Package org.keycloak.storage.ldap.mappers

Class AbstractLDAPStorageMapper

java.lang.Object

org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper

All Implemented Interfaces:

Provider, LDAPStorageMapper

Direct Known Subclasses:

FullNameLDAPStorageMapper, GroupLDAPStorageMapper, HardcodedAttributeMapper, HardcodedLDAPAttributeMapper, HardcodedLDAPGroupStorageMapper, HardcodedLDAPRoleStorageMapper, KerberosPrincipalAttributeMapper, MSADLDSUserAccountControlStorageMapper, MSADUserAccountControlStorageMapper, RoleLDAPStorageMapper, UserAttributeLDAPStorageMapper

public abstract class AbstractLDAPStorageMapper
extends Object
implements LDAPStorageMapper

Stateful per-request object

Author:

Marek Posolda

Field Summary

Fields

Modifier and Type	Field	Description
protected final LDAPStorageProvider	ldapProvider
protected final ComponentModel	mapperModel
protected final KeycloakSession	session

Constructor Summary

Constructors

Constructor	Description
AbstractLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider)

Method Summary

Modifier and Type	Method	Description
void	close()
List<UserModel>	getGroupMembers(RealmModel realm, GroupModel group, int firstResult, int maxResults)	Return empty list if doesn't support storing of groups
LDAPStorageProvider	getLdapProvider()	Gets the ldap provider associated to the mapper.
List<UserModel>	getRoleMembers(RealmModel realm, RoleModel role, int firstResult, int maxResults)	Return empty list if doesn't support storing of roles
Set<String>	getUserAttributes()	Method that returns user model attributes, which this mapper maps to Keycloak users
Set<String>	mandatoryAttributeNames()	Method that returns the mandatory attributes that this mapper imposes on the entry.
boolean	onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm)	Called when LDAP authentication of specified user fails.
static boolean	parseBooleanParameter(ComponentModel mapperModel, String paramName)
SynchronizationResult	syncDataFromFederationProviderToKeycloak(RealmModel realm)	Sync data from federated storage to Keycloak.
SynchronizationResult	syncDataFromKeycloakToFederationProvider(RealmModel realm)	Sync data from Keycloak back to federated storage

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.storage.ldap.mappers.LDAPStorageMapper

beforeLDAPQuery, onImportUserFromLDAP, onRegisterUserToLDAP, proxy

Field Details

session

protected final KeycloakSession session

mapperModel

protected final ComponentModel mapperModel

ldapProvider

protected final LDAPStorageProvider ldapProvider

Constructor Details

AbstractLDAPStorageMapper

public AbstractLDAPStorageMapper(ComponentModel mapperModel,
 LDAPStorageProvider ldapProvider)

Method Details

syncDataFromFederationProviderToKeycloak

public SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm)

Description copied from interface: LDAPStorageMapper

Sync data from federated storage to Keycloak. It's useful just if mapper needs some data preloaded from federated storage (For example load roles from federated provider and sync them to Keycloak database) Applicable just if sync is supported

Specified by:

syncDataFromFederationProviderToKeycloak in interface LDAPStorageMapper

syncDataFromKeycloakToFederationProvider

public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm)

Description copied from interface: LDAPStorageMapper

Sync data from Keycloak back to federated storage

Specified by:

syncDataFromKeycloakToFederationProvider in interface LDAPStorageMapper

getGroupMembers

public List<UserModel> getGroupMembers(RealmModel realm,
 GroupModel group,
 int firstResult,
 int maxResults)

Description copied from interface: LDAPStorageMapper

Return empty list if doesn't support storing of groups

Specified by:

getGroupMembers in interface LDAPStorageMapper

getRoleMembers

public List<UserModel> getRoleMembers(RealmModel realm,
 RoleModel role,
 int firstResult,
 int maxResults)

Description copied from interface: LDAPStorageMapper

Return empty list if doesn't support storing of roles

Specified by:

getRoleMembers in interface LDAPStorageMapper

Returns:

onAuthenticationFailure

public boolean onAuthenticationFailure(LDAPObject ldapUser,
 UserModel user,
 AuthenticationException ldapException,
 RealmModel realm)

Description copied from interface: LDAPStorageMapper

Called when LDAP authentication of specified user fails. If any mapper returns true from this method, AuthenticationException won't be rethrown!

Specified by:

onAuthenticationFailure in interface LDAPStorageMapper

Returns:

true if mapper processed the AuthenticationException and did some actions based on that. In that case, AuthenticationException won't be rethrown!

mandatoryAttributeNames

public Set<String> mandatoryAttributeNames()

Description copied from interface: LDAPStorageMapper

Method that returns the mandatory attributes that this mapper imposes on the entry.

Specified by:

mandatoryAttributeNames in interface LDAPStorageMapper

Returns:

The list of mandatory attributes or null

getUserAttributes

public Set<String> getUserAttributes()

Description copied from interface: LDAPStorageMapper

Method that returns user model attributes, which this mapper maps to Keycloak users

Specified by:

getUserAttributes in interface LDAPStorageMapper

Returns:

user model attributes. Returns empty set if not user attributes provided by this mapper. Never returns null.

parseBooleanParameter

public static boolean parseBooleanParameter(ComponentModel mapperModel,
 String paramName)

getLdapProvider

public LDAPStorageProvider getLdapProvider()

Description copied from interface: LDAPStorageMapper

Gets the ldap provider associated to the mapper.

Specified by:

getLdapProvider in interface LDAPStorageMapper

Returns:

close

public void close()

Specified by:

close in interface Provider