity providers whose alias doesn't match any of the specified aliases (separated by comma); - Any attribute found in the identity provider's config. If the option key doesn't match any of the previous cases, the implementations must search the providers whose config contains a pair that matches the specified search option
- Parameters:
options
- aMap
containing identity provider search options that must be matched.first
- the position of the first result to be processed (pagination offset). Ignored if negative ornull
.max
- the maximum number of results to be returned. Ignored if negative ornull
.- Returns:
- a non-null stream of
IdentityProviderModel
s that match the search criteria.
- Regular fields found in
-
getByOrganization
Returns all identity providers associated with the organization with the provided id.- Parameters:
orgId
- the id of the organization.first
- the position of the first result to be processed (pagination offset). Ignored if negative ornull
.max
- the maximum number of results to be returned. Ignored if negative ornull
.- Returns:
- a non-null stream of
IdentityProviderModel
s that match the search criteria.
-
getByFlow
Returns the aliases of all identity providers whosefirstBrokerLoginFlowId
orpostBrokerLoginFlowId
matches the providedflowId
.- Parameters:
flowId
- the id of the flow.search
- an optionalString
representing an identity provider alias (partial or exact). If the value is enclosed in double quotes, the method treats it as an exact search (e.g."name"
). If the value is enclosed in wildcards, the method treats it as an infix search (e.g.*name*
). Otherwise, the method treats it as a prefix search (i.e.name*
andname
return the same results).first
- the position of the first result to be processed (pagination offset). Ignored if negative ornull
.max
- the maximum number of results to be returned. Ignored if negative ornull
.- Returns:
- a non-null stream of
IdentityProviderModel
s that match the search criteria.
-
getForLogin
default Stream<IdentityProviderModel> getForLogin(IdentityProviderStorageProvider.FetchMode mode, String organizationId) Returns all identity providers available for login, according to the specified mode. An IDP can be used for login if it is enabled, is not a link-only IDP, and is not configured to be hidden on login page. The mode parameter may narrow the list of IDPs that are available.FETCH_MODE.REALM_ONLY
fetches only realm-level IDPs (i.e. those not associated with any org).FETCH_MODE.ORG_ONLY
will work together with theorganizationId
parameter. If the latter is set, only the IDPs associated with that org will be returned. Otherwise, the method returns the IDPs associated with any org.FETCH_MODE.ALL
combines both approaches, returning both the realm-level IDPs with those associated with organizations (or a specific organization as per theorganizationId
param).- Parameters:
mode
- the fetch mode to be used. Can beREALM_ONLY
,ORG_ONLY
, orALL
.organizationId
- an optional organization ID. If present and the mode is notREALM_ONLY
, the param indicates that only IDPs associated with the specified organization are to be returned.- Returns:
- a non-null stream of
IdentityProviderModel
s that are suitable for being displayed in the login pages.
-
count
long count()Returns the number of IDPs in the realm.- Returns:
- the number of IDPs found in the realm.
-
isIdentityFederationEnabled
default boolean isIdentityFederationEnabled()Checks whether the realm has any configured identity providers or not.- Returns:
true
if the realm has at least one configured identity provider (federation is enabled);false
otherwise.
-
createMapper
Creates a new identity provider mapper from the specified model.- Parameters:
model
- aIdentityProviderMapperModel
containing the identity provider mapper's data.- Returns:
- the model of the created identity provider mapper.
-
updateMapper
Updates the identity provider mapper using the specified model.- Parameters:
model
- aIdentityProviderMapperModel
containing the identity provider mapper's data.
-
removeMapper
Removes the given identity provider mapper.- Parameters:
model
- aIdentityProviderMapperModel
to be deleted.- Returns:
true
if an identity provider mapper was removed;false
otherwise.
-
removeAllMappers
void removeAllMappers()Removes all identity provider mappers from the realm. -
getMapperById
Obtains the identity provider mapper with the specified id.- Parameters:
id
- the identity provider mapper's id.- Returns:
- a reference to the identity provider mapper, or
null
if no mapper is found.
-
getMapperByName
Obtains the identity provider mapper with the provided identity provider alias and name.- Parameters:
identityProviderAlias
- the identity provider alias.name
- the identity provider mapper's name.- Returns:
- a reference to the identity provider mapper, or
null
if no provider is found.
-
getMappersStream
Returns all identity provider mappers as a stream.- Returns:
- Stream of
IdentityProviderMapperModel
. Never returnsnull
.
-
getMappersStream
Stream<IdentityProviderMapperModel> getMappersStream(Map<String, String> options, Integer first, Integer max) Returns all identity provider mappers in the realm filtered according to the specified search options.- Parameters:
options
- aMap
containing identity provider search options that must be matched.first
- the position of the first result to be processed (pagination offset). Ignored if negative ornull
.max
- the maximum number of results to be returned. Ignored if negative ornull
.- Returns:
- a non-null stream of
IdentityProviderModel
s that match the search criteria.
-
getMappersByAliasStream
Returns identity provider mappers by the provided alias as a stream.- Parameters:
identityProviderAlias
-String
Identity provider alias to filter results.- Returns:
- Stream of
IdentityProviderMapperModel
Never returnsnull
.
-