Package org.keycloak.protocol.docker

Class DockerAuthV2Protocol

java.lang.Object
org.keycloak.protocol.docker.DockerAuthV2Protocol
All Implemented Interfaces:
LoginProtocol, Provider
public class DockerAuthV2Protocol extends Object implements LoginProtocol

  • Field Details

  • Constructor Details

    • DockerAuthV2Protocol

      public DockerAuthV2Protocol()

    • DockerAuthV2Protocol

      public DockerAuthV2Protocol(KeycloakSession session, RealmModel realm, jakarta.ws.rs.core.UriInfo uriInfo, jakarta.ws.rs.core.HttpHeaders headers, EventBuilder event)

  • Method Details

    • setSession

      public LoginProtocol setSession(KeycloakSession session)
      Specified by:
      setSession in interface LoginProtocol

    • setRealm

      public LoginProtocol setRealm(RealmModel realm)
      Specified by:
      setRealm in interface LoginProtocol

    • setUriInfo

      public LoginProtocol setUriInfo(jakarta.ws.rs.core.UriInfo uriInfo)
      Specified by:
      setUriInfo in interface LoginProtocol

    • setHttpHeaders

      public LoginProtocol setHttpHeaders(jakarta.ws.rs.core.HttpHeaders headers)
      Specified by:
      setHttpHeaders in interface LoginProtocol

    • setEventBuilder

      public LoginProtocol setEventBuilder(EventBuilder event)
      Specified by:
      setEventBuilder in interface LoginProtocol

    • authenticated

      public jakarta.ws.rs.core.Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx)
      Specified by:
      authenticated in interface LoginProtocol

    • sendError

      public jakarta.ws.rs.core.Response sendError(AuthenticationSessionModel clientSession, LoginProtocol.Error error, String errorMessage)
      Specified by:
      sendError in interface LoginProtocol

    • getClientData

      public ClientData getClientData(AuthenticationSessionModel authSession)
      Description copied from interface: LoginProtocol
      Returns client data, which will be wrapped in the "clientData" parameter sent within "authentication flow" requests. The purpose of clientData is to be able to send HTTP error response back to the client if authentication fails due some error and authenticationSession is not available anymore (was either expired or removed). So clientData need to contain all the data to be able to send such response. For instance redirect-uri, state in case of OIDC or RelayState in case of SAML etc.
      Specified by:
      getClientData in interface LoginProtocol
      Parameters:
      authSession - session from which particular clientData can be retrieved
      Returns:
      client data, which will be wrapped in the "clientData" parameter sent within "authentication flow" requests

    • sendError

      public jakarta.ws.rs.core.Response sendError(ClientModel client, ClientData clientData, LoginProtocol.Error error)
      Description copied from interface: LoginProtocol
      Send the specified error to the specified client with the use of this protocol. ClientData can contain additional metadata about how to send error response to the client in a correct way for particular protocol. For instance redirect-uri where to send error, state to be used in OIDC authorization endpoint response etc. This method is usually used when we don't have authenticationSession anymore (it was removed or expired) as otherwise it is recommended to use #sendError(AuthenticationSessionModel, Error) NOTE: This method should also validate if provided clientData are valid according to given client (for instance if redirect-uri is valid) as clientData is request parameter, which can be injected to HTTP URLs by anyone.
      Specified by:
      sendError in interface LoginProtocol
      Parameters:
      client - client where to send error
      clientData - clientData with additional protocol specific metadata needed for being able to properly send error with the use of this protocol
      error - error to be used
      Returns:
      response if error was sent. Null if error was not sent.

    • backchannelLogout

      public jakarta.ws.rs.core.Response backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
      Specified by:
      backchannelLogout in interface LoginProtocol

    • frontchannelLogout

      public jakarta.ws.rs.core.Response frontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
      Specified by:
      frontchannelLogout in interface LoginProtocol

    • finishBrowserLogout

      public jakarta.ws.rs.core.Response finishBrowserLogout(UserSessionModel userSession, AuthenticationSessionModel logoutSession)
      Description copied from interface: LoginProtocol
      This method is called when browser logout is going to be finished. It is not triggered during backchannel logout
      Specified by:
      finishBrowserLogout in interface LoginProtocol
      Parameters:
      userSession - user session, which was logged out
      logoutSession - authentication session, which was used during logout to track the logout state
      Returns:
      response to be sent to the client

    • requireReauthentication

      public boolean requireReauthentication(UserSessionModel userSession, AuthenticationSessionModel clientSession)
      Specified by:
      requireReauthentication in interface LoginProtocol
      Returns:
      true if SSO cookie authentication can't be used. User will need to "actively" reauthenticate

    • close

      public void close()
      Specified by:
      close in interface Provider