Authenticator (Keycloak Docs Distribution 11.0.3 API)

All Superinterfaces:

Provider

All Known Subinterfaces:

ConditionalAuthenticator

All Known Implementing Classes:

AbstractDirectGrantAuthenticator, AbstractFormAuthenticator, AbstractIdpAuthenticator, AbstractSetRequiredActionAuthenticator, AbstractUsernameFormAuthenticator, AbstractX509ClientCertificateAuthenticator, AbstractX509ClientCertificateDirectGrantAuthenticator, AttemptedAuthenticator, BasicAuthAuthenticator, BasicAuthOTPAuthenticator, CliUsernamePasswordAuthenticator, ConditionalOtpFormAuthenticator, ConditionalRoleAuthenticator, ConditionalUserConfiguredAuthenticator, ConsoleOTPFormAuthenticator, ConsolePasswordAuthenticator, ConsoleUsernameAuthenticator, ConsoleUsernamePasswordAuthenticator, CookieAuthenticator, DockerAuthenticator, HttpBasicAuthenticator, IdentityProviderAuthenticator, IdpAutoLinkAuthenticator, IdpConfirmLinkAuthenticator, IdpCreateUserIfUniqueAuthenticator, IdpEmailVerificationAuthenticator, IdpReviewProfileAuthenticator, IdpUsernamePasswordForm, NoCookieFlowRedirectAuthenticator, OTPFormAuthenticator, PasswordForm, ResetCredentialChooseUser, ResetCredentialEmail, ResetOTP, ResetPassword, ScriptBasedAuthenticator, SpnegoAuthenticator, UsernameForm, UsernamePasswordForm, ValidateOTP, ValidatePassword, ValidateUsername, ValidateX509CertificateUsername, WebAuthnAuthenticator, WebAuthnPasswordlessAuthenticator, X509ClientCertificateAuthenticator
```
public interface Authenticator
extends Provider
```
This interface is for users that want to add custom authenticators to an authentication flow. You must implement this interface as well as an AuthenticatorFactory.

Version:

$Revision: 1 $

Author:

Bill Burke

Method Summary

All Methods Instance Methods Abstract Methods Default Methods
Modifier and Type	Method and Description
`void`	`action(AuthenticationFlowContext context)` Called from a form action invocation.
`default boolean`	`areRequiredActionsEnabled(KeycloakSession session, RealmModel realm)` Checks if all required actions are configured in the realm and are enabled
`void`	`authenticate(AuthenticationFlowContext context)` Initial call for the authenticator.
`boolean`	`configuredFor(KeycloakSession session, RealmModel realm, UserModel user)` Is this authenticator configured for this user.
`default List<RequiredActionFactory>`	`getRequiredActions(KeycloakSession session)` Overwrite this if the authenticator is associated with
`boolean`	`requiresUser()` Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?
`void`	`setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)` Set actions to configure authenticator

Methods inherited from interface org.keycloak.provider.Provider
close

- Method Detail
  - authenticate
```
void authenticate(AuthenticationFlowContext context)
```
    Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.
    
    Parameters:
    
    context -
  - action
```
void action(AuthenticationFlowContext context)
```
    Called from a form action invocation.
    
    Parameters:
    
    context -
  - requiresUser
```
boolean requiresUser()
```
    Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?
    
    Returns:
  - configuredFor
```
boolean configuredFor(KeycloakSession session,
                      RealmModel realm,
                      UserModel user)
```
    Is this authenticator configured for this user.
    
    Parameters:
    
    session -
    
    realm -
    
    user -
    
    Returns:
  - setRequiredActions
```
void setRequiredActions(KeycloakSession session,
                        RealmModel realm,
                        UserModel user)
```
    Set actions to configure authenticator
  - getRequiredActions
```
default List<RequiredActionFactory> getRequiredActions(KeycloakSession session)
```
    Overwrite this if the authenticator is associated with
    
    Returns:
  - areRequiredActionsEnabled
```
default boolean areRequiredActionsEnabled(KeycloakSession session,
                                          RealmModel realm)
```
    Checks if all required actions are configured in the realm and are enabled
    
    Returns:

Interface Authenticator

Method Summary

Methods inherited from interface org.keycloak.provider.Provider

Method Detail

authenticate

action

requiresUser

configuredFor

setRequiredActions

getRequiredActions

areRequiredActionsEnabled