Class MSADUserAccountControlStorageMapper
java.lang.Object
org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper
- All Implemented Interfaces:
Provider,LDAPStorageMapper,PasswordUpdateCallback
public class MSADUserAccountControlStorageMapper
extends AbstractLDAPStorageMapper
implements PasswordUpdateCallback
Mapper specific to MSAD. It's able to read the userAccountControl and pwdLastSet attributes and set actions in Keycloak based on that.
It's also able to handle exception code from LDAP user authentication (See http://www-01.ibm.com/support/docview.wss?uid=swg21290631 )
- Author:
- Marek Posolda
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsFields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
ldapProvider, mapperModel, session -
Constructor Summary
ConstructorsConstructorDescriptionMSADUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider) -
Method Summary
Modifier and TypeMethodDescriptionvoidbeforeLDAPQuery(LDAPQuery query) Called before LDAP Identity query for retrieve LDAP users was executed.beforePasswordUpdate(UserModel user, LDAPObject ldapUser, UserCredentialModel password) protected UserAccountControlgetUserAccountControl(LDAPObject ldapUser) booleanonAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm) Called when LDAP authentication of specified user fails.voidonImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) Called when importing user from LDAP to local keycloak DB.voidonRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) Called when register new user to LDAP - just after user was created in Keycloak DBvoidpasswordUpdated(UserModel user, LDAPObject ldapUser, UserCredentialModel password) voidpasswordUpdateFailed(UserModel user, LDAPObject ldapUser, UserCredentialModel password, ModelException exception) protected booleanprocessAuthErrorCode(String errorCode, UserModel user) protected ModelExceptionproxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) Called when invoke proxy on LDAP federation providerprotected voidupdateUserAccountControl(boolean updateInLDAP, LDAPObject ldapUser, UserAccountControl accountControl) Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
close, getGroupMembers, getLdapProvider, getRoleMembers, mandatoryAttributeNames, parseBooleanParameter, syncDataFromFederationProviderToKeycloak, syncDataFromKeycloakToFederationProvider
-
Field Details
-
LDAP_PASSWORD_POLICY_HINTS_ENABLED
- See Also:
-
-
Constructor Details
-
MSADUserAccountControlStorageMapper
public MSADUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider)
-
-
Method Details
-
beforeLDAPQuery
Description copied from interface:LDAPStorageMapperCalled before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)- Specified by:
beforeLDAPQueryin interfaceLDAPStorageMapper
-
beforePasswordUpdate
public LDAPOperationDecorator beforePasswordUpdate(UserModel user, LDAPObject ldapUser, UserCredentialModel password) - Specified by:
beforePasswordUpdatein interfacePasswordUpdateCallback
-
passwordUpdated
- Specified by:
passwordUpdatedin interfacePasswordUpdateCallback
-
passwordUpdateFailed
public void passwordUpdateFailed(UserModel user, LDAPObject ldapUser, UserCredentialModel password, ModelException exception) - Specified by:
passwordUpdateFailedin interfacePasswordUpdateCallback
-
proxy
Description copied from interface:LDAPStorageMapperCalled when invoke proxy on LDAP federation provider- Specified by:
proxyin interfaceLDAPStorageMapper- Returns:
-
onRegisterUserToLDAP
Description copied from interface:LDAPStorageMapperCalled when register new user to LDAP - just after user was created in Keycloak DB- Specified by:
onRegisterUserToLDAPin interfaceLDAPStorageMapper
-
onImportUserFromLDAP
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) Description copied from interface:LDAPStorageMapperCalled when importing user from LDAP to local keycloak DB.- Specified by:
onImportUserFromLDAPin interfaceLDAPStorageMapperisCreate- true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP
-
onAuthenticationFailure
public boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm) Description copied from interface:LDAPStorageMapperCalled when LDAP authentication of specified user fails. If any mapper returns true from this method, AuthenticationException won't be rethrown!- Specified by:
onAuthenticationFailurein interfaceLDAPStorageMapper- Overrides:
onAuthenticationFailurein classAbstractLDAPStorageMapper- Returns:
- true if mapper processed the AuthenticationException and did some actions based on that. In that case, AuthenticationException won't be rethrown!
-
processAuthErrorCode
-
processFailedPasswordUpdateException
-
getUserAccountControl
-
updateUserAccountControl
protected void updateUserAccountControl(boolean updateInLDAP, LDAPObject ldapUser, UserAccountControl accountControl)
-