Package org.keycloak.authentication
Class AuthenticationProcessor.Result
java.lang.Object
org.keycloak.authentication.AuthenticationProcessor.Result
- All Implemented Interfaces:
AbstractAuthenticationFlowContext,AuthenticationFlowContext,ClientAuthenticationFlowContext
- Enclosing class:
- AuthenticationProcessor
public class AuthenticationProcessor.Result
extends Object
implements AuthenticationFlowContext, ClientAuthenticationFlowContext
-
Method Summary
Modifier and TypeMethodDescriptionvoidattachUserSession(UserSessionModel userSession) voidThere was no failure or challenge.voidEnd the flow and redirect browser based on protocol specific response.voidchallenge(jakarta.ws.rs.core.Response challenge) Sends a challenge response back to the HTTP client.voidClear the user from the flow.voidfailure(AuthenticationFlowError error) Aborts the current flowvoidfailure(AuthenticationFlowError error, jakarta.ws.rs.core.Response challenge) Aborts the current flow.voidfailure(AuthenticationFlowError error, jakarta.ws.rs.core.Response challenge, String eventDetails, String userErrorMessage) Aborts the current flow.voidfailureChallenge(AuthenticationFlowError error, jakarta.ws.rs.core.Response challenge) Same behavior as forceChallenge(), but the error count in brute force attack detection will be incremented.voidforceChallenge(jakarta.ws.rs.core.Response challenge) Sends the challenge back to the HTTP client regardless of the current execution requirementvoidfork()Fork the current flow.voidforkWithErrorMessage(FormMessage message) Fork the current flow.voidforkWithSuccessMessage(FormMessage message) Fork the current flow.form()Create a Freemarker form builder that presets the user, action URI, and a generated access codeGenerates access code and updates clientsession timestamp Access codes must be included in form action callbacks as a query parameter.getActionTokenUrl(String tokenString) Get the action URL for the action token executor.getActionUrl(String code) Get the action URL for the required action.AuthenticationSessionModel attached to this flowGet any configuration associated with the current executiongetCategoryRequirementFromCurrentFlow(String authenticatorCategory) jakarta.ws.rs.core.ResponseCurrent client attached to this flow.Return the map where the authenticators can put some additional state related to authenticated client and the context how was client authenticated (ie.Information about the IP address from the connecting HTTP client.getError()Get the error condition of a failed execution.getEvent()Current event builder being usedGet details of the event that caused an errorThe current execution in the flowThis could be an error message forwarded from another authenticator that is restarting or continuing the flo.This could be an info message forwarded from another authenticator.This could be an success message forwarded from another authenticator that is restarting or continuing the flow.getRealm()Current realmGet the refresh URL for the required action.getRefreshUrl(boolean authSessionIdParam) Get the refresh URL for the flow.Current session<T> TgetState(Class<T> type, ClientAuthenticationFlowContextSupplier<T> supplier) Provides a mechanism for sharing computed state across multiple authenticators.Get the current status of the current execution.jakarta.ws.rs.core.UriInfoUriInfo of the current requestgetUser()Current user attached to this flow.A custom error message that can be displayed to the usernewEvent()Create a refresh new EventBuilder to use within this contextvoidReset the current flow to the beginning and restarts it.voidReset the current flow to the beginning and restarts it.voidsetAuthenticationSelections(List<AuthenticationSelectionOption> authenticationSelections) voidsetClient(ClientModel client) Attach a specific client to this flow.voidsetForwardedInfoMessage(String message, Object... parameters) voidAttach a specific user to this flow.voidsuccess()Mark the current execution as successful.voidMark the current execution as successful and the auth session sets the credential type in the authentication session as the last credential used to authenticate the user.
-
Method Details
-
newEvent
Description copied from interface:AbstractAuthenticationFlowContextCreate a refresh new EventBuilder to use within this context- Specified by:
newEventin interfaceAbstractAuthenticationFlowContext- Returns:
-
getCategoryRequirementFromCurrentFlow
public AuthenticationExecutionModel.Requirement getCategoryRequirementFromCurrentFlow(String authenticatorCategory) - Specified by:
getCategoryRequirementFromCurrentFlowin interfaceAbstractAuthenticationFlowContext
-
getExecution
Description copied from interface:AbstractAuthenticationFlowContextThe current execution in the flow- Specified by:
getExecutionin interfaceAbstractAuthenticationFlowContext- Returns:
-
getTopLevelFlow
- Specified by:
getTopLevelFlowin interfaceAbstractAuthenticationFlowContext- Returns:
- the top level flow (root flow) of this authentication
-
getAuthenticatorConfig
Description copied from interface:AbstractAuthenticationFlowContextGet any configuration associated with the current execution- Specified by:
getAuthenticatorConfigin interfaceAbstractAuthenticationFlowContext- Returns:
-
getAuthenticator
-
getStatus
Description copied from interface:AbstractAuthenticationFlowContextGet the current status of the current execution.- Specified by:
getStatusin interfaceAbstractAuthenticationFlowContext- Returns:
- may return null if not set yet.
-
getClientAuthenticator
-
success
public void success()Description copied from interface:AbstractAuthenticationFlowContextMark the current execution as successful. The flow will then continue- Specified by:
successin interfaceAbstractAuthenticationFlowContext
-
success
Description copied from interface:AbstractAuthenticationFlowContextMark the current execution as successful and the auth session sets the credential type in the authentication session as the last credential used to authenticate the user.- Specified by:
successin interfaceAbstractAuthenticationFlowContext- Parameters:
credentialType- The credential used to authenticate the user
-
failure
Description copied from interface:AbstractAuthenticationFlowContextAborts the current flow- Specified by:
failurein interfaceAbstractAuthenticationFlowContext
-
challenge
public void challenge(jakarta.ws.rs.core.Response challenge) Description copied from interface:AbstractAuthenticationFlowContextSends a challenge response back to the HTTP client. If the current execution requirement is optional, this response will not be sent. If the current execution requirement is alternative, then this challenge will be sent if no other alternative execution was successful.- Specified by:
challengein interfaceAbstractAuthenticationFlowContext
-
forceChallenge
public void forceChallenge(jakarta.ws.rs.core.Response challenge) Description copied from interface:AbstractAuthenticationFlowContextSends the challenge back to the HTTP client regardless of the current execution requirement- Specified by:
forceChallengein interfaceAbstractAuthenticationFlowContext
-
failureChallenge
Description copied from interface:AbstractAuthenticationFlowContextSame behavior as forceChallenge(), but the error count in brute force attack detection will be incremented. For example, if a user enters in a bad password, the user is directed to try again, but Keycloak will keep track of how many failures have happened.- Specified by:
failureChallengein interfaceAbstractAuthenticationFlowContext
-
failure
Description copied from interface:AbstractAuthenticationFlowContextAborts the current flow.- Specified by:
failurein interfaceAbstractAuthenticationFlowContextchallenge- Response that will be sent back to HTTP client
-
failure
public void failure(AuthenticationFlowError error, jakarta.ws.rs.core.Response challenge, String eventDetails, String userErrorMessage) Description copied from interface:AbstractAuthenticationFlowContextAborts the current flow.- Specified by:
failurein interfaceAbstractAuthenticationFlowContextchallenge- Response that will be sent back to HTTP clienteventDetails- Details about the error eventuserErrorMessage- A message describing the error to the user
-
attempted
public void attempted()Description copied from interface:AbstractAuthenticationFlowContextThere was no failure or challenge. The authenticator was attempted, but not fulfilled. If the current execution requirement is alternative or optional, then this status is ignored by the flow.- Specified by:
attemptedin interfaceAbstractAuthenticationFlowContext
-
getUser
Description copied from interface:AuthenticationFlowContextCurrent user attached to this flow. It can return null if no user has been identified yet- Specified by:
getUserin interfaceAuthenticationFlowContext- Returns:
-
setUser
Description copied from interface:AuthenticationFlowContextAttach a specific user to this flow.- Specified by:
setUserin interfaceAuthenticationFlowContext
-
getAuthenticationSelections
- Specified by:
getAuthenticationSelectionsin interfaceAuthenticationFlowContext
-
setAuthenticationSelections
public void setAuthenticationSelections(List<AuthenticationSelectionOption> authenticationSelections) - Specified by:
setAuthenticationSelectionsin interfaceAuthenticationFlowContext
-
clearUser
public void clearUser()Description copied from interface:AuthenticationFlowContextClear the user from the flow.- Specified by:
clearUserin interfaceAuthenticationFlowContext
-
getRealm
Description copied from interface:AbstractAuthenticationFlowContextCurrent realm- Specified by:
getRealmin interfaceAbstractAuthenticationFlowContext- Returns:
-
getClient
Description copied from interface:ClientAuthenticationFlowContextCurrent client attached to this flow. It can return null if no client has been identified yet- Specified by:
getClientin interfaceClientAuthenticationFlowContext- Returns:
-
setClient
Description copied from interface:ClientAuthenticationFlowContextAttach a specific client to this flow.- Specified by:
setClientin interfaceClientAuthenticationFlowContext
-
getClientAuthAttributes
Description copied from interface:ClientAuthenticationFlowContextReturn the map where the authenticators can put some additional state related to authenticated client and the context how was client authenticated (ie. attributes from client certificate etc). Map is writable, so you can add/remove items from it as needed. After successful authentication will be those state data put into UserSession notes. This allows you to configure UserSessionNote protocol mapper for your client, which will allow to map those state data into the access token available in the application- Specified by:
getClientAuthAttributesin interfaceClientAuthenticationFlowContext- Returns:
-
getState
public <T> T getState(Class<T> type, ClientAuthenticationFlowContextSupplier<T> supplier) throws Exception Description copied from interface:ClientAuthenticationFlowContextProvides a mechanism for sharing computed state across multiple authenticators. Returns state of the given type. If not already set the supplier is used to initialise the state.- Specified by:
getStatein interfaceClientAuthenticationFlowContext- Type Parameters:
T- the type of the state- Parameters:
type- the class type of the statesupplier- a supplier that can create the computed state if not already set- Returns:
- the current state
- Throws:
Exception
-
getAuthenticationSession
Description copied from interface:AuthenticationFlowContextAuthenticationSessionModel attached to this flow- Specified by:
getAuthenticationSessionin interfaceAuthenticationFlowContext- Returns:
-
getFlowPath
- Specified by:
getFlowPathin interfaceAuthenticationFlowContext- Returns:
- current flow path (EG. authenticate, reset-credentials)
-
getConnection
Description copied from interface:AbstractAuthenticationFlowContextInformation about the IP address from the connecting HTTP client.- Specified by:
getConnectionin interfaceAbstractAuthenticationFlowContext- Returns:
-
getUriInfo
public jakarta.ws.rs.core.UriInfo getUriInfo()Description copied from interface:AbstractAuthenticationFlowContextUriInfo of the current request- Specified by:
getUriInfoin interfaceAbstractAuthenticationFlowContext- Returns:
-
getSession
Description copied from interface:AbstractAuthenticationFlowContextCurrent session- Specified by:
getSessionin interfaceAbstractAuthenticationFlowContext- Returns:
-
getHttpRequest
- Specified by:
getHttpRequestin interfaceAbstractAuthenticationFlowContext
-
attachUserSession
- Specified by:
attachUserSessionin interfaceAuthenticationFlowContext
-
getProtector
- Specified by:
getProtectorin interfaceAbstractAuthenticationFlowContext
-
getEvent
Description copied from interface:AbstractAuthenticationFlowContextCurrent event builder being used- Specified by:
getEventin interfaceAbstractAuthenticationFlowContext- Returns:
-
getForwardedErrorMessage
Description copied from interface:AbstractAuthenticationFlowContextThis could be an error message forwarded from another authenticator that is restarting or continuing the flo. For example the brokering API sends this when the broker failed authentication and we want to continue authentication locally. forwardedErrorMessage can then be displayed by whatever form is challenging.- Specified by:
getForwardedErrorMessagein interfaceAbstractAuthenticationFlowContext
-
generateAccessCode
Description copied from interface:AbstractAuthenticationFlowContextGenerates access code and updates clientsession timestamp Access codes must be included in form action callbacks as a query parameter.- Specified by:
generateAccessCodein interfaceAbstractAuthenticationFlowContext- Returns:
-
getChallenge
public jakarta.ws.rs.core.Response getChallenge() -
getError
Description copied from interface:AbstractAuthenticationFlowContextGet the error condition of a failed execution.- Specified by:
getErrorin interfaceAbstractAuthenticationFlowContext- Returns:
- may return null if there was no error
-
form
Description copied from interface:AuthenticationFlowContextCreate a Freemarker form builder that presets the user, action URI, and a generated access code- Specified by:
formin interfaceAuthenticationFlowContext- Returns:
-
getActionUrl
Description copied from interface:AuthenticationFlowContextGet the action URL for the required action.- Specified by:
getActionUrlin interfaceAuthenticationFlowContext- Parameters:
code- authentication session access code- Returns:
-
getActionTokenUrl
Description copied from interface:AuthenticationFlowContextGet the action URL for the action token executor.- Specified by:
getActionTokenUrlin interfaceAuthenticationFlowContext- Parameters:
tokenString- String representation (JWT) of action token- Returns:
-
getRefreshExecutionUrl
Description copied from interface:AuthenticationFlowContextGet the refresh URL for the required action.- Specified by:
getRefreshExecutionUrlin interfaceAuthenticationFlowContext- Returns:
-
getRefreshUrl
Description copied from interface:AuthenticationFlowContextGet the refresh URL for the flow.- Specified by:
getRefreshUrlin interfaceAuthenticationFlowContext- Parameters:
authSessionIdParam- will include auth_session query param for clients that don't process cookies- Returns:
-
cancelLogin
public void cancelLogin()Description copied from interface:AuthenticationFlowContextEnd the flow and redirect browser based on protocol specific response. This should only be executed in browser-based flows.- Specified by:
cancelLoginin interfaceAuthenticationFlowContext
-
resetFlow
public void resetFlow()Description copied from interface:AuthenticationFlowContextReset the current flow to the beginning and restarts it.- Specified by:
resetFlowin interfaceAuthenticationFlowContext
-
resetFlow
Description copied from interface:AuthenticationFlowContextReset the current flow to the beginning and restarts it. Allows to add additional listener, which is triggered after flow restarted- Specified by:
resetFlowin interfaceAuthenticationFlowContext
-
fork
public void fork()Description copied from interface:AuthenticationFlowContextFork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email. It sends an email linking to the current flow and redirects the browser to a new browser login flow.- Specified by:
forkin interfaceAuthenticationFlowContext
-
forkWithSuccessMessage
Description copied from interface:AuthenticationFlowContextFork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email. It sends an email linking to the current flow and redirects the browser to a new browser login flow. This method will set up a success message that will be displayed in the first page of the new flow- Specified by:
forkWithSuccessMessagein interfaceAuthenticationFlowContext- Parameters:
message- Corresponds to raw text or a message property defined in a message bundle
-
forkWithErrorMessage
Description copied from interface:AuthenticationFlowContextFork the current flow. The authentication session will be cloned and set to point at the realm's browser login flow. The Response will be the result of this fork. The previous flow will still be set at the current execution. This is used by reset password when it sends an email. It sends an email linking to the current flow and redirects the browser to a new browser login flow. This method will set up an error message that will be displayed in the first page of the new flow- Specified by:
forkWithErrorMessagein interfaceAuthenticationFlowContext- Parameters:
message- Corresponds to raw text or a message property defined in a message bundle
-
getForwardedSuccessMessage
Description copied from interface:AbstractAuthenticationFlowContextThis could be an success message forwarded from another authenticator that is restarting or continuing the flow. For example a reset password sends an email, then resets the flow with a success message. forwardedSuccessMessage can then be displayed by whatever form is challenging.- Specified by:
getForwardedSuccessMessagein interfaceAbstractAuthenticationFlowContext
-
setForwardedInfoMessage
- Specified by:
setForwardedInfoMessagein interfaceAbstractAuthenticationFlowContext- Parameters:
message- to be forwardedparameters- parameters of the message if any- See Also:
-
getForwardedInfoMessage
Description copied from interface:AbstractAuthenticationFlowContextThis could be an info message forwarded from another authenticator. This info message will be usually displayed only once on the first screen shown to the user during authentication. The authenticator forwarding the info message does not know which the screen would be. For example during user re-authentication, the user should see info message like "Please re-authenticate", but at the beginning of the authentication, it is not 100% clear which screen will be the first shown screen where this message should be displayed- Specified by:
getForwardedInfoMessagein interfaceAbstractAuthenticationFlowContext
-
getErrorMessage
-
getSuccessMessage
-
getEventDetails
Description copied from interface:AbstractAuthenticationFlowContextGet details of the event that caused an error- Specified by:
getEventDetailsin interfaceAbstractAuthenticationFlowContext- Returns:
- may return null if not set
-
getUserErrorMessage
Description copied from interface:AbstractAuthenticationFlowContextA custom error message that can be displayed to the user- Specified by:
getUserErrorMessagein interfaceAbstractAuthenticationFlowContext- Returns:
- Optional error message
-