Package org.keycloak.storage.ldap.mappers

Interface LDAPStorageMapper

All Superinterfaces:
Provider
All Known Subinterfaces:
CommonLDAPGroupMapper
All Known Implementing Classes:
AbstractLDAPStorageMapper, CertificateLDAPStorageMapper, FullNameLDAPStorageMapper, GroupLDAPStorageMapper, HardcodedAttributeMapper, HardcodedLDAPAttributeMapper, HardcodedLDAPGroupStorageMapper, HardcodedLDAPRoleStorageMapper, KerberosPrincipalAttributeMapper, MSADLDSUserAccountControlStorageMapper, MSADUserAccountControlStorageMapper, RoleLDAPStorageMapper, UserAttributeLDAPStorageMapper
public interface LDAPStorageMapper extends Provider
Author:
Marek Posolda

  • Method Details

    • syncDataFromFederationProviderToKeycloak

      SynchronizationResult syncDataFromFederationProviderToKeycloak(RealmModel realm)
      Sync data from federated storage to Keycloak. It's useful just if mapper needs some data preloaded from federated storage (For example load roles from federated provider and sync them to Keycloak database) Applicable just if sync is supported

    • syncDataFromKeycloakToFederationProvider

      SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm)
      Sync data from Keycloak back to federated storage

    • getGroupMembers

      List<UserModel> getGroupMembers(RealmModel realm, GroupModel group, int firstResult, int maxResults)
      Return empty list if doesn't support storing of groups

    • getRoleMembers

      List<UserModel> getRoleMembers(RealmModel realm, RoleModel role, int firstResult, int maxResults)
      Return empty list if doesn't support storing of roles
      Parameters:
      realm -
      role -
      firstResult -
      maxResults -
      Returns:

    • onImportUserFromLDAP

      void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)
      Called when importing user from LDAP to local keycloak DB.
      Parameters:
      ldapUser -
      user -
      realm -
      isCreate - true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP

    • onRegisterUserToLDAP

      void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)
      Called when register new user to LDAP - just after user was created in Keycloak DB
      Parameters:
      ldapUser -
      localUser -
      realm -

    • mandatoryAttributeNames

      Set<String> mandatoryAttributeNames()
      Method that returns the mandatory attributes that this mapper imposes on the entry.
      Returns:
      The list of mandatory attributes or null

    • getUserAttributes

      Set<String> getUserAttributes()
      Method that returns user model attributes, which this mapper maps to Keycloak users
      Returns:
      user model attributes. Returns empty set if not user attributes provided by this mapper. Never returns null.

    • proxy

      UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)
      Called when invoke proxy on LDAP federation provider
      Parameters:
      ldapUser -
      delegate -
      realm -
      Returns:

    • beforeLDAPQuery

      void beforeLDAPQuery(LDAPQuery query)
      Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)
      Parameters:
      query -

    • onAuthenticationFailure

      boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm)
      Called when LDAP authentication of specified user fails. If any mapper returns true from this method, AuthenticationException won't be rethrown!
      Parameters:
      user -
      ldapUser -
      ldapException -
      Returns:
      true if mapper processed the AuthenticationException and did some actions based on that. In that case, AuthenticationException won't be rethrown!

    • getLdapProvider

      LDAPStorageProvider getLdapProvider()
      Gets the ldap provider associated to the mapper.
      Returns: