Package org.keycloak.protocol.docker
Class DockerAuthV2Protocol
java.lang.Object
org.keycloak.protocol.docker.DockerAuthV2Protocol
- All Implemented Interfaces:
LoginProtocol,Provider
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.keycloak.protocol.LoginProtocol
LoginProtocol.Error -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionDockerAuthV2Protocol(KeycloakSession session, RealmModel realm, jakarta.ws.rs.core.UriInfo uriInfo, jakarta.ws.rs.core.HttpHeaders headers, EventBuilder event) -
Method Summary
Modifier and TypeMethodDescriptionjakarta.ws.rs.core.Responseauthenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx) jakarta.ws.rs.core.ResponsebackchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) voidclose()jakarta.ws.rs.core.ResponsefinishBrowserLogout(UserSessionModel userSession, AuthenticationSessionModel logoutSession) This method is called when browser logout is going to be finished.jakarta.ws.rs.core.ResponsefrontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) getClientData(AuthenticationSessionModel authSession) Returns client data, which will be wrapped in the "clientData" parameter sent within "authentication flow" requests.booleanrequireReauthentication(UserSessionModel userSession, AuthenticationSessionModel clientSession) jakarta.ws.rs.core.ResponsesendError(ClientModel client, ClientData clientData, LoginProtocol.Error error) Send the specified error to the specified client with the use of this protocol.jakarta.ws.rs.core.ResponsesendError(AuthenticationSessionModel clientSession, LoginProtocol.Error error) setEventBuilder(EventBuilder event) setHttpHeaders(jakarta.ws.rs.core.HttpHeaders headers) setRealm(RealmModel realm) setSession(KeycloakSession session) setUriInfo(jakarta.ws.rs.core.UriInfo uriInfo) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.protocol.LoginProtocol
sendPushRevocationPolicyRequest
-
Field Details
-
logger
protected static final org.jboss.logging.Logger logger -
LOGIN_PROTOCOL
- See Also:
-
ACCOUNT_PARAM
- See Also:
-
SERVICE_PARAM
- See Also:
-
SCOPE_PARAM
- See Also:
-
ISSUER
- See Also:
-
ISO_8601_DATE_FORMAT
- See Also:
-
-
Constructor Details
-
DockerAuthV2Protocol
public DockerAuthV2Protocol() -
DockerAuthV2Protocol
public DockerAuthV2Protocol(KeycloakSession session, RealmModel realm, jakarta.ws.rs.core.UriInfo uriInfo, jakarta.ws.rs.core.HttpHeaders headers, EventBuilder event)
-
-
Method Details
-
setSession
- Specified by:
setSessionin interfaceLoginProtocol
-
setRealm
- Specified by:
setRealmin interfaceLoginProtocol
-
setUriInfo
- Specified by:
setUriInfoin interfaceLoginProtocol
-
setHttpHeaders
- Specified by:
setHttpHeadersin interfaceLoginProtocol
-
setEventBuilder
- Specified by:
setEventBuilderin interfaceLoginProtocol
-
authenticated
public jakarta.ws.rs.core.Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
authenticatedin interfaceLoginProtocol
-
sendError
public jakarta.ws.rs.core.Response sendError(AuthenticationSessionModel clientSession, LoginProtocol.Error error) - Specified by:
sendErrorin interfaceLoginProtocol
-
getClientData
Description copied from interface:LoginProtocolReturns client data, which will be wrapped in the "clientData" parameter sent within "authentication flow" requests. The purpose of clientData is to be able to send HTTP error response back to the client if authentication fails due some error and authenticationSession is not available anymore (was either expired or removed). So clientData need to contain all the data to be able to send such response. For instance redirect-uri, state in case of OIDC or RelayState in case of SAML etc.- Specified by:
getClientDatain interfaceLoginProtocol- Parameters:
authSession- session from which particular clientData can be retrieved- Returns:
- client data, which will be wrapped in the "clientData" parameter sent within "authentication flow" requests
-
sendError
public jakarta.ws.rs.core.Response sendError(ClientModel client, ClientData clientData, LoginProtocol.Error error) Description copied from interface:LoginProtocolSend the specified error to the specified client with the use of this protocol. ClientData can contain additional metadata about how to send error response to the client in a correct way for particular protocol. For instance redirect-uri where to send error, state to be used in OIDC authorization endpoint response etc. This method is usually used when we don't have authenticationSession anymore (it was removed or expired) as otherwise it is recommended to useLoginProtocol.sendError(AuthenticationSessionModel, Error)NOTE: This method should also validate if provided clientData are valid according to given client (for instance if redirect-uri is valid) as clientData is request parameter, which can be injected to HTTP URLs by anyone.- Specified by:
sendErrorin interfaceLoginProtocol- Parameters:
client- client where to send errorclientData- clientData with additional protocol specific metadata needed for being able to properly send error with the use of this protocolerror- error to be used- Returns:
- response if error was sent. Null if error was not sent.
-
backchannelLogout
public jakarta.ws.rs.core.Response backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) - Specified by:
backchannelLogoutin interfaceLoginProtocol
-
frontchannelLogout
public jakarta.ws.rs.core.Response frontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) - Specified by:
frontchannelLogoutin interfaceLoginProtocol
-
finishBrowserLogout
public jakarta.ws.rs.core.Response finishBrowserLogout(UserSessionModel userSession, AuthenticationSessionModel logoutSession) Description copied from interface:LoginProtocolThis method is called when browser logout is going to be finished. It is not triggered during backchannel logout- Specified by:
finishBrowserLogoutin interfaceLoginProtocol- Parameters:
userSession- user session, which was logged outlogoutSession- authentication session, which was used during logout to track the logout state- Returns:
- response to be sent to the client
-
requireReauthentication
public boolean requireReauthentication(UserSessionModel userSession, AuthenticationSessionModel clientSession) - Specified by:
requireReauthenticationin interfaceLoginProtocol- Returns:
- true if SSO cookie authentication can't be used. User will need to "actively" reauthenticate
-
close
public void close()
-