Package org.keycloak.federation.kerberos
Class KerberosFederationProvider
java.lang.Object
org.keycloak.federation.kerberos.KerberosFederationProvider
- All Implemented Interfaces:
CredentialAuthentication,CredentialInputUpdater,CredentialInputValidator,Provider,ImportedUserValidation,UserLookupProvider,UserStorageProvider
public class KerberosFederationProvider
extends Object
implements UserStorageProvider, UserLookupProvider, CredentialInputValidator, CredentialInputUpdater, CredentialAuthentication, ImportedUserValidation
- Author:
- Marek Posolda
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.keycloak.storage.UserStorageProvider
UserStorageProvider.EditMode -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected KerberosFederationProviderFactorystatic final Stringprotected KerberosConfigprotected UserStorageProviderModelprotected KeycloakSession -
Constructor Summary
ConstructorsConstructorDescriptionKerberosFederationProvider(KeycloakSession session, UserStorageProviderModel model, KerberosFederationProviderFactory factory) -
Method Summary
Modifier and TypeMethodDescriptionauthenticate(RealmModel realm, CredentialInput input) voidclose()voiddisableCredentialType(RealmModel realm, UserModel user, String credentialType) protected UserModelfindOrCreateAuthenticatedUser(RealmModel realm, KerberosPrincipal kerberosPrincipal) Called after successful authenticationgetDisableableCredentialTypesStream(RealmModel realm, UserModel user) Obtains the set of credential types that can be disabled viadisableCredentialType.getUserByEmail(RealmModel realm, String email) Returns a user with the given email belonging to the realmgetUserById(RealmModel realm, String id) Returns a user with the given id belonging to the realmgetUserByUsername(RealmModel realm, String username) Exact search for a user by its username.protected UserModelimportUserToKeycloak(RealmModel realm, KerberosPrincipal kerberosPrincipal) booleanisConfiguredFor(RealmModel realm, UserModel user, String credentialType) booleanisValid(RealmModel realm, UserModel user, CredentialInput input) Tests whether a credential is validvoidpreRemove(RealmModel realm) Callback when a realm is removed.voidpreRemove(RealmModel realm, GroupModel group) Callback when a group is removed.voidpreRemove(RealmModel realm, RoleModel role) Callback when a role is removed.booleanbooleansupportsCredentialType(String credentialType) toString()booleanupdateCredential(RealmModel realm, UserModel user, CredentialInput input) validate(RealmModel realm, UserModel user) If this method returns null, then the user in local storage will be removedprotected booleanvalidPassword(String kerberosPrincipal, String password) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.keycloak.storage.user.UserLookupProvider
getUserByCredential
-
Field Details
-
KERBEROS_PRINCIPAL
- See Also:
-
session
-
model
-
kerberosConfig
-
factory
-
-
Constructor Details
-
KerberosFederationProvider
public KerberosFederationProvider(KeycloakSession session, UserStorageProviderModel model, KerberosFederationProviderFactory factory)
-
-
Method Details
-
validate
Description copied from interface:ImportedUserValidationIf this method returns null, then the user in local storage will be removed- Specified by:
validatein interfaceImportedUserValidation- Returns:
- null if user no longer valid
-
getUserByUsername
Description copied from interface:UserLookupProviderExact search for a user by its username. Returns a user with the given username belonging to the realm- Specified by:
getUserByUsernamein interfaceUserLookupProvider- Parameters:
realm- the realm modelusername- (case-sensitivity is controlled by storage)- Returns:
- found user model, or
nullif no such user exists
-
getUserByEmail
Description copied from interface:UserLookupProviderReturns a user with the given email belonging to the realm- Specified by:
getUserByEmailin interfaceUserLookupProvider- Parameters:
realm- the realm modelemail- email address- Returns:
- found user model, or
nullif no such user exists
-
getUserById
Description copied from interface:UserLookupProviderReturns a user with the given id belonging to the realm- Specified by:
getUserByIdin interfaceUserLookupProvider- Parameters:
realm- the realm modelid- id of the user- Returns:
- found user model, or
nullif no such user exists
-
preRemove
Description copied from interface:UserStorageProviderCallback when a realm is removed. Implement this if, for example, you want to do some cleanup in your user storage when a realm is removed- Specified by:
preRemovein interfaceUserStorageProvider
-
preRemove
Description copied from interface:UserStorageProviderCallback when a role is removed. Allows you to do things like remove a user role mapping in your external store if appropriate- Specified by:
preRemovein interfaceUserStorageProvider
-
preRemove
Description copied from interface:UserStorageProviderCallback when a group is removed. Allows you to do things like remove a user group mapping in your external store if appropriate- Specified by:
preRemovein interfaceUserStorageProvider
-
updateCredential
- Specified by:
updateCredentialin interfaceCredentialInputUpdater
-
disableCredentialType
- Specified by:
disableCredentialTypein interfaceCredentialInputUpdater
-
getDisableableCredentialTypesStream
Description copied from interface:CredentialInputUpdaterObtains the set of credential types that can be disabled viadisableCredentialType.- Specified by:
getDisableableCredentialTypesStreamin interfaceCredentialInputUpdater- Parameters:
realm- a reference to the realm.user- the user whose credentials are being searched.- Returns:
- a non-null
Streamof credential types.
-
supportsCredentialType
- Specified by:
supportsCredentialTypein interfaceCredentialInputUpdater- Specified by:
supportsCredentialTypein interfaceCredentialInputValidator
-
supportsCredentialAuthenticationFor
- Specified by:
supportsCredentialAuthenticationForin interfaceCredentialAuthentication
-
isConfiguredFor
- Specified by:
isConfiguredForin interfaceCredentialInputValidator
-
isValid
Description copied from interface:CredentialInputValidatorTests whether a credential is valid- Specified by:
isValidin interfaceCredentialInputValidator- Parameters:
realm- The realm in which to which the credential belongs touser- The user for which to test the credentialinput- the credential details to verify- Returns:
- true if the passed secret is correct
-
validPassword
-
authenticate
- Specified by:
authenticatein interfaceCredentialAuthentication
-
close
public void close() -
findOrCreateAuthenticatedUser
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, KerberosPrincipal kerberosPrincipal) Called after successful authentication- Parameters:
realm- realmkerberosPrincipal-- Returns:
- user if found or successfully created. Null if user with same username already exists, but is not linked to this provider
-
importUserToKeycloak
-
toString
-