All Classes and Interfaces
Class
Description
AbstractClientPolicyConditionProvider<CONFIG extends ClientPolicyConditionConfigurationRepresentation>
Abstract base class for updating a single reference (specified via a single config property).
Abstract class for number validator.
Base class for arbitrary value type validators.
Base class for String value format validators.
Enum for actions taken by PartialImport.
Ancestor for a provider factory for both a standalone
ProviderFactory
and a ComponentFactory
.A criteria that matches a property based on its annotations
Provides a way to create and resolve artifacts for SAML Artifact binding
Exception to indicate a configuration error in
ArtifactResolver
.A factory that creates
ArtifactResolver
instances.Exception to indicate a processing error in
ArtifactResolver
.Interface of the user profile attribute change listener.
Configuration of the attribute group.
Holds attributes, their values and provides utlity methods to manage them.
This interface wraps the attributes associated with a user profile.
Holds an attribute and its values, providing useful methods for obtaining and formatting values.
Callback to be triggered during various lifecycle events of authentication flow.
Factory to create
AuthenticationFlowCallback
instances.This interface encapsulates information about an execution in an AuthenticationFlow.
Set of error codes that can be thrown by an Authenticator, FormAuthenticator, or FormAction
Throw this exception from an Authenticator, FormAuthenticator, or FormAction if you want to completely abort the flow.
This interface is for users that want to add custom authenticators to an authentication flow.
Factory for creating Authenticator instances.
The main contract here is the creation of
PermissionEvaluator
instances.Checks a password against a configured password blacklist.
Creates
BlacklistPasswordPolicyProvider
instances.A
BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist
uses password-blacklist files as
to construct a BlacklistPasswordPolicyProviderFactory.PasswordBlacklist
.A
BlacklistPasswordPolicyProviderFactory.PasswordBlacklist
describes a list of too easy to guess
or potentially leaked passwords that users should not be able to use.Represents all identity information obtained from an
IdentityProvider
after a
successful authentication.Cached authorization model classes will implement this interface.
Encapsulates information about the execution in ClientAuthenticationFlow
This interface is for users that want to add custom client authenticators to an authentication flow.
Factory for creating ClientAuthenticator instances.
TODO: remove this class entirely?
Provides a template/sample client config adapter file.
This condition determines to which client a client policy is adopted.
This executor specifies what action is executed on the client to which a client policy is adopted.
Task to be executed on all cluster nodes once it's notified.
Deprecated.
This is only available when the legacy store is enabled.
Event listener which synchronizes mapper configs, when references change.
Interface for updating references in mapper configs, when references (like group path) change.
used to set an execution a state based on type.
The default implementation for
Attributes
.The default implementation for generating/formatting user code of OAuth 2.0 Device Authorization Grant.
The default implementation for
UserProfile
.Allows to CRUD for configurations (like Authenticator configs).
Allows to register "deployed configurations", which are retrieved in runtime from deployed providers and hence are not saved in the DB
Validate input being any kind of
Number
.Email format validation - accepts plain string and collection of strings, for basic behavior like null/blank values
handling and collections support see
AbstractStringValidator
.Providers that are only supported in some environments can implement this interface to be able to determine if they
should be available or not.
Wraps a
ScriptModel
so it can be evaluated with custom bindings.An
Evaluation
is mainly used by PolicyProvider
in order to evaluate a single
and specific ResourcePermission
against the configured policies.This interface serves as a bridge between the policy evaluation runtime and the environment in which it is running.
A factory for the different
PermissionEvaluator
implementations.Use to unwrap exceptions specifically if there is an exception at JTA commit
Exchange a token crafted by this provider for a local realm token.
This adapter allows the exporter to act independent of APIs used to serve the exported data to the caller.
Custom consumer that is allowed to throw an
IOException
as writing to an output stream might do this.Manage importing and updating of realms for the legacy store.
Status of an execution/authenticator in a Authentication Flow
Thrown internally when authenticator wants to fork the current flow.
Fine grain processing of a form.
Factory for instantiating FormAction objects.
This class is responsible for rendering a form.
Factory for instantiating FormAuthenticators.
Interface that encapsulates the current state of the current form being executed
Message (eg.
Updates a group reference in a mapper config, when the path of a group changes.
Represents a security identity, which can be a person or non-person entity that was previously authenticated.
Encapsulates parsing logic related to state passed to identity provider in "state" (or RelayState) parameter
Session note metadata for impersonation details stored in user session notes.
Deprecated.
Wraps a
ScriptModel
and makes it Invocable
.Utility methods for manipulating JSON objects.
JTA TransactionManager lookup
Set of helper methods, which are useful in various model implementations.
Event for notifying legacy store, so it can do migrations on the representation as needed.
Event for notifying legacy store about the need to reconfigure user providers
sychronization.
String value length validation - accepts plain string and collection of strings, for basic behavior like null/blank
values handling and collections support see
AbstractStringValidator
.A date validator that only takes into account the format associated with the current locale.
This exception is thrown when acquiring a lock times out.
This flags the session that all information loaded from the stores should be locked as the service layer
plans to modify it.
A Service Provider Interface (SPI) that allows to plug-in a cache manager instance.
Enum with types of messages.
Various common utils needed for migration from older version to newer
A criteria that matches a property based on name
Validate that value exists and is not empty nor blank.
A
PasswordPolicyProvider
which does not allow to use the current email as password.Check that input value is not empty.
Hacked extension to UserSessionModel so that user id can be obtain directly so
Callback for component creation.
Callback for component update.
Validation against list of allowed values - accepts plain string and collection of strings (every value is validated against allowed values), for basic behavior like null/blank
values handling and collections support see
AbstractStringValidator
.Deprecated.
This class represents a single result for a resource imported.
Aggregates all the PartialImportResult objects.
Validate String against configured RegEx pattern - accepts plain string and collection of strings, for basic behavior
like null/blank values handling and collections support see
AbstractStringValidator
.PBKDF2 Password Hash provider with HMAC using SHA256
Provider factory for SHA512 variant of the PBKDF2 password hash algorithm.
An
PermissionEvaluator
represents a source of ResourcePermission
, responsible for emitting these permissions
to a consumer in order to evaluate the authorization policies based on a EvaluationContext
.A
PermissionTicketStore
is responsible to manage the persistence of PermissionTicket
instances.Represents an authorization policy and all the configuration associated with it.
A
PolicyEvaluator
evaluates authorization policies based on a given ResourcePermission
, sending
the results to a Decision
point through the methods defined in that interface.A
PolicyStore
is responsible to manage the persistence of Policy
instances.Executed at startup after model migration is finished
Utility class for working with JavaBean style properties
A representation of a JavaBean style property
A property criteria can be used to filter the properties found by a
PropertyQuery
Utilities for working with property queries
Queries a target class for properties that match certain criteria.
This interface provides methods to query information from a realm.
A sub-resource instances for paths relative
to Realm's RESTful API that could not be resolved by the server.
RealmResourceProvider
creates JAX-RS A factory that creates
RealmResourceProvider
instances.A
Spi
to plug additional sub-resources to Realms' RESTful API.Interface that encapsulates current information about the current requred action
You must specify a file
META-INF/services/org.keycloak.authentication.RequiredActionFactory in the jar that this class is contained in
This file must have the fully qualified class name of all your RequiredActionFactory classes
RequiredAction provider.
Useful when there is a need for callback when time offset is restarted.
Represents a resource, which is usually protected by a set of policies within a resource server.
Represents a permission for a given resource.
Represents a resource server, whose resources are managed and protected.
A
ResourceServerStore
is responsible to manage the persistence of ResourceServer
instances.A
ResourceStore
is responsible to manage the persistence of Resource
instances.Represents Keycloak resource types for which
AdminEvent's
can be triggered.Enum for each resource type that can be partially imported.
Updates a role reference in a mapper config, when a client ID changes.
Updates a role reference a in mapper config, when a role name changes.
Represents a scope, which is usually associated with one or more resources in order to define the actions that can be performed
or a specific access context.
A
ScopeStore
is responsible to manage the persistence of Scope
instances.A
ScriptModel
which holds some meta-data.Callback interface for customization of
Bindings
for a ScriptEngine
.Indicates compilation problems reported by a
ScriptException
and adds additional metadata.Augments a
ScriptException
and adds additional metadata.A
Provider
than provides Scripting capabilities.Marker interface for
ProviderFactory
of Provider which wants to show some info on "Server Info" page in Admin console.Non-recoverable error thrown during server startup
Shared methods to calculate the session expiration and idle.
Event to trigger that will add defaults for a realm after it has been imported.
Password that uses SHA to encode passwords.
Convenience interface to ease implementation of small
Validator
implementations.A factory for the different types of storages that manage the persistence of the domain model types.
TOTP: Time-based One-time Password Algorithm Based on http://tools.ietf.org/html/draft-mraihi-totp-timebased-06
Token exchange context
Provides token exchange mechanism for supported tokens
A factory that creates
TokenExchangeProvider
instances.A
Spi
to support pluggable token exchange handlers in the OAuth2 Token Endpoint.Provides introspection for a determined OAuth2 token type.
A factory that creates
TokenIntrospectionProvider
instances.A
Spi
to support additional tokens types to the OAuth2 Token Introspection Endpoint.A criteria that matches a property based on its type
Different options can be used to match a specific property based on its type.
This will perform update operation for particular attribute/property just if the existing value is not already same.
An interface providing as an entry point for managing users.
Extension of the
ValidationContext
used when validators are called for UserProfile
attribute validation.This interface represents the different contexts from where user profiles are managed.
The provider responsible for creating
UserProfile
instances.Describes a user session note for simple and generic
ProtocolMapperModel
creation.Interface that encapsulates the current validation that is being performed.
Holds information about the validation state.
Denotes an error found during validation.
Denotes the result of a validation.
Validates given input in a
ValidationContext
.Validate that input value is
ValidatorConfig
and it is correct for validator (inputHint
must be
ID of the validator config is for) by
Validators.validateConfig(org.keycloak.models.KeycloakSession, String, ValidatorConfig)
.A factory for custom
Validator
implementations plugged-in through this SPI.Facade for Validation functions with support for
Validator
implementation lookup by id.