Interface ClientAuthenticatorFactory

All Superinterfaces:
ConfigurableAuthenticatorFactory, ConfiguredProvider, ProviderFactory<ClientAuthenticator>
All Known Implementing Classes:
AbstractClientAuthenticator, ClientIdAndSecretAuthenticator, JWTClientAuthenticator, JWTClientSecretAuthenticator, X509ClientAuthenticator

public interface ClientAuthenticatorFactory extends ProviderFactory<ClientAuthenticator>, ConfigurableAuthenticatorFactory
Factory for creating ClientAuthenticator instances. This is a singleton and created when Keycloak boots. You must specify a file META-INF/services/org.keycloak.authentication.ClientAuthenticatorFactory in the jar that this class is contained in This file must have the fully qualified class name of all your ClientAuthenticatorFactory classes
Marek Posolda
  • Method Details

    • create

    • isConfigurable

      boolean isConfigurable()
      Is this authenticator configurable globally?
      Specified by:
      isConfigurable in interface ConfigurableAuthenticatorFactory
    • getConfigPropertiesPerClient

      List<ProviderConfigProperty> getConfigPropertiesPerClient()
      List of config properties for this client implementation. Those will be shown in admin console in clients credentials tab and can be configured per client. Applicable only if "isConfigurablePerClient" is true
    • getAdapterConfiguration

      Map<String,Object> getAdapterConfiguration(ClientModel client)
      Get configuration, which needs to be used for adapter ( keycloak.json ) of particular client. Some implementations may return just template and user needs to edit the values according to his environment (For example fill the location of keystore file)
    • getProtocolAuthenticatorMethods

      Set<String> getProtocolAuthenticatorMethods(String loginProtocol)
      Get authentication methods for the specified protocol
      loginProtocol - corresponds to ProviderFactory.getId()
      name of supported client authenticator methods in the protocol specific "language"
    • supportsSecret

      default boolean supportsSecret()
      Is this authenticator supports client secret?
      if it supports secret