Package org.keycloak.storage.ldap
Class LDAPStorageProvider
java.lang.Object
org.keycloak.storage.ldap.LDAPStorageProvider
- All Implemented Interfaces:
CredentialAuthentication,CredentialInputUpdater,CredentialInputValidator,Provider,ImportedUserValidation,UserLookupProvider,UserQueryMethodsProvider,UserRegistrationProvider,UserStorageProvider
public class LDAPStorageProvider
extends Object
implements UserStorageProvider, CredentialInputValidator, CredentialInputUpdater, CredentialAuthentication, UserLookupProvider, UserRegistrationProvider, UserQueryMethodsProvider, ImportedUserValidation
- Version:
- $Revision: 1 $
- Author:
- Marek Posolda, Bill Burke
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.keycloak.storage.UserStorageProvider
UserStorageProvider.EditMode -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected UserStorageProvider.EditModeprotected LDAPStorageProviderFactoryprotected LDAPProviderKerberosConfigprotected LDAPIdentityStoreprotected LDAPStorageMapperManagerprotected UserStorageProviderModelprotected KeycloakSessionprotected PasswordUpdateCallbackprotected LDAPStorageUserManager -
Constructor Summary
ConstructorsConstructorDescriptionLDAPStorageProvider(LDAPStorageProviderFactory factory, KeycloakSession session, ComponentModel model, LDAPIdentityStore ldapIdentityStore) -
Method Summary
Modifier and TypeMethodDescriptionaddUser(RealmModel realm, String username) authenticate(RealmModel realm, CredentialInput cred) voidclose()voiddisableCredentialType(RealmModel realm, UserModel user, String credentialType) protected UserModelfindOrCreateAuthenticatedUser(RealmModel realm, String username) Called after successful kerberos authenticationgetDisableableCredentialTypesStream(RealmModel realm, UserModel user) getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults) getModel()getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults) getUserByEmail(RealmModel realm, String email) getUserById(RealmModel realm, String id) getUserByUsername(RealmModel realm, String username) protected UserModelimportUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser) booleanisConfiguredFor(RealmModel realm, UserModel user, String credentialType) booleanisValid(RealmModel realm, UserModel user, CredentialInput input) protected LDAPObjectloadAndValidateUser(RealmModel realm, UserModel local) loadLDAPUserByUsername(RealmModel realm, String username) loadLDAPUserByUuid(RealmModel realm, String uuid) loadUsersByUsernames(List<String> usernames, RealmModel realm) voidpreRemove(RealmModel realm) voidpreRemove(RealmModel realm, GroupModel group) voidpreRemove(RealmModel realm, RoleModel role) protected UserModelproxy(RealmModel realm, UserModel local, LDAPObject ldapObject, boolean newUser) protected LDAPObjectqueryByEmail(RealmModel realm, String email) booleanremoveUser(RealmModel realm, UserModel user) searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue) searchForUserStream(RealmModel realm, Map<String, String> params, Integer firstResult, Integer maxResults) It supportsUserModel.FIRST_NAMEUserModel.LAST_NAMEUserModel.EMAILUserModel.USERNAMEOther fields are not supported.voidsetUpdater(PasswordUpdateCallback updater) booleanbooleansupportsCredentialType(String credentialType) booleanbooleanupdateCredential(RealmModel realm, UserModel user, CredentialInput input) validate(RealmModel realm, UserModel local) booleanvalidPassword(RealmModel realm, UserModel user, String password) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.storage.user.UserLookupProvider
getUserByCredentialMethods inherited from interface org.keycloak.storage.user.UserQueryMethodsProvider
getGroupMembersStream, getRoleMembersStream, searchForUserStream, searchForUserStream, searchForUserStream
-
Field Details
-
factory
-
session
-
model
-
ldapIdentityStore
-
editMode
-
kerberosConfig
-
updater
-
mapperManager
-
userManager
-
supportedCredentialTypes
-
-
Constructor Details
-
LDAPStorageProvider
public LDAPStorageProvider(LDAPStorageProviderFactory factory, KeycloakSession session, ComponentModel model, LDAPIdentityStore ldapIdentityStore)
-
-
Method Details
-
setUpdater
-
getSession
-
getLdapIdentityStore
-
getEditMode
-
getModel
-
getMapperManager
-
getUserManager
-
validate
- Specified by:
validatein interfaceImportedUserValidation
-
proxy
protected UserModel proxy(RealmModel realm, UserModel local, LDAPObject ldapObject, boolean newUser) -
supportsCredentialAuthenticationFor
- Specified by:
supportsCredentialAuthenticationForin interfaceCredentialAuthentication
-
searchForUserByUserAttributeStream
public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realm, String attrName, String attrValue) - Specified by:
searchForUserByUserAttributeStreamin interfaceUserQueryMethodsProvider
-
synchronizeRegistrations
public boolean synchronizeRegistrations() -
addUser
- Specified by:
addUserin interfaceUserRegistrationProvider
-
removeUser
- Specified by:
removeUserin interfaceUserRegistrationProvider
-
getUserById
- Specified by:
getUserByIdin interfaceUserLookupProvider
-
searchForUserStream
public Stream<UserModel> searchForUserStream(RealmModel realm, Map<String, String> params, Integer firstResult, Integer maxResults) It supports Other fields are not supported. The search for LDAP REST endpoints is done in the context of fields which are stored in LDAP (above).- Specified by:
searchForUserStreamin interfaceUserQueryMethodsProvider
-
getGroupMembersStream
public Stream<UserModel> getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults) - Specified by:
getGroupMembersStreamin interfaceUserQueryMethodsProvider
-
getRoleMembersStream
public Stream<UserModel> getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults) - Specified by:
getRoleMembersStreamin interfaceUserQueryMethodsProvider
-
loadUsersByUsernames
-
loadAndValidateUser
- Parameters:
local-- Returns:
- ldapUser corresponding to local user or null if user is no longer in LDAP
-
getUserByUsername
- Specified by:
getUserByUsernamein interfaceUserLookupProvider
-
importUserFromLDAP
protected UserModel importUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser) -
queryByEmail
-
getUserByEmail
- Specified by:
getUserByEmailin interfaceUserLookupProvider
-
preRemove
- Specified by:
preRemovein interfaceUserStorageProvider
-
preRemove
- Specified by:
preRemovein interfaceUserStorageProvider
-
preRemove
- Specified by:
preRemovein interfaceUserStorageProvider
-
validPassword
-
updateCredential
- Specified by:
updateCredentialin interfaceCredentialInputUpdater
-
disableCredentialType
- Specified by:
disableCredentialTypein interfaceCredentialInputUpdater
-
getDisableableCredentialTypesStream
- Specified by:
getDisableableCredentialTypesStreamin interfaceCredentialInputUpdater
-
getSupportedCredentialTypes
-
supportsCredentialType
- Specified by:
supportsCredentialTypein interfaceCredentialInputUpdater- Specified by:
supportsCredentialTypein interfaceCredentialInputValidator
-
isConfiguredFor
- Specified by:
isConfiguredForin interfaceCredentialInputValidator
-
isValid
- Specified by:
isValidin interfaceCredentialInputValidator
-
authenticate
- Specified by:
authenticatein interfaceCredentialAuthentication
-
close
public void close() -
findOrCreateAuthenticatedUser
Called after successful kerberos authentication- Parameters:
realm- realmusername- username without realm prefix- Returns:
- finded or newly created user
-
loadLDAPUserByUsername
-
loadLDAPUserByUuid
-