Interface IdentityProvider<C extends IdentityProviderModel>

All Superinterfaces:
All Known Subinterfaces:
All Known Implementing Classes:
AbstractIdentityProvider, AbstractOAuth2IdentityProvider, BitbucketIdentityProvider, FacebookIdentityProvider, GitHubIdentityProvider, GitLabIdentityProvider, GoogleIdentityProvider, InstagramIdentityProvider, KeycloakOIDCIdentityProvider, LinkedInIdentityProvider, LinkedInOIDCIdentityProvider, MicrosoftIdentityProvider, OIDCIdentityProvider, OpenshiftV3IdentityProvider, OpenshiftV4IdentityProvider, PayPalIdentityProvider, SAMLIdentityProvider, StackoverflowIdentityProvider, TwitterIdentityProvider

public interface IdentityProvider<C extends IdentityProviderModel> extends Provider
Pedro Igor
  • Field Details

  • Method Details

    • getConfig

      C getConfig()
    • preprocessFederatedIdentity

      void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context)
    • authenticationFinished

      void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
    • importNewUser

      void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)
    • updateBrokeredUser

      void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)
    • callback

      JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.
    • performLogin performLogin(AuthenticationRequest request)

      Initiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.

      request - The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.
    • retrieveToken retrieveToken(KeycloakSession session, FederatedIdentityModel identity)

      Returns a Response containing the token previously stored during the authentication process for a specific user.

      identity -
    • backchannelLogout

      void backchannelLogout(KeycloakSession session, UserSessionModel userSession, uriInfo, RealmModel realm)
    • keycloakInitiatedBrowserLogout keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, uriInfo, RealmModel realm)
      Called when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP
      userSession -
      uriInfo -
      realm -
      null if this is not supported by this provider
    • export export( uriInfo, RealmModel realm, String format)
      Export a representation of the IdentityProvider in a specific format. For example, a SAML EntityDescriptor
    • getMarshaller

      Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession
    • isMapperSupported

      default boolean isMapperSupported(IdentityProviderMapper mapper)
      Checks whether a mapper is supported for this Identity Provider.
    • reloadKeys

      default boolean reloadKeys()
      Reload keys for the identity provider if permitted in it.For example OIDC or SAML providers will reload the keys from the jwks or metadata endpoint.
      true if reloaded, false if not