Package org.keycloak.broker.provider

Class AbstractIdentityProvider<C extends IdentityProviderModel>

java.lang.Object

org.keycloak.broker.provider.AbstractIdentityProvider<C>

All Implemented Interfaces:

IdentityProvider<C>, UserAuthenticationIdentityProvider<C>, Provider

Direct Known Subclasses:

AbstractOAuth2IdentityProvider, SAMLIdentityProvider, TwitterIdentityProvider

public abstract class AbstractIdentityProvider<C extends IdentityProviderModel>
extends Object
implements UserAuthenticationIdentityProvider<C>

Author:

Pedro Igor

Nested Class Summary

Nested classes/interfaces inherited from interface org.keycloak.broker.provider.UserAuthenticationIdentityProvider

UserAuthenticationIdentityProvider.AuthenticationCallback

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ACCOUNT_LINK_URL
static final String	BROKER_REGISTERED_NEW_USER
protected static final org.jboss.logging.Logger	logger
protected final KeycloakSession	session
static final String	UPDATE_PROFILE_EMAIL_CHANGED
static final String	UPDATE_PROFILE_USERNAME_CHANGED

Fields inherited from interface org.keycloak.broker.provider.UserAuthenticationIdentityProvider

EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN

Constructor Summary

Constructors

Constructor	Description
AbstractIdentityProvider(KeycloakSession session, C config)

Method Summary

Modifier and Type	Method	Description
void	authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
void	backchannelLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm)
Object	callback(RealmModel realm, UserAuthenticationIdentityProvider.AuthenticationCallback callback, EventBuilder event)	JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.
void	close()
protected jakarta.ws.rs.core.Response	exchangeErrorResponse(jakarta.ws.rs.core.UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, String errorCode, String reason)
jakarta.ws.rs.core.Response	exchangeNotLinked(jakarta.ws.rs.core.UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
jakarta.ws.rs.core.Response	exchangeNotLinkedNoStore(jakarta.ws.rs.core.UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
jakarta.ws.rs.core.Response	exchangeNotSupported()
jakarta.ws.rs.core.Response	exchangeTokenExpired(jakarta.ws.rs.core.UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession, UserModel tokenSubject)
jakarta.ws.rs.core.Response	exchangeUnsupportedRequiredType()
C	getConfig()
protected String	getLinkingUrl(jakarta.ws.rs.core.UriInfo uriInfo, ClientModel authorizedClient, UserSessionModel tokenUserSession)
IdentityProviderDataMarshaller	getMarshaller()	Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession
void	importNewUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)
jakarta.ws.rs.core.Response	keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm)	Called when a Keycloak application initiates a logout through the browser.
jakarta.ws.rs.core.Response	performLogin(AuthenticationRequest request)	Initiates the authentication process by sending an authentication request to an identity provider.
void	preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context)
protected void	setEmailVerified(UserModel user, BrokeredIdentityContext context)
void	updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)
protected void	updateEmail(UserModel user, BrokeredIdentityContext context)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.broker.provider.IdentityProvider

export, isMapperSupported, reloadKeys

Methods inherited from interface org.keycloak.broker.provider.UserAuthenticationIdentityProvider

retrieveToken, supportsLongStateParameter

Field Details

logger

protected static final org.jboss.logging.Logger logger

UPDATE_PROFILE_EMAIL_CHANGED

public static final String UPDATE_PROFILE_EMAIL_CHANGED

See Also:

• Constant Field Values

UPDATE_PROFILE_USERNAME_CHANGED

public static final String UPDATE_PROFILE_USERNAME_CHANGED

See Also:

• Constant Field Values

BROKER_REGISTERED_NEW_USER

public static final String BROKER_REGISTERED_NEW_USER

See Also:

• Constant Field Values

ACCOUNT_LINK_URL

public static final String ACCOUNT_LINK_URL

See Also:

• Constant Field Values

session

protected final KeycloakSession session

Constructor Details

AbstractIdentityProvider

public AbstractIdentityProvider(KeycloakSession session,
 C config)

Method Details

getConfig

public C getConfig()

Specified by:

getConfig in interface IdentityProvider<C extends IdentityProviderModel>

close

public void close()

Specified by:

close in interface Provider

callback

public Object callback(RealmModel realm,
 UserAuthenticationIdentityProvider.AuthenticationCallback callback,
 EventBuilder event)

Description copied from interface: UserAuthenticationIdentityProvider

JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.

Specified by:

callback in interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>

Returns:

performLogin

public jakarta.ws.rs.core.Response performLogin(AuthenticationRequest request)

Description copied from interface: UserAuthenticationIdentityProvider

Initiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.

Specified by:

performLogin in interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>

Parameters:

request - The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.

Returns:

keycloakInitiatedBrowserLogout

public jakarta.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session,
 UserSessionModel userSession,
 jakarta.ws.rs.core.UriInfo uriInfo,
 RealmModel realm)

Description copied from interface: UserAuthenticationIdentityProvider

Called when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP

Specified by:

keycloakInitiatedBrowserLogout in interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>

Returns:

null if this is not supported by this provider

backchannelLogout

public void backchannelLogout(KeycloakSession session,
 UserSessionModel userSession,
 jakarta.ws.rs.core.UriInfo uriInfo,
 RealmModel realm)

Specified by:

backchannelLogout in interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>

exchangeNotSupported

public jakarta.ws.rs.core.Response exchangeNotSupported()

exchangeNotLinked

public jakarta.ws.rs.core.Response exchangeNotLinked(jakarta.ws.rs.core.UriInfo uriInfo,
 ClientModel authorizedClient,
 UserSessionModel tokenUserSession,
 UserModel tokenSubject)

exchangeNotLinkedNoStore

public jakarta.ws.rs.core.Response exchangeNotLinkedNoStore(jakarta.ws.rs.core.UriInfo uriInfo,
 ClientModel authorizedClient,
 UserSessionModel tokenUserSession,
 UserModel tokenSubject)

exchangeErrorResponse

protected jakarta.ws.rs.core.Response exchangeErrorResponse(jakarta.ws.rs.core.UriInfo uriInfo,
 ClientModel authorizedClient,
 UserSessionModel tokenUserSession,
 String errorCode,
 String reason)

getLinkingUrl

protected String getLinkingUrl(jakarta.ws.rs.core.UriInfo uriInfo,
 ClientModel authorizedClient,
 UserSessionModel tokenUserSession)

exchangeTokenExpired

public jakarta.ws.rs.core.Response exchangeTokenExpired(jakarta.ws.rs.core.UriInfo uriInfo,
 ClientModel authorizedClient,
 UserSessionModel tokenUserSession,
 UserModel tokenSubject)

exchangeUnsupportedRequiredType

public jakarta.ws.rs.core.Response exchangeUnsupportedRequiredType()

authenticationFinished

public void authenticationFinished(AuthenticationSessionModel authSession,
 BrokeredIdentityContext context)

Specified by:

authenticationFinished in interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>

preprocessFederatedIdentity

public void preprocessFederatedIdentity(KeycloakSession session,
 RealmModel realm,
 BrokeredIdentityContext context)

Specified by:

preprocessFederatedIdentity in interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>

importNewUser

public void importNewUser(KeycloakSession session,
 RealmModel realm,
 UserModel user,
 BrokeredIdentityContext context)

Specified by:

importNewUser in interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>

updateBrokeredUser

public void updateBrokeredUser(KeycloakSession session,
 RealmModel realm,
 UserModel user,
 BrokeredIdentityContext context)

Specified by:

updateBrokeredUser in interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>

updateEmail

protected void updateEmail(UserModel user,
 BrokeredIdentityContext context)

setEmailVerified

protected void setEmailVerified(UserModel user,
 BrokeredIdentityContext context)

getMarshaller

public IdentityProviderDataMarshaller getMarshaller()

Description copied from interface: UserAuthenticationIdentityProvider

Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession

Specified by:

getMarshaller in interface UserAuthenticationIdentityProvider<C extends IdentityProviderModel>

Returns: