public class KerberosFederationProvider extends Object implements UserStorageProvider, UserLookupProvider.Streams, CredentialInputValidator, CredentialInputUpdater.Streams, CredentialAuthentication, ImportedUserValidation
UserStorageProvider.EditMode
UserLookupProvider.Streams
CredentialInputUpdater.Streams
Modifier and Type | Field and Description |
---|---|
protected KerberosFederationProviderFactory |
factory |
static String |
KERBEROS_PRINCIPAL |
protected KerberosConfig |
kerberosConfig |
protected UserStorageProviderModel |
model |
protected KeycloakSession |
session |
Constructor and Description |
---|
KerberosFederationProvider(KeycloakSession session,
UserStorageProviderModel model,
KerberosFederationProviderFactory factory) |
Modifier and Type | Method and Description |
---|---|
CredentialValidationOutput |
authenticate(RealmModel realm,
CredentialInput input) |
void |
close() |
void |
disableCredentialType(RealmModel realm,
UserModel user,
String credentialType) |
protected UserModel |
findOrCreateAuthenticatedUser(RealmModel realm,
String username)
Called after successful authentication
|
Stream<String> |
getDisableableCredentialTypesStream(RealmModel realm,
UserModel user)
Obtains the set of credential types that can be disabled via
disableCredentialType . |
UserModel |
getUserByEmail(RealmModel realm,
String email)
Returns a user with the given email belonging to the realm
|
UserModel |
getUserById(RealmModel realm,
String id)
Returns a user with the given id belonging to the realm
|
UserModel |
getUserByUsername(RealmModel realm,
String username)
Returns a user with the given username belonging to the realm
|
protected UserModel |
importUserToKeycloak(RealmModel realm,
String username) |
boolean |
isConfiguredFor(RealmModel realm,
UserModel user,
String credentialType) |
boolean |
isValid(RealmModel realm,
UserModel local) |
boolean |
isValid(RealmModel realm,
UserModel user,
CredentialInput input)
Tests whether a credential is valid
|
void |
preRemove(RealmModel realm)
Callback when a realm is removed.
|
void |
preRemove(RealmModel realm,
GroupModel group)
Callback when a group is removed.
|
void |
preRemove(RealmModel realm,
RoleModel role)
Callback when a role is removed.
|
boolean |
supportsCredentialAuthenticationFor(String type) |
boolean |
supportsCredentialType(String credentialType) |
boolean |
updateCredential(RealmModel realm,
UserModel user,
CredentialInput input) |
UserModel |
validate(RealmModel realm,
UserModel user)
If this method returns null, then the user in local storage will be removed
|
protected boolean |
validPassword(String username,
String password) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getUserByEmail, getUserById, getUserByUsername
getDisableableCredentialTypes
public static final String KERBEROS_PRINCIPAL
protected KeycloakSession session
protected UserStorageProviderModel model
protected KerberosConfig kerberosConfig
protected KerberosFederationProviderFactory factory
public KerberosFederationProvider(KeycloakSession session, UserStorageProviderModel model, KerberosFederationProviderFactory factory)
public UserModel validate(RealmModel realm, UserModel user)
ImportedUserValidation
validate
in interface ImportedUserValidation
public UserModel getUserByUsername(RealmModel realm, String username)
UserLookupProvider
getUserByUsername
in interface UserLookupProvider
getUserByUsername
in interface UserLookupProvider.Streams
realm
- the realm modelusername
- case insensitive username (case-sensitivity is controlled by storage)null
if no such user existspublic UserModel getUserByEmail(RealmModel realm, String email)
UserLookupProvider
getUserByEmail
in interface UserLookupProvider
getUserByEmail
in interface UserLookupProvider.Streams
realm
- the realm modelemail
- case insensitive email address (case-sensitivity is controlled by storage)null
if no such user existspublic UserModel getUserById(RealmModel realm, String id)
UserLookupProvider
getUserById
in interface UserLookupProvider
getUserById
in interface UserLookupProvider.Streams
realm
- the realm modelid
- id of the usernull
if no such user existspublic void preRemove(RealmModel realm)
UserStorageProvider
preRemove
in interface UserStorageProvider
public void preRemove(RealmModel realm, RoleModel role)
UserStorageProvider
preRemove
in interface UserStorageProvider
public void preRemove(RealmModel realm, GroupModel group)
UserStorageProvider
preRemove
in interface UserStorageProvider
public boolean isValid(RealmModel realm, UserModel local)
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input)
updateCredential
in interface CredentialInputUpdater
public void disableCredentialType(RealmModel realm, UserModel user, String credentialType)
disableCredentialType
in interface CredentialInputUpdater
public Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
CredentialInputUpdater
disableCredentialType
.getDisableableCredentialTypesStream
in interface CredentialInputUpdater
getDisableableCredentialTypesStream
in interface CredentialInputUpdater.Streams
realm
- a reference to the realm.user
- the user whose credentials are being searched.Stream
of credential types.public boolean supportsCredentialType(String credentialType)
supportsCredentialType
in interface CredentialInputUpdater
supportsCredentialType
in interface CredentialInputValidator
public boolean supportsCredentialAuthenticationFor(String type)
supportsCredentialAuthenticationFor
in interface CredentialAuthentication
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType)
isConfiguredFor
in interface CredentialInputValidator
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input)
CredentialInputValidator
isValid
in interface CredentialInputValidator
realm
- The realm in which to which the credential belongs touser
- The user for which to test the credentialinput
- the credential details to verifypublic CredentialValidationOutput authenticate(RealmModel realm, CredentialInput input)
authenticate
in interface CredentialAuthentication
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
realm
- realmusername
- username without realm prefixprotected UserModel importUserToKeycloak(RealmModel realm, String username)
Copyright © 2021 JBoss by Red Hat. All rights reserved.