java.lang.Object
org.keycloak.authentication.authenticators.util.LoAUtil

public class LoAUtil extends Object
Author:
Marek Posolda
  • Constructor Details

    • LoAUtil

      public LoAUtil()
  • Method Details

    • getCurrentLevelOfAuthentication

      public static int getCurrentLevelOfAuthentication(AuthenticatedClientSessionModel clientSession)
      Parameters:
      clientSession -
      Returns:
      current level from client session
    • getLoAConfiguredInRealmBrowserFlow

      public static Stream<Integer> getLoAConfiguredInRealmBrowserFlow(RealmModel realm)
      Parameters:
      realm -
      Returns:
      All LoA numbers configured in the conditions in the realm browser flow
    • getLoaMaxAgesConfiguredInRealmBrowserFlow

      public static Map<Integer,Integer> getLoaMaxAgesConfiguredInRealmBrowserFlow(RealmModel realm)
      Parameters:
      realm -
      Returns:
      All LoA numbers configured in the conditions in the realm browser flow. Key is level, Value is maxAge for particular level
    • getLoaMaxAgesConfiguredInRealmFlow

      public static Map<Integer,Integer> getLoaMaxAgesConfiguredInRealmFlow(RealmModel realm, String flowId)
      Parameters:
      realm -
      flowId -
      Returns:
      All LoA numbers configured in the conditions in the realm flow @{param flowId}. Key is level, Vaue is maxAge for particular level
    • getLevelFromLoaConditionConfiguration

      public static Integer getLevelFromLoaConditionConfiguration(AuthenticatorConfigModel loaConditionConfig)
    • getMaxAgeFromLoaConditionConfiguration

      public static int getMaxAgeFromLoaConditionConfiguration(AuthenticatorConfigModel loaConditionConfig)
    • getCredentialTypesToLoAMap

      public static Map<String,Integer> getCredentialTypesToLoAMap(KeycloakSession session, RealmModel realm, AuthenticationFlowModel topFlow)
      Return map where: - keys are credential types corresponding to authenticators available in given authentication flow - values are LoA levels of those credentials in the given flow (If not step-up authentication is used, values will be always Constants.NO_LOA) For instance if we have password as level1 and OTP or WebAuthn as available level2 authenticators it can return map like: { "password" -> 1, "otp" -> 2 "webauthn" -> 2 }
      Parameters:
      session -
      realm -
      topFlow -
      Returns:
      map as described above. Never returns null, but can return empty map.