Uses of Class
org.keycloak.common.VerificationException

Packages that use VerificationException

Package	Description
org.keycloak
org.keycloak.authentication
org.keycloak.authentication.actiontoken
org.keycloak.broker.saml
org.keycloak.crypto
org.keycloak.exceptions
org.keycloak.forms.login.freemarker
org.keycloak.organization.utils
org.keycloak.protocol.oid4vc.issuance.keybinding
org.keycloak.protocol.oidc
org.keycloak.protocol.saml
org.keycloak.saml.processing.core.util
org.keycloak.sdjwt
org.keycloak.sdjwt.consumer
org.keycloak.sdjwt.vp
org.keycloak.services.resources
org.keycloak.services.util

Uses of VerificationException in org.keycloak

Methods in org.keycloak that throw VerificationException

Modifier and Type	Method	Description
JWSHeader	RSATokenVerifier.getHeader()	Deprecated.
JWSHeader	TokenVerifier.getHeader()
AccessToken	RSATokenVerifier.getToken()	Deprecated.
T	TokenVerifier.getToken()
RSATokenVerifier	RSATokenVerifier.parse()	Deprecated.
TokenVerifier<T>	TokenVerifier.parse()
boolean	TokenVerifier.AudienceCheck.test(JsonWebToken t)
boolean	TokenVerifier.IssuedForCheck.test(JsonWebToken jsonWebToken)
boolean	TokenVerifier.Predicate.test(T t)	Performs a single check on the given token verifier.
boolean	TokenVerifier.RealmUrlCheck.test(JsonWebToken t)
boolean	TokenVerifier.TokenTypeCheck.test(JsonWebToken t)
static void	KeyPairVerifier.verify(String privateKeyPem, String publicKeyPem)
RSATokenVerifier	RSATokenVerifier.verify()	Deprecated.
TokenVerifier<T>	TokenVerifier.verify()
void	TokenVerifier.verifySignature()
static AccessToken	RSATokenVerifier.verifyToken(String tokenString, PublicKey publicKey, String realmUrl)	Deprecated.
static AccessToken	RSATokenVerifier.verifyToken(String tokenString, PublicKey publicKey, String realmUrl, boolean checkActive, boolean checkTokenType)	Deprecated.

Uses of VerificationException in org.keycloak.authentication

Subclasses of VerificationException in org.keycloak.authentication

Modifier and Type	Class	Description
class	ExplainedVerificationException

Uses of VerificationException in org.keycloak.authentication.actiontoken

Subclasses of VerificationException in org.keycloak.authentication.actiontoken

Modifier and Type	Class	Description
class	ExplainedTokenVerificationException	Token verification exception that bears an error to be logged via event system and a message to show to the user e.g.

Methods in org.keycloak.authentication.actiontoken that throw VerificationException

Modifier and Type	Method	Description
AuthenticationSessionModel	ActionTokenHandler.startFreshAuthenticationSession(T token, ActionTokenContext<T> tokenContext)	Creates a fresh authentication session according to the information from the token.

Uses of VerificationException in org.keycloak.broker.saml

Methods in org.keycloak.broker.saml that throw VerificationException

Modifier and Type	Method	Description
protected void	SAMLEndpoint.ArtifactBinding.verifySignature(String key, SAMLDocumentHolder documentHolder)
protected abstract void	SAMLEndpoint.Binding.verifySignature(String key, SAMLDocumentHolder documentHolder)
protected void	SAMLEndpoint.PostBinding.verifySignature(String key, SAMLDocumentHolder documentHolder)
protected void	SAMLEndpoint.RedirectBinding.verifySignature(String key, SAMLDocumentHolder documentHolder)

Uses of VerificationException in org.keycloak.crypto

Methods in org.keycloak.crypto that throw VerificationException

Modifier and Type	Method	Description
static void	SignatureProvider.checkKeyForVerification(KeyWrapper key, String algorithm, String type)
SignatureVerifierContext	AsymmetricClientSignatureVerifierProvider.verifier(ClientModel client, JWSInput input)
SignatureVerifierContext	AsymmetricSignatureProvider.verifier(String kid)
SignatureVerifierContext	AsymmetricSignatureProvider.verifier(KeyWrapper key)
SignatureVerifierContext	ClientSignatureVerifierProvider.verifier(ClientModel client, JWSInput input)
SignatureVerifierContext	ECDSAClientSignatureVerifierProvider.verifier(ClientModel client, JWSInput input)
SignatureVerifierContext	ECDSASignatureProvider.verifier(String kid)
SignatureVerifierContext	ECDSASignatureProvider.verifier(KeyWrapper key)
SignatureVerifierContext	EdDSAClientSignatureVerifierProvider.verifier(ClientModel client, JWSInput input)
SignatureVerifierContext	EdDSASignatureProvider.verifier(String kid)
SignatureVerifierContext	EdDSASignatureProvider.verifier(KeyWrapper key)
SignatureVerifierContext	MacSecretClientSignatureVerifierProvider.verifier(ClientModel client, JWSInput input)
SignatureVerifierContext	MacSecretSignatureProvider.verifier(String kid)
SignatureVerifierContext	MacSecretSignatureProvider.verifier(KeyWrapper key)
SignatureVerifierContext	SignatureProvider.verifier(String kid)
SignatureVerifierContext	SignatureProvider.verifier(KeyWrapper key)
boolean	AsymmetricSignatureVerifierContext.verify(byte[] data, byte[] signature)
boolean	ClientECDSASignatureVerifierContext.verify(byte[] data, byte[] signature)
boolean	ECDSASignatureVerifierContext.verify(byte[] data, byte[] signature)
boolean	MacSignatureVerifierContext.verify(byte[] data, byte[] signature)
boolean	ServerECDSASignatureVerifierContext.verify(byte[] data, byte[] signature)
boolean	SignatureVerifierContext.verify(byte[] data, byte[] signature)

Constructors in org.keycloak.crypto that throw VerificationException

Modifier	Constructor	Description
	ClientAsymmetricSignatureVerifierContext(KeycloakSession session, ClientModel client, JWSInput input)
	ClientECDSASignatureVerifierContext(KeycloakSession session, ClientModel client, JWSInput input)
	ClientEdDSASignatureVerifierContext(KeycloakSession session, ClientModel client, JWSInput input)
	ClientMacSignatureVerifierContext(KeycloakSession session, ClientModel client, String algorithm)
	ServerAsymmetricSignatureVerifierContext(KeyWrapper key)
	ServerAsymmetricSignatureVerifierContext(KeycloakSession session, String kid, String algorithm)
	ServerECDSASignatureVerifierContext(KeycloakSession session, String kid, String algorithm)
	ServerEdDSASignatureVerifierContext(KeycloakSession session, String kid, String algorithm)
	ServerMacSignatureVerifierContext(KeyWrapper key)
	ServerMacSignatureVerifierContext(KeycloakSession session, String kid, String algorithm)

Uses of VerificationException in org.keycloak.exceptions

Subclasses of VerificationException in org.keycloak.exceptions

Modifier and Type	Class	Description
class	TokenNotActiveException	Exception thrown for cases when token is invalid due to time constraints (expired, or not yet valid).
class	TokenSignatureInvalidException	Thrown when token signature is invalid.
class	TokenVerificationException	Exception thrown on failed verification of a token.

Uses of VerificationException in org.keycloak.forms.login.freemarker

Methods in org.keycloak.forms.login.freemarker that throw VerificationException

Modifier and Type	Method	Description
DetachedInfoStateCookie	DetachedInfoStateChecker.verifyStateCheckerParameter(String stateCheckerParam)

Uses of VerificationException in org.keycloak.organization.utils

Methods in org.keycloak.organization.utils that throw VerificationException

Modifier and Type	Method	Description
static InviteOrgActionToken	Organizations.parseInvitationToken(HttpRequest request)

Uses of VerificationException in org.keycloak.protocol.oid4vc.issuance.keybinding

Methods in org.keycloak.protocol.oid4vc.issuance.keybinding that throw VerificationException

Modifier and Type	Method	Description
protected boolean	JwtCNonceHandler.checkAttributeEquality(String key, Object object, Object actualValue)
protected SignatureVerifierContext	AbstractProofValidator.getVerifier(JWK jwk, String jwsAlgorithm)
static KeyAttestationJwtBody	AttestationValidatorUtil.validateAttestationJwt(String attestationJwt, KeycloakSession keycloakSession, VCIssuanceContext vcIssuanceContext, AttestationKeyResolver keyResolver)
void	CNonceHandler.verifyCNonce(String cNonce, List<String> audiences, Map<String,Object> additionalDetails)	must verify the validity of a cNonce value that has been issued by the CNonceHandler.buildCNonce(List, Map) method.
void	JwtCNonceHandler.verifyCNonce(String cNonce, List<String> audiences, Map<String,Object> additionalDetails)

Uses of VerificationException in org.keycloak.protocol.oidc

Methods in org.keycloak.protocol.oidc that throw VerificationException

Modifier and Type	Method	Description
boolean	TokenManager.NotBeforeCheck.test(JsonWebToken t)

Uses of VerificationException in org.keycloak.protocol.saml

Methods in org.keycloak.protocol.saml that throw VerificationException

Modifier and Type	Method	Description
static KeyLocator	SamlProtocolUtils.createKeyLocatorForClient(KeycloakSession session, ClientModel client, KeyUse use)
static KeyLocator	SamlProtocolUtils.createKeyLocatorForClient(KeycloakSession session, SamlClient samlClient, KeyUse use)
static PublicKey	SamlProtocolUtils.getEncryptionKey(KeycloakSession session, ClientModel client)	Returns public part of SAML encryption key from the client settings.
static PublicKey	SamlProtocolUtils.getEncryptionKey(KeycloakSession session, SamlClient samlClient)	Returns public part of SAML encryption key from the client settings.
static PublicKey	SamlProtocolUtils.getPublicKey(ClientModel client, String attribute)
static void	SamlProtocolUtils.setupEncryption(KeycloakSession session, SamlClient samlClient, BaseSAML2BindingBuilder<?> bindingBuilder)
static void	SamlProtocolUtils.verifyDocumentSignature(KeycloakSession session, ClientModel client, Document document)	Verifies a signature of the given SAML document using settings for the given client.
static void	SamlProtocolUtils.verifyDocumentSignature(Document document, KeyLocator keyLocator)	Verifies a signature of the given SAML document using keys obtained from the given key locator.
static void	SamlProtocolUtils.verifyRedirectSignature(SAMLDocumentHolder documentHolder, KeyLocator locator, jakarta.ws.rs.core.MultivaluedMap<String,String> encodedParams, String paramKey)
static void	SamlProtocolUtils.verifyRedirectSignature(SAMLDocumentHolder documentHolder, KeyLocator locator, jakarta.ws.rs.core.UriInfo uriInformation, String paramKey)
protected abstract void	SamlService.BindingProtocol.verifySignature(SAMLDocumentHolder documentHolder, ClientModel client)
protected void	SamlService.PostBindingProtocol.verifySignature(SAMLDocumentHolder documentHolder, ClientModel client)
protected void	SamlService.RedirectBindingProtocol.verifySignature(SAMLDocumentHolder documentHolder, ClientModel client)

Uses of VerificationException in org.keycloak.saml.processing.core.util

Methods in org.keycloak.saml.processing.core.util that throw VerificationException

Modifier and Type	Method	Description
static boolean	RedirectBindingSignatureUtil.validateRedirectBindingSignature(SignatureAlgorithm sigAlg, byte[] rawQueryBytes, byte[] decodedSignature, KeyLocator locator, String keyId)

Uses of VerificationException in org.keycloak.sdjwt

Methods in org.keycloak.sdjwt that throw VerificationException

Modifier and Type	Method	Description
static com.fasterxml.jackson.databind.node.ArrayNode	SdJwtUtils.decodeDisclosureString(String disclosure)
static String	SdJwtUtils.readClaim(com.fasterxml.jackson.databind.JsonNode payload, String claimName)
static long	SdJwtUtils.readTimeClaim(com.fasterxml.jackson.databind.JsonNode payload, String claimName)
void	SdJwt.verify(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts verificationOpts)	Verifies SD-JWT as to whether the Issuer-signed JWT's signature and disclosures are valid.
void	SdJws.verifyAge(int maxAge)	Verifies that the JWS is not too old.
void	SdJws.verifyExpClaim()
void	SdJws.verifyIssClaim(List<String> issuers)	Verifies that SD-JWT was issued by one of the provided issuers.
void	SdJwtVerificationContext.verifyIssuance(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, PresentationRequirements presentationRequirements)	Verifies SD-JWT as to whether the Issuer-signed JWT's signature and disclosures are valid.
void	SdJws.verifyIssuedAtClaim()
void	SdJws.verifyNotBeforeClaim()
void	SdJwtVerificationContext.verifyPresentation(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts, PresentationRequirements presentationRequirements)	Verifies SD-JWT presentation.
void	IssuerSignedJWT.verifySdHashAlgorithm()	Verifies that the SD hash algorithm is understood and deemed secure.
void	SdJwtFacade.verifySdJwt(SdJwt sdJwt, List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts verificationOpts)	Verify the SD-JWT using the provided signature verification keys.
void	SdJws.verifySignature(SignatureVerifierContext verifier)
void	SdJws.verifyVctClaim(List<String> vcts)	Verifies that SD-JWT vct claim matches the expected one.

Uses of VerificationException in org.keycloak.sdjwt.consumer

Methods in org.keycloak.sdjwt.consumer that throw VerificationException

Modifier and Type	Method	Description
void	PresentationRequirements.checkIfSatisfiedBy(com.fasterxml.jackson.databind.JsonNode disclosedPayload)	Ensures that the configured requirements are satisfied by the presentation.
void	SimplePresentationDefinition.checkIfSatisfiedBy(com.fasterxml.jackson.databind.JsonNode disclosedPayload)	Checks if the provided JSON payload satisfies all required field patterns.
List<SignatureVerifierContext>	JwtVcMetadataTrustedSdJwtIssuer.resolveIssuerVerifyingKeys(IssuerSignedJWT issuerSignedJWT)
List<SignatureVerifierContext>	TrustedSdJwtIssuer.resolveIssuerVerifyingKeys(IssuerSignedJWT issuerSignedJWT)	Resolves potential verifying keys to validate the Issuer-signed JWT.
void	SdJwtPresentationConsumer.verifySdJwtPresentation(SdJwtVP sdJwtVP, PresentationRequirements presentationRequirements, List<TrustedSdJwtIssuer> trustedSdJwtIssuers, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts)	Verify SD-JWT presentation against specific requirements.

Uses of VerificationException in org.keycloak.sdjwt.vp

Methods in org.keycloak.sdjwt.vp that throw VerificationException

Modifier and Type	Method	Description
void	SdJwtVP.verify(List<SignatureVerifierContext> issuerVerifyingKeys, IssuerSignedJwtVerificationOpts issuerSignedJwtVerificationOpts, KeyBindingJwtVerificationOpts keyBindingJwtVerificationOpts)	Verifies SD-JWT presentation.

Uses of VerificationException in org.keycloak.services.resources

Subclasses of VerificationException in org.keycloak.services.resources

Modifier and Type	Class	Description
class	LoginActionsServiceException

Methods in org.keycloak.services.resources that throw VerificationException

Modifier and Type	Method	Description
static void	LoginActionsServiceChecks.checkIsClientValid(KeycloakSession session, ClientModel client)	Verifies whether the client denoted by client ID in token's iss (issuedFor) field both exists and is enabled.
static <T extends JsonWebToken> void	LoginActionsServiceChecks.checkIsClientValid(T token, ActionTokenContext<T> context)	Verifies whether the client denoted by client ID in token's iss (issuedFor) field both exists and is enabled.
static void	LoginActionsServiceChecks.checkIsUserValid(KeycloakSession session, RealmModel realm, String userId, Consumer<UserModel> userSetter, EventBuilder event)	Verifies whether the user given by ID both exists in the current realm.
static <T extends JsonWebToken & SingleUseObjectKeyModel> void	LoginActionsServiceChecks.checkIsUserValid(T token, ActionTokenContext<T> context, EventBuilder event)	Verifies whether the user given by ID both exists in the current realm.
static <T extends JsonWebToken & SingleUseObjectKeyModel> void	LoginActionsServiceChecks.checkTokenWasNotUsedYet(T token, ActionTokenContext<T> context)
static <T extends JsonWebToken> boolean	LoginActionsServiceChecks.doesAuthenticationSessionFromCookieMatchOneFromToken(ActionTokenContext<T> context, AuthenticationSessionModel authSessionFromCookie, String authSessionCompoundIdFromToken)	This check verifies that current authentication session is consistent with the one specified in token.
boolean	LoginActionsServiceChecks.AuthenticationSessionUserIdMatchesOneFromToken.test(JsonWebToken t)
boolean	LoginActionsServiceChecks.IsActionRequired.test(JsonWebToken t)
boolean	LoginActionsServiceChecks.IsRedirectValid.test(JsonWebToken t)

Uses of VerificationException in org.keycloak.services.util

Subclasses of VerificationException in org.keycloak.services.util

Modifier and Type	Class	Description
static class	DPoPUtil.DPoPVerificationException

Methods in org.keycloak.services.util that throw VerificationException

Modifier and Type	Method	Description
DPoP	DPoPUtil.Validator.validate()
static void	DPoPUtil.validateBinding(AccessToken token, DPoP dPoP)