Package org.keycloak.forms.login.freemarker.model

Class IdentityProviderBean

java.lang.Object

org.keycloak.forms.login.freemarker.model.IdentityProviderBean

Direct Known Subclasses:

OrganizationAwareIdentityProviderBean

public class IdentityProviderBean
extends Object

Author:

Stian Thorgersen, Vlastimil Elias (velias at redhat dot com)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	IdentityProviderBean.IdentityProvider

Field Summary

Fields

Modifier and Type	Field	Description
protected URI	baseURI
protected AuthenticationFlowContext	context
static OrderedModel.OrderedModelComparator<IdentityProviderBean.IdentityProvider>	IDP_COMPARATOR_INSTANCE
protected List<IdentityProviderBean.IdentityProvider>	providers
protected RealmModel	realm
protected KeycloakSession	session

Constructor Summary

Constructors

Constructor	Description
IdentityProviderBean(KeycloakSession session, RealmModel realm, URI baseURI, AuthenticationFlowContext context)

Method Summary

Modifier and Type	Method	Description
protected IdentityProviderBean.IdentityProvider	createIdentityProvider(RealmModel realm, URI baseURI, IdentityProviderModel identityProvider)	Creates an IdentityProviderBean.IdentityProvider instance from the specified IdentityProviderModel.
protected Predicate<IdentityProviderModel>	federatedProviderPredicate()	Returns a predicate that can filter out IDPs associated with the current user's federated identities before those are converted into IdentityProviderBean.IdentityProviders.
URI	getBaseURI()
protected String	getExistingIDP(KeycloakSession session, AuthenticationFlowContext context)	Checks if an IDP is being connected to the user's account.
protected List<IdentityProviderBean.IdentityProvider>	getFederatedIdentityProviders(Set<String> federatedProviders, String existingIDP)	Builds and returns a list of IdentityProviderBean.IdentityProvider instances from the specified set of federated IDPs.
AuthenticationFlowContext	getFlowContext()
protected Set<String>	getLinkedBrokerAliases(KeycloakSession session, RealmModel realm, AuthenticationFlowContext context)	Returns the list of IDPs linked with the user's federated identities, if any.
List<IdentityProviderBean.IdentityProvider>	getProviders()
RealmModel	getRealm()
KeycloakSession	getSession()
protected List<IdentityProviderBean.IdentityProvider>	searchForIdentityProviders(String existingIDP)	Builds and returns a list of IdentityProviderBean.IdentityProvider instances that will be available for login.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

IDP_COMPARATOR_INSTANCE

public static OrderedModel.OrderedModelComparator<IdentityProviderBean.IdentityProvider> IDP_COMPARATOR_INSTANCE

context

protected AuthenticationFlowContext context

providers

protected List<IdentityProviderBean.IdentityProvider> providers

session

protected KeycloakSession session

realm

protected RealmModel realm

baseURI

protected URI baseURI

Constructor Details

IdentityProviderBean

public IdentityProviderBean(KeycloakSession session,
 RealmModel realm,
 URI baseURI,
 AuthenticationFlowContext context)

Method Details

getProviders

public List<IdentityProviderBean.IdentityProvider> getProviders()

getSession

public KeycloakSession getSession()

getRealm

public RealmModel getRealm()

getBaseURI

public URI getBaseURI()

getFlowContext

public AuthenticationFlowContext getFlowContext()

createIdentityProvider

protected IdentityProviderBean.IdentityProvider createIdentityProvider(RealmModel realm,
 URI baseURI,
 IdentityProviderModel identityProvider)

Creates an IdentityProviderBean.IdentityProvider instance from the specified IdentityProviderModel.

Parameters:

realm - a reference to the realm.

baseURI - the base URI.

identityProvider - the IdentityProviderModel from which the freemarker IdentityProviderBean.IdentityProvider is to be built.

Returns:

the constructed IdentityProviderBean.IdentityProvider.

getExistingIDP

protected String getExistingIDP(KeycloakSession session,
 AuthenticationFlowContext context)

Checks if an IDP is being connected to the user's account. In this case the currentUser is null and the current flow is the FIRST_BROKER_LOGIN_PATH, so we should retrieve the IDP they used for login and filter it out of the list of IDPs that are available for login. (GHI #14173).

Parameters:

session - a reference to the KeycloakSession.

context - a reference to the AuthenticationFlowContext.

Returns:

the alias of the IDP used for login before linking a new IDP to the user's account (if any).

getLinkedBrokerAliases

protected Set<String> getLinkedBrokerAliases(KeycloakSession session,
 RealmModel realm,
 AuthenticationFlowContext context)

Returns the list of IDPs linked with the user's federated identities, if any. In case these IDPs exist, the login page should show only the IDPs already linked to the user. Returning null indicates that all public enabled IDPs should be available.

Returning an empty set essentially narrows the list of available IDPs to zero, so no IDPs will be shown for login.

Parameters:

session - a reference to the KeycloakSession.

realm - a reference to the realm.

context - a reference to the AuthenticationFlowContext.

Returns:

a Set containing the aliases of the IDPs that should be available for login. An empty set indicates that no IDPs should be available.

getFederatedIdentityProviders

protected List<IdentityProviderBean.IdentityProvider> getFederatedIdentityProviders(Set<String> federatedProviders,
 String existingIDP)

Builds and returns a list of IdentityProviderBean.IdentityProvider instances from the specified set of federated IDPs. The IDPs must be enabled, not link-only, and not set to be hidden on login page. If any IDP has an alias that matches the existingIDP parameter, it must be filtered out.

Parameters:

federatedProviders - a Set containing the aliases of the federated IDPs that should be considered for login.

existingIDP - the alias of the IDP that must be filtered out from the result (used when linking a new IDP to a user's account).

Returns:

a List containing the constructed IdentityProviderBean.IdentityProviders.

federatedProviderPredicate

protected Predicate<IdentityProviderModel> federatedProviderPredicate()

Returns a predicate that can filter out IDPs associated with the current user's federated identities before those are converted into IdentityProviderBean.IdentityProviders. Subclasses may use this as a way to further refine the IDPs that are to be returned.

Returns:

the custom Predicate used as a last filter before conversion into IdentityProviderBean.IdentityProvider

searchForIdentityProviders

protected List<IdentityProviderBean.IdentityProvider> searchForIdentityProviders(String existingIDP)

Builds and returns a list of IdentityProviderBean.IdentityProvider instances that will be available for login. This method goes to the IdentityProviderStorageProvider to fetch the IDPs that can be used for login (enabled, not link-only and not set to be hidden on login page).

Parameters:

existingIDP - the alias of the IDP that must be filtered out from the result (used when linking a new IDP to a user's account).

Returns:

a List containing the constructed IdentityProviderBean.IdentityProviders.