Package org.keycloak.authentication.requiredactions

Class WebAuthnRegister

java.lang.Object

org.keycloak.authentication.requiredactions.WebAuthnRegister

All Implemented Interfaces:

CredentialAction, CredentialRegistrator, RequiredActionProvider, Provider

Direct Known Subclasses:

WebAuthnPasswordlessRegister

public class WebAuthnRegister
extends Object
implements RequiredActionProvider, CredentialRegistrator

Required action for register WebAuthn 2-factor credential for the user

Constructor Summary

Constructors

Constructor	Description
WebAuthnRegister(KeycloakSession session, com.webauthn4j.verifier.attestation.trustworthiness.certpath.CertPathTrustworthinessVerifier certPathtrustVerifier)

Method Summary

Modifier and Type	Method	Description
void	close()
protected com.webauthn4j.WebAuthnRegistrationManager	createWebAuthnRegistrationManager()	Create WebAuthnRegistrationManager instance Can be overridden in subclasses to customize the used attestation validators
void	evaluateTriggers(RequiredActionContext context)	Called every time a user authenticates.
protected String	getCredentialProviderId()
protected String	getCredentialType()
String	getCredentialType(KeycloakSession session, AuthenticationSessionModel authenticationSession)
protected EventType	getOriginalEventTypeForBackwardsCompatibility(RequiredActionContext context)	Deprecated. For compatibility sake as long as we use @link EventType.UPDATE_PASSWORD , EventType.UPDATE_TOTP a.s.o.
protected WebAuthnPolicy	getWebAuthnPolicy(RequiredActionContext context)
InitiatedActionSupport	initiatedActionSupport()	Determines what type of support is provided for application-initiated actions.
void	processAction(RequiredActionContext context)	Called when a required action has form input you want to process.
void	requiredActionChallenge(RequiredActionContext context)	If the user has a required action set, this method will be the initial call to obtain what to display to the user's browser.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.RequiredActionProvider

getMaxAuthAge, getMaxAuthAge, initiatedActionCanceled

Constructor Details

WebAuthnRegister

public WebAuthnRegister(KeycloakSession session,
 com.webauthn4j.verifier.attestation.trustworthiness.certpath.CertPathTrustworthinessVerifier certPathtrustVerifier)

Method Details

initiatedActionSupport

public InitiatedActionSupport initiatedActionSupport()

Description copied from interface: RequiredActionProvider

Determines what type of support is provided for application-initiated actions.

Specified by:

initiatedActionSupport in interface RequiredActionProvider

Returns:

InititatedActionsSupport

requiredActionChallenge

public void requiredActionChallenge(RequiredActionContext context)

Description copied from interface: RequiredActionProvider

If the user has a required action set, this method will be the initial call to obtain what to display to the user's browser. Return null if no action should be done.

Specified by:

requiredActionChallenge in interface RequiredActionProvider

getWebAuthnPolicy

protected WebAuthnPolicy getWebAuthnPolicy(RequiredActionContext context)

getCredentialType

public String getCredentialType(KeycloakSession session,
 AuthenticationSessionModel authenticationSession)

Specified by:

getCredentialType in interface CredentialAction

Returns:

credential type, which this action is able to register. This should refer to the same value as returned by CredentialProvider.getType() of the corresponding credential provider and ConfigurableAuthenticatorFactory.getReferenceCategory() of the corresponding authenticator

getCredentialType

protected String getCredentialType()

getCredentialProviderId

protected String getCredentialProviderId()

getOriginalEventTypeForBackwardsCompatibility

@Deprecated
protected EventType getOriginalEventTypeForBackwardsCompatibility(RequiredActionContext context)

Deprecated.

For compatibility sake as long as we use @link EventType.UPDATE_PASSWORD , EventType.UPDATE_TOTP a.s.o.

Method to provide removal and deprecation hint

processAction

public void processAction(RequiredActionContext context)

Description copied from interface: RequiredActionProvider

Called when a required action has form input you want to process.

Specified by:

processAction in interface RequiredActionProvider

createWebAuthnRegistrationManager

protected com.webauthn4j.WebAuthnRegistrationManager createWebAuthnRegistrationManager()

Create WebAuthnRegistrationManager instance Can be overridden in subclasses to customize the used attestation validators

Returns:

webauthn4j WebAuthnRegistrationManager instance

close

public void close()

Specified by:

close in interface Provider

evaluateTriggers

public void evaluateTriggers(RequiredActionContext context)

Description copied from interface: RequiredActionProvider

Called every time a user authenticates. This checks to see if this required action should be triggered. The implementation of this method is responsible for setting the required action on the UserModel. For example, the UpdatePassword required actions checks the password policies to see if the password has expired.

Specified by:

evaluateTriggers in interface RequiredActionProvider