org.keycloak.storage.ldap

Class LDAPStorageProvider

java.lang.Object

org.keycloak.storage.ldap.LDAPStorageProvider

All Implemented Interfaces:

CredentialAuthentication, CredentialInputUpdater, CredentialInputUpdater.Streams, CredentialInputValidator, Provider, ImportedUserValidation, UserLookupProvider, UserQueryProvider, UserQueryProvider.Streams, UserRegistrationProvider, UserStorageProvider

public class LDAPStorageProvider
extends Object
implements UserStorageProvider, CredentialInputValidator, CredentialInputUpdater.Streams, CredentialAuthentication, UserLookupProvider, UserRegistrationProvider, UserQueryProvider.Streams, ImportedUserValidation

Version:

$Revision: 1 $

Author:

Marek Posolda, Bill Burke

Nested Class Summary

Nested classes/interfaces inherited from interface org.keycloak.storage.UserStorageProvider

UserStorageProvider.EditMode

Nested classes/interfaces inherited from interface org.keycloak.credential.CredentialInputUpdater

CredentialInputUpdater.Streams

Nested classes/interfaces inherited from interface org.keycloak.storage.user.UserQueryProvider

UserQueryProvider.Streams

Field Summary

Fields

Modifier and Type	Field and Description
protected UserStorageProvider.EditMode	editMode
protected LDAPStorageProviderFactory	factory
protected LDAPProviderKerberosConfig	kerberosConfig
protected LDAPIdentityStore	ldapIdentityStore
protected LDAPStorageMapperManager	mapperManager
protected UserStorageProviderModel	model
protected KeycloakSession	session
protected Set<String>	supportedCredentialTypes
protected PasswordUpdateCallback	updater
protected LDAPStorageUserManager	userManager

Constructor Summary

Constructors

Constructor and Description
LDAPStorageProvider(LDAPStorageProviderFactory factory, KeycloakSession session, ComponentModel model, LDAPIdentityStore ldapIdentityStore)

Method Summary

Modifier and Type	Method and Description
UserModel	addUser(RealmModel realm, String username)
CredentialValidationOutput	authenticate(RealmModel realm, CredentialInput cred)
void	close()
void	disableCredentialType(RealmModel realm, UserModel user, String credentialType)
protected UserModel	findOrCreateAuthenticatedUser(RealmModel realm, String username) Called after successful kerberos authentication
Stream<String>	getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
UserStorageProvider.EditMode	getEditMode()
Stream<UserModel>	getGroupMembersStream(RealmModel realm, GroupModel group)
Stream<UserModel>	getGroupMembersStream(RealmModel realm, GroupModel group, Integer firstResult, Integer maxResults)
LDAPIdentityStore	getLdapIdentityStore()
LDAPStorageMapperManager	getMapperManager()
UserStorageProviderModel	getModel()
Stream<UserModel>	getRoleMembersStream(RealmModel realm, RoleModel role)
Stream<UserModel>	getRoleMembersStream(RealmModel realm, RoleModel role, Integer firstResult, Integer maxResults)
KeycloakSession	getSession()
Set<String>	getSupportedCredentialTypes()
UserModel	getUserByEmail(String email, RealmModel realm)
UserModel	getUserById(String id, RealmModel realm)
UserModel	getUserByUsername(String username, RealmModel realm)
LDAPStorageUserManager	getUserManager()
int	getUsersCount(RealmModel realm)
Stream<UserModel>	getUsersStream(RealmModel realm)
Stream<UserModel>	getUsersStream(RealmModel realm, int firstResult, int maxResults)
protected UserModel	importUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser)
boolean	isConfiguredFor(RealmModel realm, UserModel user, String credentialType)
boolean	isValid(RealmModel realm, UserModel user, CredentialInput input)
protected LDAPObject	loadAndValidateUser(RealmModel realm, UserModel local)
LDAPObject	loadLDAPUserByUsername(RealmModel realm, String username)
List<UserModel>	loadUsersByUsernames(List<String> usernames, RealmModel realm)
void	preRemove(RealmModel realm)
void	preRemove(RealmModel realm, GroupModel group)
void	preRemove(RealmModel realm, RoleModel role)
protected UserModel	proxy(RealmModel realm, UserModel local, LDAPObject ldapObject, boolean newUser)
protected LDAPObject	queryByEmail(RealmModel realm, String email)
boolean	removeUser(RealmModel realm, UserModel user)
Stream<UserModel>	searchForUserByUserAttributeStream(String attrName, String attrValue, RealmModel realm)
Stream<UserModel>	searchForUserStream(Map<String,String> params, RealmModel realm)
Stream<UserModel>	searchForUserStream(Map<String,String> params, RealmModel realm, Integer firstResult, Integer maxResults)
Stream<UserModel>	searchForUserStream(String search, RealmModel realm)
Stream<UserModel>	searchForUserStream(String search, RealmModel realm, Integer firstResult, Integer maxResults)
protected List<LDAPObject>	searchLDAP(RealmModel realm, Map<String,String> attributes)
void	setUpdater(PasswordUpdateCallback updater)
boolean	supportsCredentialAuthenticationFor(String type)
boolean	supportsCredentialType(String credentialType)
boolean	synchronizeRegistrations()
boolean	updateCredential(RealmModel realm, UserModel user, CredentialInput input)
UserModel	validate(RealmModel realm, UserModel local)
boolean	validPassword(RealmModel realm, UserModel user, String password)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.credential.CredentialInputUpdater.Streams

getDisableableCredentialTypes

Methods inherited from interface org.keycloak.storage.user.UserQueryProvider.Streams

getGroupMembers, getGroupMembers, getUsers, getUsers, searchForUser, searchForUser, searchForUser, searchForUser, searchForUserByUserAttribute

Methods inherited from interface org.keycloak.storage.user.UserQueryProvider

countUsersInGroups, getRoleMembers, getRoleMembers, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount, getUsersCount

Field Detail

factory

protected LDAPStorageProviderFactory factory

session

protected KeycloakSession session

model

protected UserStorageProviderModel model

ldapIdentityStore

protected LDAPIdentityStore ldapIdentityStore

editMode

protected UserStorageProvider.EditMode editMode

kerberosConfig

protected LDAPProviderKerberosConfig kerberosConfig

updater

protected PasswordUpdateCallback updater

mapperManager

protected LDAPStorageMapperManager mapperManager

userManager

protected LDAPStorageUserManager userManager

supportedCredentialTypes

protected final Set<String> supportedCredentialTypes

Constructor Detail

LDAPStorageProvider

public LDAPStorageProvider(LDAPStorageProviderFactory factory,
                           KeycloakSession session,
                           ComponentModel model,
                           LDAPIdentityStore ldapIdentityStore)

Method Detail

setUpdater

public void setUpdater(PasswordUpdateCallback updater)

getSession

public KeycloakSession getSession()

getLdapIdentityStore

public LDAPIdentityStore getLdapIdentityStore()

getEditMode

public UserStorageProvider.EditMode getEditMode()

getModel

public UserStorageProviderModel getModel()

getMapperManager

public LDAPStorageMapperManager getMapperManager()

getUserManager

public LDAPStorageUserManager getUserManager()

validate

public UserModel validate(RealmModel realm,
                          UserModel local)

Specified by:

validate in interface ImportedUserValidation

proxy

protected UserModel proxy(RealmModel realm,
                          UserModel local,
                          LDAPObject ldapObject,
                          boolean newUser)

supportsCredentialAuthenticationFor

public boolean supportsCredentialAuthenticationFor(String type)

Specified by:

supportsCredentialAuthenticationFor in interface CredentialAuthentication

searchForUserByUserAttributeStream

public Stream<UserModel> searchForUserByUserAttributeStream(String attrName,
                                                            String attrValue,
                                                            RealmModel realm)

Specified by:

searchForUserByUserAttributeStream in interface UserQueryProvider

Specified by:

searchForUserByUserAttributeStream in interface UserQueryProvider.Streams

synchronizeRegistrations

public boolean synchronizeRegistrations()

addUser

public UserModel addUser(RealmModel realm,
                         String username)

Specified by:

addUser in interface UserRegistrationProvider

removeUser

public boolean removeUser(RealmModel realm,
                          UserModel user)

Specified by:

removeUser in interface UserRegistrationProvider

getUserById

public UserModel getUserById(String id,
                             RealmModel realm)

Specified by:

getUserById in interface UserLookupProvider

getUsersCount

public int getUsersCount(RealmModel realm)

Specified by:

getUsersCount in interface UserQueryProvider

getUsersStream

public Stream<UserModel> getUsersStream(RealmModel realm)

Specified by:

getUsersStream in interface UserQueryProvider

Specified by:

getUsersStream in interface UserQueryProvider.Streams

getUsersStream

public Stream<UserModel> getUsersStream(RealmModel realm,
                                        int firstResult,
                                        int maxResults)

Specified by:

getUsersStream in interface UserQueryProvider

Specified by:

getUsersStream in interface UserQueryProvider.Streams

searchForUserStream

public Stream<UserModel> searchForUserStream(String search,
                                             RealmModel realm)

Specified by:

searchForUserStream in interface UserQueryProvider

Specified by:

searchForUserStream in interface UserQueryProvider.Streams

searchForUserStream

public Stream<UserModel> searchForUserStream(String search,
                                             RealmModel realm,
                                             Integer firstResult,
                                             Integer maxResults)

Specified by:

searchForUserStream in interface UserQueryProvider

Specified by:

searchForUserStream in interface UserQueryProvider.Streams

searchForUserStream

public Stream<UserModel> searchForUserStream(Map<String,String> params,
                                             RealmModel realm)

Specified by:

searchForUserStream in interface UserQueryProvider

Specified by:

searchForUserStream in interface UserQueryProvider.Streams

searchForUserStream

public Stream<UserModel> searchForUserStream(Map<String,String> params,
                                             RealmModel realm,
                                             Integer firstResult,
                                             Integer maxResults)

Specified by:

searchForUserStream in interface UserQueryProvider

Specified by:

searchForUserStream in interface UserQueryProvider.Streams

getGroupMembersStream

public Stream<UserModel> getGroupMembersStream(RealmModel realm,
                                               GroupModel group)

Specified by:

getGroupMembersStream in interface UserQueryProvider

Specified by:

getGroupMembersStream in interface UserQueryProvider.Streams

getGroupMembersStream

public Stream<UserModel> getGroupMembersStream(RealmModel realm,
                                               GroupModel group,
                                               Integer firstResult,
                                               Integer maxResults)

Specified by:

getGroupMembersStream in interface UserQueryProvider

Specified by:

getGroupMembersStream in interface UserQueryProvider.Streams

getRoleMembersStream

public Stream<UserModel> getRoleMembersStream(RealmModel realm,
                                              RoleModel role)

Specified by:

getRoleMembersStream in interface UserQueryProvider

getRoleMembersStream

public Stream<UserModel> getRoleMembersStream(RealmModel realm,
                                              RoleModel role,
                                              Integer firstResult,
                                              Integer maxResults)

Specified by:

getRoleMembersStream in interface UserQueryProvider

loadUsersByUsernames

public List<UserModel> loadUsersByUsernames(List<String> usernames,
                                            RealmModel realm)

searchLDAP

protected List<LDAPObject> searchLDAP(RealmModel realm,
                                      Map<String,String> attributes)

loadAndValidateUser

protected LDAPObject loadAndValidateUser(RealmModel realm,
                                         UserModel local)

Parameters:

local -

Returns:

ldapUser corresponding to local user or null if user is no longer in LDAP

getUserByUsername

public UserModel getUserByUsername(String username,
                                   RealmModel realm)

Specified by:

getUserByUsername in interface UserLookupProvider

importUserFromLDAP

protected UserModel importUserFromLDAP(KeycloakSession session,
                                       RealmModel realm,
                                       LDAPObject ldapUser)

queryByEmail

protected LDAPObject queryByEmail(RealmModel realm,
                                  String email)

getUserByEmail

public UserModel getUserByEmail(String email,
                                RealmModel realm)

Specified by:

getUserByEmail in interface UserLookupProvider

preRemove

public void preRemove(RealmModel realm)

Specified by:

preRemove in interface UserStorageProvider

preRemove

public void preRemove(RealmModel realm,
                      RoleModel role)

Specified by:

preRemove in interface UserStorageProvider

preRemove

public void preRemove(RealmModel realm,
                      GroupModel group)

Specified by:

preRemove in interface UserStorageProvider

validPassword

public boolean validPassword(RealmModel realm,
                             UserModel user,
                             String password)

updateCredential

public boolean updateCredential(RealmModel realm,
                                UserModel user,
                                CredentialInput input)

Specified by:

updateCredential in interface CredentialInputUpdater

disableCredentialType

public void disableCredentialType(RealmModel realm,
                                  UserModel user,
                                  String credentialType)

Specified by:

disableCredentialType in interface CredentialInputUpdater

getDisableableCredentialTypesStream

public Stream<String> getDisableableCredentialTypesStream(RealmModel realm,
                                                          UserModel user)

Specified by:

getDisableableCredentialTypesStream in interface CredentialInputUpdater

Specified by:

getDisableableCredentialTypesStream in interface CredentialInputUpdater.Streams

getSupportedCredentialTypes

public Set<String> getSupportedCredentialTypes()

supportsCredentialType

public boolean supportsCredentialType(String credentialType)

Specified by:

supportsCredentialType in interface CredentialInputUpdater

Specified by:

supportsCredentialType in interface CredentialInputValidator

isConfiguredFor

public boolean isConfiguredFor(RealmModel realm,
                               UserModel user,
                               String credentialType)

Specified by:

isConfiguredFor in interface CredentialInputValidator

isValid

public boolean isValid(RealmModel realm,
                       UserModel user,
                       CredentialInput input)

Specified by:

isValid in interface CredentialInputValidator

authenticate

public CredentialValidationOutput authenticate(RealmModel realm,
                                               CredentialInput cred)

Specified by:

authenticate in interface CredentialAuthentication

close

public void close()

Specified by:

close in interface Provider

findOrCreateAuthenticatedUser

protected UserModel findOrCreateAuthenticatedUser(RealmModel realm,
                                                  String username)

Called after successful kerberos authentication

Parameters:

realm - realm

username - username without realm prefix

Returns:

finded or newly created user

loadLDAPUserByUsername

public LDAPObject loadLDAPUserByUsername(RealmModel realm,
                                         String username)