Class MSADLDSUserAccountControlStorageMapper
- java.lang.Object
-
- org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
-
- org.keycloak.storage.ldap.mappers.msadlds.MSADLDSUserAccountControlStorageMapper
-
- All Implemented Interfaces:
Provider,LDAPStorageMapper,PasswordUpdateCallback
public class MSADLDSUserAccountControlStorageMapper extends AbstractLDAPStorageMapper implements PasswordUpdateCallback
Mapper specific to MSAD LDS. It's able to read the msDS-UserAccountDisabled, msDS-UserPasswordExpired and pwdLastSet attributes and set actions in Keycloak based on that. It's also able to handle exception code from LDAP user authentication (See http://www-01.ibm.com/support/docview.wss?uid=swg21290631 )- Author:
- Marek Posolda, Slawomir Dabek
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description classMSADLDSUserAccountControlStorageMapper.MSADUserModelDelegate
-
Field Summary
-
Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
ldapProvider, mapperModel, session
-
-
Constructor Summary
Constructors Constructor Description MSADLDSUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidbeforeLDAPQuery(LDAPQuery query)Called before LDAP Identity query for retrieve LDAP users was executed.LDAPOperationDecoratorbeforePasswordUpdate(UserModel user, LDAPObject ldapUser, UserCredentialModel password)booleanonAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm)Called when LDAP authentication of specified user fails.voidonImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)Called when importing user from LDAP to local keycloak DB.voidonRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)Called when register new user to LDAP - just after user was created in Keycloak DBvoidpasswordUpdated(UserModel user, LDAPObject ldapUser, UserCredentialModel password)voidpasswordUpdateFailed(UserModel user, LDAPObject ldapUser, UserCredentialModel password, ModelException exception)protected booleanprocessAuthErrorCode(String errorCode, UserModel user)protected ModelExceptionprocessFailedPasswordUpdateException(ModelException e)UserModelproxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)Called when invoke proxy on LDAP federation provider-
Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
close, getGroupMembers, getLdapProvider, getRoleMembers, mandatoryAttributeNames, parseBooleanParameter, syncDataFromFederationProviderToKeycloak, syncDataFromKeycloakToFederationProvider
-
-
-
-
Constructor Detail
-
MSADLDSUserAccountControlStorageMapper
public MSADLDSUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider)
-
-
Method Detail
-
beforeLDAPQuery
public void beforeLDAPQuery(LDAPQuery query)
Description copied from interface:LDAPStorageMapperCalled before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)- Specified by:
beforeLDAPQueryin interfaceLDAPStorageMapper
-
beforePasswordUpdate
public LDAPOperationDecorator beforePasswordUpdate(UserModel user, LDAPObject ldapUser, UserCredentialModel password)
- Specified by:
beforePasswordUpdatein interfacePasswordUpdateCallback
-
passwordUpdated
public void passwordUpdated(UserModel user, LDAPObject ldapUser, UserCredentialModel password)
- Specified by:
passwordUpdatedin interfacePasswordUpdateCallback
-
passwordUpdateFailed
public void passwordUpdateFailed(UserModel user, LDAPObject ldapUser, UserCredentialModel password, ModelException exception)
- Specified by:
passwordUpdateFailedin interfacePasswordUpdateCallback
-
proxy
public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)
Description copied from interface:LDAPStorageMapperCalled when invoke proxy on LDAP federation provider- Specified by:
proxyin interfaceLDAPStorageMapper- Returns:
-
onRegisterUserToLDAP
public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)
Description copied from interface:LDAPStorageMapperCalled when register new user to LDAP - just after user was created in Keycloak DB- Specified by:
onRegisterUserToLDAPin interfaceLDAPStorageMapper
-
onImportUserFromLDAP
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)
Description copied from interface:LDAPStorageMapperCalled when importing user from LDAP to local keycloak DB.- Specified by:
onImportUserFromLDAPin interfaceLDAPStorageMapperisCreate- true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP
-
onAuthenticationFailure
public boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm)
Description copied from interface:LDAPStorageMapperCalled when LDAP authentication of specified user fails. If any mapper returns true from this method, AuthenticationException won't be rethrown!- Specified by:
onAuthenticationFailurein interfaceLDAPStorageMapper- Overrides:
onAuthenticationFailurein classAbstractLDAPStorageMapper- Returns:
- true if mapper processed the AuthenticationException and did some actions based on that. In that case, AuthenticationException won't be rethrown!
-
processFailedPasswordUpdateException
protected ModelException processFailedPasswordUpdateException(ModelException e)
-
-