java.lang.Object
- org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
- - org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper

All Implemented Interfaces:

Provider, LDAPStorageMapper, PasswordUpdateCallback
```
public class MSADUserAccountControlStorageMapper
extends AbstractLDAPStorageMapper
implements PasswordUpdateCallback
```
Mapper specific to MSAD. It's able to read the userAccountControl and pwdLastSet attributes and set actions in Keycloak based on that. It's also able to handle exception code from LDAP user authentication (See http://www-01.ibm.com/support/docview.wss?uid=swg21290631 )

Author:

Marek Posolda

Nested Class Summary

Nested Classes
Modifier and Type Class Description

class MSADUserAccountControlStorageMapper.MSADUserModelDelegate

Field Summary

Fields
Modifier and Type Field Description

static String LDAP_PASSWORD_POLICY_HINTS_ENABLED
- Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
  ldapProvider, mapperModel, session

Constructor Summary

Constructors
Constructor Description

MSADUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`beforeLDAPQuery(LDAPQuery query)`	Called before LDAP Identity query for retrieve LDAP users was executed.
`LDAPOperationDecorator`	`beforePasswordUpdate(UserModel user, LDAPObject ldapUser, UserCredentialModel password)`
`protected UserAccountControl`	`getUserAccountControl(LDAPObject ldapUser)`
`boolean`	`onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm)`	Called when LDAP authentication of specified user fails.
`void`	`onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)`	Called when importing user from LDAP to local keycloak DB.
`void`	`onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)`	Called when register new user to LDAP - just after user was created in Keycloak DB
`void`	`passwordUpdated(UserModel user, LDAPObject ldapUser, UserCredentialModel password)`
`void`	`passwordUpdateFailed(UserModel user, LDAPObject ldapUser, UserCredentialModel password, ModelException exception)`
`protected boolean`	`processAuthErrorCode(String errorCode, UserModel user)`
`protected ModelException`	`processFailedPasswordUpdateException(ModelException e)`
`UserModel`	`proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)`	Called when invoke proxy on LDAP federation provider
`protected void`	`updateUserAccountControl(boolean updateInLDAP, LDAPObject ldapUser, UserAccountControl accountControl)`

Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
close, getGroupMembers, getLdapProvider, getRoleMembers, mandatoryAttributeNames, parseBooleanParameter, syncDataFromFederationProviderToKeycloak, syncDataFromKeycloakToFederationProvider

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- LDAP_PASSWORD_POLICY_HINTS_ENABLED
```
public static final String LDAP_PASSWORD_POLICY_HINTS_ENABLED
```
  See Also:
  
  Constant Field Values

Constructor Detail

MSADUserAccountControlStorageMapper

public MSADUserAccountControlStorageMapper(ComponentModel mapperModel,
                                           LDAPStorageProvider ldapProvider)

Method Detail

beforeLDAPQuery
```
public void beforeLDAPQuery(LDAPQuery query)
```
Description copied from interface: LDAPStorageMapper

Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)

Specified by:

beforeLDAPQuery in interface LDAPStorageMapper

beforePasswordUpdate

public LDAPOperationDecorator beforePasswordUpdate(UserModel user,
                                                   LDAPObject ldapUser,
                                                   UserCredentialModel password)

Specified by:: beforePasswordUpdate in interface PasswordUpdateCallback

passwordUpdated

public void passwordUpdated(UserModel user,
                            LDAPObject ldapUser,
                            UserCredentialModel password)

Specified by:: passwordUpdated in interface PasswordUpdateCallback

passwordUpdateFailed

public void passwordUpdateFailed(UserModel user,
                                 LDAPObject ldapUser,
                                 UserCredentialModel password,
                                 ModelException exception)

Specified by:: passwordUpdateFailed in interface PasswordUpdateCallback

proxy

public UserModel proxy(LDAPObject ldapUser,
                       UserModel delegate,
                       RealmModel realm)

Description copied from interface: LDAPStorageMapper

Called when invoke proxy on LDAP federation provider

Specified by:: proxy in interface LDAPStorageMapper
Returns:

onRegisterUserToLDAP

public void onRegisterUserToLDAP(LDAPObject ldapUser,
                                 UserModel localUser,
                                 RealmModel realm)

Description copied from interface: LDAPStorageMapper

Called when register new user to LDAP - just after user was created in Keycloak DB

Specified by:: onRegisterUserToLDAP in interface LDAPStorageMapper

onImportUserFromLDAP
```
public void onImportUserFromLDAP(LDAPObject ldapUser,
                                 UserModel user,
                                 RealmModel realm,
                                 boolean isCreate)
```
Description copied from interface: LDAPStorageMapper

Called when importing user from LDAP to local keycloak DB.

Specified by:

onImportUserFromLDAP in interface LDAPStorageMapper

isCreate - true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP

onAuthenticationFailure
```
public boolean onAuthenticationFailure(LDAPObject ldapUser,
                                       UserModel user,
                                       AuthenticationException ldapException,
                                       RealmModel realm)
```
Description copied from interface: LDAPStorageMapper

Called when LDAP authentication of specified user fails. If any mapper returns true from this method, AuthenticationException won't be rethrown!

Specified by:

onAuthenticationFailure in interface LDAPStorageMapper

Overrides:

onAuthenticationFailure in class AbstractLDAPStorageMapper

Returns:

true if mapper processed the AuthenticationException and did some actions based on that. In that case, AuthenticationException won't be rethrown!

processAuthErrorCode

protected boolean processAuthErrorCode(String errorCode,
                                       UserModel user)

processFailedPasswordUpdateException

protected ModelException processFailedPasswordUpdateException(ModelException e)

getUserAccountControl

protected UserAccountControl getUserAccountControl(LDAPObject ldapUser)

updateUserAccountControl

protected void updateUserAccountControl(boolean updateInLDAP,
                                        LDAPObject ldapUser,
                                        UserAccountControl accountControl)

Class MSADUserAccountControlStorageMapper

Nested Class Summary

Field Summary

Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

Methods inherited from class java.lang.Object

Field Detail

LDAP_PASSWORD_POLICY_HINTS_ENABLED