Package org.keycloak.authentication.authenticators.browser

Class PasswordForm

java.lang.Object

org.keycloak.authentication.AbstractFormAuthenticator

org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator

org.keycloak.authentication.authenticators.browser.UsernamePasswordForm

org.keycloak.authentication.authenticators.browser.PasswordForm

All Implemented Interfaces:

Authenticator, CredentialValidator<PasswordCredentialProvider>, Provider

public class PasswordForm
extends UsernamePasswordForm
implements CredentialValidator<PasswordCredentialProvider>

Field Summary

Fields inherited from class org.keycloak.authentication.authenticators.browser.UsernamePasswordForm

webauthnAuth

Fields inherited from class org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator

ATTEMPTED_USERNAME, REGISTRATION_FORM_ACTION, SESSION_INVALID, USER_SET_BEFORE_USERNAME_PASSWORD_AUTH

Constructor Summary

Constructors

Constructor	Description
PasswordForm(KeycloakSession session)

Method Summary

Modifier and Type	Method	Description
void	authenticate(AuthenticationFlowContext context)	Initial call for the authenticator.
boolean	configuredFor(KeycloakSession session, RealmModel realm, UserModel user)	Is this authenticator configured for this user.
protected jakarta.ws.rs.core.Response	createLoginForm(LoginFormsProvider form)
PasswordCredentialProvider	getCredentialProvider(KeycloakSession session)
protected String	getDefaultChallengeMessage(AuthenticationFlowContext context)
boolean	requiresUser()	Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?
protected boolean	validateForm(AuthenticationFlowContext context, jakarta.ws.rs.core.MultivaluedMap<String,String> formData)

Methods inherited from class org.keycloak.authentication.authenticators.browser.UsernamePasswordForm

action, alreadyAuthenticatedUsingPasswordlessCredential, alreadyAuthenticatedUsingPasswordlessCredential, challenge, challenge, close, isConditionalPasskeysEnabled, setRequiredActions

Methods inherited from class org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator

challenge, disabledByBruteForceError, disabledByBruteForceFieldError, enabledUser, isDisabledByBruteForce, isUserAlreadySetBeforeUsernamePasswordAuth, setDuplicateUserChallenge, testInvalidUser, validatePassword, validateUser, validateUserAndPassword

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.Authenticator

areRequiredActionsEnabled, getRequiredActions

Methods inherited from interface org.keycloak.authentication.CredentialValidator

getCredentials, getType

Constructor Details

PasswordForm

public PasswordForm(KeycloakSession session)

Method Details

validateForm

protected boolean validateForm(AuthenticationFlowContext context,
 jakarta.ws.rs.core.MultivaluedMap<String,String> formData)

Overrides:

validateForm in class UsernamePasswordForm

authenticate

public void authenticate(AuthenticationFlowContext context)

Description copied from interface: Authenticator

Initial call for the authenticator. This method should check the current HTTP request to determine if the request satisfies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.

Specified by:

authenticate in interface Authenticator

Overrides:

authenticate in class UsernamePasswordForm

configuredFor

public boolean configuredFor(KeycloakSession session,
 RealmModel realm,
 UserModel user)

Description copied from interface: Authenticator

Is this authenticator configured for this user.

Specified by:

configuredFor in interface Authenticator

Overrides:

configuredFor in class UsernamePasswordForm

Returns:

requiresUser

public boolean requiresUser()

Description copied from interface: Authenticator

Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?

Specified by:

requiresUser in interface Authenticator

Overrides:

requiresUser in class UsernamePasswordForm

Returns:

createLoginForm

protected jakarta.ws.rs.core.Response createLoginForm(LoginFormsProvider form)

Overrides:

createLoginForm in class AbstractUsernameFormAuthenticator

getDefaultChallengeMessage

protected String getDefaultChallengeMessage(AuthenticationFlowContext context)

Overrides:

getDefaultChallengeMessage in class AbstractUsernameFormAuthenticator

getCredentialProvider

public PasswordCredentialProvider getCredentialProvider(KeycloakSession session)

Specified by:

getCredentialProvider in interface CredentialValidator<PasswordCredentialProvider>