Package org.keycloak.credential
Class WebAuthnCredentialProvider
java.lang.Object
org.keycloak.credential.WebAuthnCredentialProvider
- All Implemented Interfaces:
CredentialInputValidator,CredentialProvider<WebAuthnCredentialModel>,Provider
- Direct Known Subclasses:
WebAuthnPasswordlessCredentialProvider
public class WebAuthnCredentialProvider
extends Object
implements CredentialProvider<WebAuthnCredentialModel>, CredentialInputValidator
Credential provider for WebAuthn 2-factor credential of the user
-
Constructor Summary
ConstructorsConstructorDescriptionWebAuthnCredentialProvider(KeycloakSession session, WebAuthnMetadataService metadataService, com.webauthn4j.converter.util.ObjectConverter objectConverter) -
Method Summary
Modifier and TypeMethodDescriptioncreateCredential(RealmModel realm, UserModel user, WebAuthnCredentialModel credentialModel) booleandeleteCredential(RealmModel realm, UserModel user, String credentialId) voiddumpCredentialModel(WebAuthnCredentialModel credential, WebAuthnCredentialModelInput auth) Get the credential (usually stored credential retrieved from the DB) and decorates it with additional metadata to be present for example in the admin console.getCredentialMetadata(WebAuthnCredentialModel credentialModel, CredentialTypeMetadata credentialTypeMetadata) getCredentialModelFromCredentialInput(CredentialInput input, String userLabel) Convert WebAuthn credential input to the model, which can be saved in the persistent storage (DB)getCredentialTypeMetadata(CredentialTypeMetadataContext metadataContext) protected KeycloakSessiongetType()protected com.webauthn4j.WebAuthnAuthenticationManagerprotected WebAuthnPolicybooleanisConfiguredFor(RealmModel realm, UserModel user, String credentialType) booleanisValid(RealmModel realm, UserModel user, CredentialInput input) Tests whether a credential is validbooleansupportsCredentialType(String credentialType) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.credential.CredentialProvider
close, getDefaultCredential, supportsCredentialType
-
Constructor Details
-
WebAuthnCredentialProvider
public WebAuthnCredentialProvider(KeycloakSession session, WebAuthnMetadataService metadataService, com.webauthn4j.converter.util.ObjectConverter objectConverter)
-
-
Method Details
-
createCredential
public CredentialModel createCredential(RealmModel realm, UserModel user, WebAuthnCredentialModel credentialModel) - Specified by:
createCredentialin interfaceCredentialProvider<WebAuthnCredentialModel>
-
deleteCredential
- Specified by:
deleteCredentialin interfaceCredentialProvider<WebAuthnCredentialModel>
-
getCredentialFromModel
- Specified by:
getCredentialFromModelin interfaceCredentialProvider<WebAuthnCredentialModel>
-
getCredentialForPresentationFromModel
Description copied from interface:CredentialProviderGet the credential (usually stored credential retrieved from the DB) and decorates it with additional metadata to be present for example in the admin console. Those additional metadata could be various metadata, which are not saved in the DB, but can be retrieved from saved data to be presented to admins/users in the nice way (For example display "authenticator Provider" for WebAuthn credential based on the AAGUID of WebAuthn credential)- Specified by:
getCredentialForPresentationFromModelin interfaceCredentialProvider<WebAuthnCredentialModel>- Parameters:
model- stored credential retrieved from the DB- Returns:
- credential model useful for the presentation (not necessarily only stored data, but possibly some other metadata added)
-
getCredentialModelFromCredentialInput
public WebAuthnCredentialModel getCredentialModelFromCredentialInput(CredentialInput input, String userLabel) Convert WebAuthn credential input to the model, which can be saved in the persistent storage (DB)- Parameters:
input- should be typically WebAuthnCredentialModelInputuserLabel- label for the credential
-
supportsCredentialType
- Specified by:
supportsCredentialTypein interfaceCredentialInputValidator- Specified by:
supportsCredentialTypein interfaceCredentialProvider<WebAuthnCredentialModel>
-
isConfiguredFor
- Specified by:
isConfiguredForin interfaceCredentialInputValidator
-
isValid
Description copied from interface:CredentialInputValidatorTests whether a credential is valid- Specified by:
isValidin interfaceCredentialInputValidator- Parameters:
realm- The realm in which to which the credential belongs touser- The user for which to test the credentialinput- the credential details to verify- Returns:
- true if the passed secret is correct
-
getWebAuthnAuthenticationManager
protected com.webauthn4j.WebAuthnAuthenticationManager getWebAuthnAuthenticationManager() -
getWebAuthnPolicy
-
getType
- Specified by:
getTypein interfaceCredentialProvider<WebAuthnCredentialModel>
-
dumpCredentialModel
public void dumpCredentialModel(WebAuthnCredentialModel credential, WebAuthnCredentialModelInput auth) -
getCredentialTypeMetadata
public CredentialTypeMetadata getCredentialTypeMetadata(CredentialTypeMetadataContext metadataContext) - Specified by:
getCredentialTypeMetadatain interfaceCredentialProvider<WebAuthnCredentialModel>
-
getKeycloakSession
-
getCredentialMetadata
public CredentialMetadata getCredentialMetadata(WebAuthnCredentialModel credentialModel, CredentialTypeMetadata credentialTypeMetadata) - Specified by:
getCredentialMetadatain interfaceCredentialProvider<WebAuthnCredentialModel>
-