Package org.keycloak.storage.ldap.mappers

Interface LDAPStorageMapper

    • Method Detail

      • syncDataFromFederationProviderToKeycloak

        SynchronizationResult syncDataFromFederationProviderToKeycloak​(RealmModel realm)
        Sync data from federated storage to Keycloak. It's useful just if mapper needs some data preloaded from federated storage (For example load roles from federated provider and sync them to Keycloak database) Applicable just if sync is supported

      • syncDataFromKeycloakToFederationProvider

        SynchronizationResult syncDataFromKeycloakToFederationProvider​(RealmModel realm)
        Sync data from Keycloak back to federated storage

      • getGroupMembers

        List<UserModel> getGroupMembers​(RealmModel realm,
                                GroupModel group,
                                int firstResult,
                                int maxResults)
        Return empty list if doesn't support storing of groups

      • getRoleMembers

        List<UserModel> getRoleMembers​(RealmModel realm,
                               RoleModel role,
                               int firstResult,
                               int maxResults)
        Return empty list if doesn't support storing of roles
        Parameters:
        realm -
        role -
        firstResult -
        maxResults -
        Returns:

      • onImportUserFromLDAP

        void onImportUserFromLDAP​(LDAPObject ldapUser,
                          UserModel user,
                          RealmModel realm,
                          boolean isCreate)
        Called when importing user from LDAP to local keycloak DB.
        Parameters:
        ldapUser -
        user -
        realm -
        isCreate - true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP

      • onRegisterUserToLDAP

        void onRegisterUserToLDAP​(LDAPObject ldapUser,
                          UserModel localUser,
                          RealmModel realm)
        Called when register new user to LDAP - just after user was created in Keycloak DB
        Parameters:
        ldapUser -
        localUser -
        realm -

      • mandatoryAttributeNames

        Set<String> mandatoryAttributeNames()
        Method that returns the mandatory attributes that this mapper imposes on the entry.
        Returns:
        The list of mandatory attributes or null

      • proxy

        UserModel proxy​(LDAPObject ldapUser,
                UserModel delegate,
                RealmModel realm)
        Called when invoke proxy on LDAP federation provider
        Parameters:
        ldapUser -
        delegate -
        realm -
        Returns:

      • beforeLDAPQuery

        void beforeLDAPQuery​(LDAPQuery query)
        Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)
        Parameters:
        query -

      • onAuthenticationFailure

        boolean onAuthenticationFailure​(LDAPObject ldapUser,
                                UserModel user,
                                AuthenticationException ldapException,
                                RealmModel realm)
        Called when LDAP authentication of specified user fails. If any mapper returns true from this method, AuthenticationException won't be rethrown!
        Parameters:
        user -
        ldapUser -
        ldapException -
        Returns:
        true if mapper processed the AuthenticationException and did some actions based on that. In that case, AuthenticationException won't be rethrown!

      • getLdapProvider

        LDAPStorageProvider getLdapProvider()
        Gets the ldap provider associated to the mapper.
        Returns: