Package org.keycloak.broker.kubernetes

Class KubernetesIdentityProvider

java.lang.Object

org.keycloak.broker.provider.AbstractIdentityProvider<C>

org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

org.keycloak.broker.oidc.OIDCIdentityProvider

org.keycloak.broker.kubernetes.KubernetesIdentityProvider

All Implemented Interfaces:

ClientAssertionIdentityProvider, ExchangeExternalToken, ExchangeTokenToIdentityProviderToken, IdentityProvider<OIDCIdentityProviderConfig>, Provider

public class KubernetesIdentityProvider
extends OIDCIdentityProvider

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider

OIDCIdentityProvider.OIDCEndpoint

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

AbstractOAuth2IdentityProvider.Endpoint, AbstractOAuth2IdentityProvider.OAuthResponse

Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider

IdentityProvider.AuthenticationCallback

Field Summary

Fields inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider

EXCHANGE_PROVIDER, FEDERATED_ACCESS_TOKEN_RESPONSE, FEDERATED_ID_TOKEN, logger, SCOPE_OPENID, USER_INFO, VALIDATED_ACCESS_TOKEN, VALIDATED_ID_TOKEN

Fields inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

ACCESS_DENIED, ACCESS_TOKEN_EXPIRATION, FEDERATED_REFRESH_TOKEN, FEDERATED_TOKEN_EXPIRATION, mapper, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE, OAUTH2_GRANT_TYPE_REFRESH_TOKEN, OAUTH2_PARAMETER_ACCESS_TOKEN, OAUTH2_PARAMETER_CLIENT_ID, OAUTH2_PARAMETER_CLIENT_SECRET, OAUTH2_PARAMETER_CODE, OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_PARAMETER_REDIRECT_URI, OAUTH2_PARAMETER_RESPONSE_TYPE, OAUTH2_PARAMETER_SCOPE, OAUTH2_PARAMETER_STATE

Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

ACCOUNT_LINK_URL, BROKER_REGISTERED_NEW_USER, session, UPDATE_PROFILE_EMAIL_CHANGED, UPDATE_PROFILE_USERNAME_CHANGED

Fields inherited from interface org.keycloak.broker.provider.IdentityProvider

EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN

Constructor Summary

Constructors

Constructor	Description
KubernetesIdentityProvider(KeycloakSession session, KubernetesIdentityProviderConfig config, String globalJwksUrl)

Method Summary

Modifier and Type	Method	Description
void	authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
void	backchannelLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm)
Object	callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)	JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.
jakarta.ws.rs.core.Response	export(jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format)	Export a representation of the IdentityProvider in a specific format.
protected KeyWrapper	getIdentityProviderKeyWrapper(JWSInput jws)
IdentityProviderDataMarshaller	getMarshaller()	Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession
void	importNewUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)
jakarta.ws.rs.core.Response	keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm)	Called when a Keycloak application initiates a logout through the browser.
jakarta.ws.rs.core.Response	performLogin(AuthenticationRequest request)	Initiates the authentication process by sending an authentication request to an identity provider.
void	preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context)
jakarta.ws.rs.core.Response	retrieveToken(KeycloakSession session, FederatedIdentityModel identity)	Returns a Response containing the token previously stored during the authentication process for a specific user.
void	updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)

Methods inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider

backchannelLogout, createAuthorizationUrl, exchangeExternalTokenV1Impl, exchangeExternalTokenV2Impl, exchangeSessionToken, exchangeStoredToken, extractIdentity, extractIdentityFromProfile, getDefaultScopes, getFederatedIdentity, getProfileEndpointForValidation, getUserInfoUrl, getusernameClaimNameForIdToken, getUsernameFromUserInfo, isAuthTimeExpired, isIssuer, isTokenTypeSupported, parseTokenInput, processAccessTokenResponse, refreshTokenForLogout, reloadKeys, setEmailVerified, supportsExternalExchange, validateExternalTokenThroughUserInfo, validateJwt, validateToken, validateToken, verify, verifyClientAssertion

Methods inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

asJsonNode, authenticateTokenRequest, buildUserInfoRequest, doGetFederatedIdentity, exchangeExternal, exchangeExternalComplete, exchangeExternalUserInfoValidationOnly, exchangeFromToken, extractTokenFromResponse, generateToken, getAccessTokenResponseParameter, getConfig, getJsonProperty, getRefreshTokenRequest, getSignatureContext, hasExternalExchangeToken, sendTokenIntrospectionRequest, supportsLongStateParameter, validateExternalTokenWithIntrospectionEndpoint

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, getLinkingUrl, updateEmail

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.broker.provider.ExchangeExternalToken

exchangeExternal, exchangeExternalComplete

Methods inherited from interface org.keycloak.broker.provider.IdentityProvider

isMapperSupported

Constructor Details

KubernetesIdentityProvider

public KubernetesIdentityProvider(KeycloakSession session,
 KubernetesIdentityProviderConfig config,
 String globalJwksUrl)

Method Details

getIdentityProviderKeyWrapper

protected KeyWrapper getIdentityProviderKeyWrapper(JWSInput jws)

Overrides:

getIdentityProviderKeyWrapper in class OIDCIdentityProvider

preprocessFederatedIdentity

public void preprocessFederatedIdentity(KeycloakSession session,
 RealmModel realm,
 BrokeredIdentityContext context)

Specified by:

preprocessFederatedIdentity in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

preprocessFederatedIdentity in class OIDCIdentityProvider

authenticationFinished

public void authenticationFinished(AuthenticationSessionModel authSession,
 BrokeredIdentityContext context)

Specified by:

authenticationFinished in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

authenticationFinished in class OIDCIdentityProvider

importNewUser

public void importNewUser(KeycloakSession session,
 RealmModel realm,
 UserModel user,
 BrokeredIdentityContext context)

Specified by:

importNewUser in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

importNewUser in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

updateBrokeredUser

public void updateBrokeredUser(KeycloakSession session,
 RealmModel realm,
 UserModel user,
 BrokeredIdentityContext context)

Specified by:

updateBrokeredUser in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

updateBrokeredUser in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

callback

public Object callback(RealmModel realm,
 IdentityProvider.AuthenticationCallback callback,
 EventBuilder event)

Description copied from interface: IdentityProvider

JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.

Specified by:

callback in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

callback in class OIDCIdentityProvider

Returns:

performLogin

public jakarta.ws.rs.core.Response performLogin(AuthenticationRequest request)

Description copied from interface: IdentityProvider

Initiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.

Specified by:

performLogin in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

performLogin in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

Parameters:

request - The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.

Returns:

retrieveToken

public jakarta.ws.rs.core.Response retrieveToken(KeycloakSession session,
 FederatedIdentityModel identity)

Description copied from interface: IdentityProvider

Returns a Response containing the token previously stored during the authentication process for a specific user.

Specified by:

retrieveToken in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

retrieveToken in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

Returns:

backchannelLogout

public void backchannelLogout(KeycloakSession session,
 UserSessionModel userSession,
 jakarta.ws.rs.core.UriInfo uriInfo,
 RealmModel realm)

Specified by:

backchannelLogout in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

backchannelLogout in class OIDCIdentityProvider

keycloakInitiatedBrowserLogout

public jakarta.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session,
 UserSessionModel userSession,
 jakarta.ws.rs.core.UriInfo uriInfo,
 RealmModel realm)

Description copied from interface: IdentityProvider

Called when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP

Specified by:

keycloakInitiatedBrowserLogout in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

keycloakInitiatedBrowserLogout in class OIDCIdentityProvider

Returns:

null if this is not supported by this provider

export

public jakarta.ws.rs.core.Response export(jakarta.ws.rs.core.UriInfo uriInfo,
 RealmModel realm,
 String format)

Description copied from interface: IdentityProvider

Export a representation of the IdentityProvider in a specific format. For example, a SAML EntityDescriptor

Specified by:

export in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

export in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

Returns:

getMarshaller

public IdentityProviderDataMarshaller getMarshaller()

Description copied from interface: IdentityProvider

Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession

Specified by:

getMarshaller in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

getMarshaller in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

Returns: