public class AuthenticationManager extends Object
Modifier and Type | Class and Description |
---|---|
static class |
AuthenticationManager.AuthenticationStatus |
static class |
AuthenticationManager.AuthResult |
Modifier and Type | Field and Description |
---|---|
static String |
AUTH_TIME |
static String |
CLIENT_LOGOUT_STATE
Auth session note on client logout state (when logging out)
|
static String |
END_AFTER_REQUIRED_ACTIONS |
static String |
FORM_USERNAME |
static String |
INVALIDATE_ACTION_TOKEN |
static String |
KEYCLOAK_IDENTITY_COOKIE |
static String |
KEYCLOAK_LOGOUT_PROTOCOL |
static String |
KEYCLOAK_REMEMBER_ME |
static String |
KEYCLOAK_SESSION_COOKIE |
protected static org.jboss.logging.Logger |
logger |
static String |
SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS |
static String |
SSO_AUTH |
static String |
USER_SESSION_PERSISTENT_STATE
Auth session note, which indicates if user session will be persistent (Saved to real persistent store) or
transient (transient session will be scoped to single request and hence there is no need to save it in the underlying store)
|
Constructor and Description |
---|
AuthenticationManager() |
Modifier and Type | Method and Description |
---|---|
static javax.ws.rs.core.Response |
actionRequired(KeycloakSession session,
AuthenticationSessionModel authSession,
org.jboss.resteasy.spi.HttpRequest request,
EventBuilder event) |
AuthenticationManager.AuthResult |
authenticateIdentityCookie(KeycloakSession session,
RealmModel realm) |
static AuthenticationManager.AuthResult |
authenticateIdentityCookie(KeycloakSession session,
RealmModel realm,
boolean checkActive) |
static BackchannelLogoutResponse |
backchannelLogout(KeycloakSession session,
RealmModel realm,
UserSessionModel userSession,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection,
javax.ws.rs.core.HttpHeaders headers,
boolean logoutBroker) |
static BackchannelLogoutResponse |
backchannelLogout(KeycloakSession session,
RealmModel realm,
UserSessionModel userSession,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection,
javax.ws.rs.core.HttpHeaders headers,
boolean logoutBroker,
boolean offlineSession) |
static void |
backchannelLogout(KeycloakSession session,
UserSessionModel userSession,
boolean logoutBroker) |
static void |
backchannelLogoutUserFromClient(KeycloakSession session,
RealmModel realm,
UserModel user,
ClientModel client,
javax.ws.rs.core.UriInfo uriInfo,
javax.ws.rs.core.HttpHeaders headers)
Logout all clientSessions of this user and client
|
static javax.ws.rs.core.Response |
browserLogout(KeycloakSession session,
RealmModel realm,
UserSessionModel userSession,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection,
javax.ws.rs.core.HttpHeaders headers,
String initiatingIdp) |
static IdentityCookieToken |
createIdentityToken(KeycloakSession keycloakSession,
RealmModel realm,
UserModel user,
UserSessionModel session,
String issuer) |
static void |
createLoginCookie(KeycloakSession keycloakSession,
RealmModel realm,
UserModel user,
UserSessionModel session,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection) |
static void |
createRememberMeCookie(RealmModel realm,
String username,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection) |
static RequiredActionProvider |
createRequiredAction(RequiredActionContextResult context) |
static void |
evaluateRequiredActionTriggers(KeycloakSession session,
AuthenticationSessionModel authSession,
org.jboss.resteasy.spi.HttpRequest request,
EventBuilder event,
RealmModel realm,
UserModel user) |
protected static javax.ws.rs.core.Response |
executionActions(KeycloakSession session,
AuthenticationSessionModel authSession,
org.jboss.resteasy.spi.HttpRequest request,
EventBuilder event,
RealmModel realm,
UserModel user,
Stream<String> requiredActions) |
static void |
expireCookie(RealmModel realm,
String cookieName,
String path,
boolean httpOnly,
ClientConnection connection,
ServerCookie.SameSiteAttributeValue sameSite) |
static void |
expireIdentityCookie(RealmModel realm,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection) |
static void |
expireOldAuthSessionCookie(RealmModel realm,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection) |
static void |
expireOldIdentityCookie(RealmModel realm,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection) |
static void |
expireRememberMeCookie(RealmModel realm,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection) |
static boolean |
expireUserSessionCookie(KeycloakSession session,
UserSessionModel userSession,
RealmModel realm,
javax.ws.rs.core.UriInfo uriInfo,
javax.ws.rs.core.HttpHeaders headers,
ClientConnection connection) |
static javax.ws.rs.core.Response |
finishBrowserLogout(KeycloakSession session,
RealmModel realm,
UserSessionModel userSession,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection,
javax.ws.rs.core.HttpHeaders headers) |
static javax.ws.rs.core.Response |
finishedRequiredActions(KeycloakSession session,
AuthenticationSessionModel authSession,
UserSessionModel userSession,
ClientConnection clientConnection,
org.jboss.resteasy.spi.HttpRequest request,
javax.ws.rs.core.UriInfo uriInfo,
EventBuilder event) |
static void |
finishUnconfirmedUserSession(KeycloakSession session,
RealmModel realm,
UserSessionModel userSessionModel) |
static String |
getAccountCookiePath(RealmModel realm,
javax.ws.rs.core.UriInfo uriInfo) |
static CommonClientSessionModel.Action |
getClientLogoutAction(AuthenticationSessionModel logoutAuthSession,
String clientUuid)
Returns the logout state of the particular client as per the
logoutAuthSession |
protected static String |
getIdentityCookiePath(RealmModel realm,
javax.ws.rs.core.UriInfo uriInfo) |
static String |
getOldCookiePath(RealmModel realm,
javax.ws.rs.core.UriInfo uriInfo) |
static String |
getRealmCookiePath(RealmModel realm,
javax.ws.rs.core.UriInfo uriInfo) |
static String |
getRememberMeUsername(RealmModel realm,
javax.ws.rs.core.HttpHeaders headers) |
static String |
getSessionIdFromSessionCookie(KeycloakSession session) |
static boolean |
isOfflineSessionValid(RealmModel realm,
UserSessionModel userSession) |
static boolean |
isSessionValid(RealmModel realm,
UserSessionModel userSession) |
static boolean |
isSSOAuthentication(AuthenticatedClientSessionModel clientSession) |
static void |
logSuccess(KeycloakSession session,
AuthenticationSessionModel authSession) |
static UserModel |
lookupUserForBruteForceLog(KeycloakSession session,
RealmModel realm,
AuthenticationSessionModel authenticationSession) |
static javax.ws.rs.core.Response |
nextActionAfterAuthentication(KeycloakSession session,
AuthenticationSessionModel authSession,
ClientConnection clientConnection,
org.jboss.resteasy.spi.HttpRequest request,
javax.ws.rs.core.UriInfo uriInfo,
EventBuilder event) |
static String |
nextRequiredAction(KeycloakSession session,
AuthenticationSessionModel authSession,
org.jboss.resteasy.spi.HttpRequest request,
EventBuilder event) |
static javax.ws.rs.core.Response |
redirectAfterSuccessfulFlow(KeycloakSession session,
RealmModel realm,
UserSessionModel userSession,
ClientSessionContext clientSessionCtx,
org.jboss.resteasy.spi.HttpRequest request,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection clientConnection,
EventBuilder event,
AuthenticationSessionModel authSession) |
static javax.ws.rs.core.Response |
redirectAfterSuccessfulFlow(KeycloakSession session,
RealmModel realm,
UserSessionModel userSession,
ClientSessionContext clientSessionCtx,
org.jboss.resteasy.spi.HttpRequest request,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection clientConnection,
EventBuilder event,
AuthenticationSessionModel authSession,
LoginProtocol protocol) |
static javax.ws.rs.core.Response |
redirectToRequiredActions(KeycloakSession session,
RealmModel realm,
AuthenticationSessionModel authSession,
javax.ws.rs.core.UriInfo uriInfo,
String requiredAction) |
static void |
setClientLogoutAction(AuthenticationSessionModel logoutAuthSession,
String clientUuid,
CommonClientSessionModel.Action action)
Sets logout state of the particular client into the
logoutAuthSession |
static void |
setClientScopesInSession(AuthenticationSessionModel authSession) |
static void |
setKcActionStatus(String executedProviderId,
RequiredActionContext.KcActionStatus status,
AuthenticationSessionModel authSession) |
static AuthenticationManager.AuthResult |
verifyIdentityToken(KeycloakSession session,
RealmModel realm,
javax.ws.rs.core.UriInfo uriInfo,
ClientConnection connection,
boolean checkActive,
boolean checkTokenType,
String checkAudience,
boolean isCookie,
String tokenString,
javax.ws.rs.core.HttpHeaders headers,
TokenVerifier.Predicate<? super AccessToken>... additionalChecks) |
public static final String SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS
public static final String END_AFTER_REQUIRED_ACTIONS
public static final String INVALIDATE_ACTION_TOKEN
public static final String USER_SESSION_PERSISTENT_STATE
public static final String CLIENT_LOGOUT_STATE
public static final String AUTH_TIME
public static final String SSO_AUTH
protected static final org.jboss.logging.Logger logger
public static final String FORM_USERNAME
public static final String KEYCLOAK_IDENTITY_COOKIE
public static final String KEYCLOAK_SESSION_COOKIE
public static final String KEYCLOAK_REMEMBER_ME
public static final String KEYCLOAK_LOGOUT_PROTOCOL
public static boolean isSessionValid(RealmModel realm, UserSessionModel userSession)
public static boolean isOfflineSessionValid(RealmModel realm, UserSessionModel userSession)
public static boolean expireUserSessionCookie(KeycloakSession session, UserSessionModel userSession, RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, javax.ws.rs.core.HttpHeaders headers, ClientConnection connection)
public static void backchannelLogout(KeycloakSession session, UserSessionModel userSession, boolean logoutBroker)
public static BackchannelLogoutResponse backchannelLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection, javax.ws.rs.core.HttpHeaders headers, boolean logoutBroker)
public static BackchannelLogoutResponse backchannelLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection, javax.ws.rs.core.HttpHeaders headers, boolean logoutBroker, boolean offlineSession)
session
- realm
- userSession
- uriInfo
- connection
- headers
- logoutBroker
- offlineSession
- public static void setClientLogoutAction(AuthenticationSessionModel logoutAuthSession, String clientUuid, CommonClientSessionModel.Action action)
logoutAuthSession
logoutAuthSession
- logoutAuthSession. May be null
in which case this is a no-op.clientUuid
- Client. Must not be null
action
- public static CommonClientSessionModel.Action getClientLogoutAction(AuthenticationSessionModel logoutAuthSession, String clientUuid)
logoutAuthSession
logoutAuthSession
- logoutAuthSession. May be null
in which case this is a no-op.clientUuid
- Internal ID of the client. Must not be null
null
otherwise.public static void backchannelLogoutUserFromClient(KeycloakSession session, RealmModel realm, UserModel user, ClientModel client, javax.ws.rs.core.UriInfo uriInfo, javax.ws.rs.core.HttpHeaders headers)
session
- realm
- user
- client
- uriInfo
- headers
- public static javax.ws.rs.core.Response browserLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection, javax.ws.rs.core.HttpHeaders headers, String initiatingIdp)
public static javax.ws.rs.core.Response finishBrowserLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection, javax.ws.rs.core.HttpHeaders headers)
public static void finishUnconfirmedUserSession(KeycloakSession session, RealmModel realm, UserSessionModel userSessionModel)
public static IdentityCookieToken createIdentityToken(KeycloakSession keycloakSession, RealmModel realm, UserModel user, UserSessionModel session, String issuer)
public static void createLoginCookie(KeycloakSession keycloakSession, RealmModel realm, UserModel user, UserSessionModel session, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection)
public static void createRememberMeCookie(RealmModel realm, String username, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection)
public static String getRememberMeUsername(RealmModel realm, javax.ws.rs.core.HttpHeaders headers)
public static void expireIdentityCookie(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection)
public static void expireOldIdentityCookie(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection)
public static void expireRememberMeCookie(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection)
public static void expireOldAuthSessionCookie(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection)
protected static String getIdentityCookiePath(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo)
public static String getRealmCookiePath(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo)
public static String getOldCookiePath(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo)
public static String getAccountCookiePath(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo)
public static void expireCookie(RealmModel realm, String cookieName, String path, boolean httpOnly, ClientConnection connection, ServerCookie.SameSiteAttributeValue sameSite)
public AuthenticationManager.AuthResult authenticateIdentityCookie(KeycloakSession session, RealmModel realm)
public static AuthenticationManager.AuthResult authenticateIdentityCookie(KeycloakSession session, RealmModel realm, boolean checkActive)
public static javax.ws.rs.core.Response redirectAfterSuccessfulFlow(KeycloakSession session, RealmModel realm, UserSessionModel userSession, ClientSessionContext clientSessionCtx, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, ClientConnection clientConnection, EventBuilder event, AuthenticationSessionModel authSession)
public static javax.ws.rs.core.Response redirectAfterSuccessfulFlow(KeycloakSession session, RealmModel realm, UserSessionModel userSession, ClientSessionContext clientSessionCtx, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, ClientConnection clientConnection, EventBuilder event, AuthenticationSessionModel authSession, LoginProtocol protocol)
public static String getSessionIdFromSessionCookie(KeycloakSession session)
public static boolean isSSOAuthentication(AuthenticatedClientSessionModel clientSession)
public static javax.ws.rs.core.Response nextActionAfterAuthentication(KeycloakSession session, AuthenticationSessionModel authSession, ClientConnection clientConnection, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, EventBuilder event)
public static javax.ws.rs.core.Response redirectToRequiredActions(KeycloakSession session, RealmModel realm, AuthenticationSessionModel authSession, javax.ws.rs.core.UriInfo uriInfo, String requiredAction)
public static javax.ws.rs.core.Response finishedRequiredActions(KeycloakSession session, AuthenticationSessionModel authSession, UserSessionModel userSession, ClientConnection clientConnection, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, EventBuilder event)
public static String nextRequiredAction(KeycloakSession session, AuthenticationSessionModel authSession, org.jboss.resteasy.spi.HttpRequest request, EventBuilder event)
public static javax.ws.rs.core.Response actionRequired(KeycloakSession session, AuthenticationSessionModel authSession, org.jboss.resteasy.spi.HttpRequest request, EventBuilder event)
public static void setClientScopesInSession(AuthenticationSessionModel authSession)
public static RequiredActionProvider createRequiredAction(RequiredActionContextResult context)
protected static javax.ws.rs.core.Response executionActions(KeycloakSession session, AuthenticationSessionModel authSession, org.jboss.resteasy.spi.HttpRequest request, EventBuilder event, RealmModel realm, UserModel user, Stream<String> requiredActions)
public static void evaluateRequiredActionTriggers(KeycloakSession session, AuthenticationSessionModel authSession, org.jboss.resteasy.spi.HttpRequest request, EventBuilder event, RealmModel realm, UserModel user)
public static AuthenticationManager.AuthResult verifyIdentityToken(KeycloakSession session, RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, ClientConnection connection, boolean checkActive, boolean checkTokenType, String checkAudience, boolean isCookie, String tokenString, javax.ws.rs.core.HttpHeaders headers, TokenVerifier.Predicate<? super AccessToken>... additionalChecks)
public static void setKcActionStatus(String executedProviderId, RequiredActionContext.KcActionStatus status, AuthenticationSessionModel authSession)
public static void logSuccess(KeycloakSession session, AuthenticationSessionModel authSession)
public static UserModel lookupUserForBruteForceLog(KeycloakSession session, RealmModel realm, AuthenticationSessionModel authenticationSession)
Copyright © 2021 JBoss by Red Hat. All rights reserved.