All Classes and Interfaces
Class
Description
AbstractClientPolicyConditionProvider<CONFIG extends ClientPolicyConditionConfigurationRepresentation>
Abstract base class for updating a single reference (specified via a single config property).
Abstract class for number validator.
A
AccountResourceProvider creates JAX-RS resource instances for the Account endpoints, allowing
an implementor to override the behavior of the entire Account console.A factory that creates
AccountResourceProvider instances.A
Spi to replace Account resources.Enum for actions taken by PartialImport.
Ancestor for a provider factory for both a standalone
ProviderFactory and a ComponentFactory.A criteria that matches a property based on its annotations
Provides a way to create and resolve artifacts for SAML Artifact binding
Exception to indicate a configuration error in
ArtifactResolver.A factory that creates
ArtifactResolver instances.Exception to indicate a processing error in
ArtifactResolver.Interface of the user profile attribute change listener.
Holds attributes, their values and provides utlity methods to manage them.
Holds an attribute and its values, providing useful methods for obtaining and formatting values.
Callback to be triggered during various lifecycle events of authentication flow.
Factory to create
AuthenticationFlowCallback instances.This interface encapsulates information about an execution in an AuthenticationFlow.
Set of error codes that can be thrown by an Authenticator, FormAuthenticator, or FormAction
Throw this exception from an Authenticator, FormAuthenticator, or FormAction if you want to completely abort the flow.
This interface is for users that want to add custom authenticators to an authentication flow.
Factory for creating Authenticator instances.
The main contract here is the creation of
PermissionEvaluator instances.Checks a password against a configured password blacklist.
Creates
BlacklistPasswordPolicyProvider instances.A
BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist uses password-blacklist files as
to construct a BlacklistPasswordPolicyProviderFactory.PasswordBlacklist.A
BlacklistPasswordPolicyProviderFactory.PasswordBlacklist describes a list of too easy to guess
or potentially leaked passwords that users should not be able to use.Represents all identity information obtained from an
IdentityProvider after a
successful authentication.Cached authorization model classes will implement this interface.
Encapsulates information about the execution in ClientAuthenticationFlow
This interface is for users that want to add custom client authenticators to an authentication flow.
Factory for creating ClientAuthenticator instances.
TODO: remove this class entirely?
Provides a template/sample client config adapter file.
This condition determines to which client a client policy is adopted.
This executor specifies what action is executed on the client to which a client policy is adopted.
Task to be executed on all cluster nodes once it's notified.
Deprecated.
This is only available when the legacy store is enabled.
Event listener which synchronizes mapper configs, when references change.
Interface for updating references in mapper configs, when references (like group path) change.
used to set an execution a state based on type.
The default implementation for
Attributes.The default implementation for generating/formatting user code of OAuth 2.0 Device Authorization Grant.
The default implementation for
UserProfile.Allows to CRUD for configurations (like Authenticator configs).
Allows to register "deployed configurations", which are retrieved in runtime from deployed providers and hence are not saved in the DB
Validate input being any kind of
Number.Email Validator Utility to check email inputs based on
hibernate-validator implementation.
Email format validation - accepts plain string and collection of strings, for basic behavior like null/blank values
handling and collections support see
AbstractStringValidator.Providers that are only supported in some environments can implement this interface to be able to determine if they
should be available or not.
Wraps a
ScriptModel so it can be evaluated with custom bindings.An
Evaluation is mainly used by PolicyProvider in order to evaluate a single
and specific ResourcePermission against the configured policies.This interface serves as a bridge between the policy evaluation runtime and the environment in which it is running.
A factory for the different
PermissionEvaluator implementations.Use to unwrap exceptions specifically if there is an exception at JTA commit
Exchange a token crafted by this provider for a local realm token.
This adapter allows the exporter to act independent of APIs used to serve the exported data to the caller.
Custom consumer that is allowed to throw an
IOException as writing to an output stream might do this.Manage importing and updating of realms for the legacy store.
Status of an execution/authenticator in a Authentication Flow
Thrown internally when authenticator wants to fork the current flow.
Fine grain processing of a form.
Factory for instantiating FormAction objects.
This class is responsible for rendering a form.
Factory for instantiating FormAuthenticators.
Interface that encapsulates the current state of the current form being executed
Message (eg.
Updates a group reference in a mapper config, when the path of a group changes.
Represents a security identity, which can be a person or non-person entity that was previously authenticated.
Encapsulates parsing logic related to state passed to identity provider in "state" (or RelayState) parameter
Session note metadata for impersonation details stored in user session notes.
Deprecated.
Wraps a
ScriptModel and makes it Invocable.Utility methods for manipulating JSON objects.
JTA TransactionManager lookup
Set of helper methods, which are useful in various model implementations.
Event for notifying legacy store, so it can do migrations on the representation as needed.
Event for notifying legacy store about the need to reconfigure user providers
sychronization.
String value length validation - accepts plain string and collection of strings, for basic behavior like null/blank
values handling and collections support see
AbstractStringValidator.This interface is used for controlling load balancer.
A date validator that only takes into account the format associated with the current locale.
This exception is thrown when acquiring a lock times out.
This flags the session that all information loaded from the stores should be locked as the service layer
plans to modify it.
A Service Provider Interface (SPI) that allows to plug-in a cache manager instance.
Specifies the maximum age of an authentication with which a password may be changed without re-authentication.
Enum with types of messages.
Various common utils needed for migration from older version to newer
A criteria that matches a property based on name
Validate that value exists and is not empty nor blank.
A
PasswordPolicyProvider which does not allow to use the current email as password.Check that input value is not empty.
Hacked extension to UserSessionModel so that user id can be obtain directly so
Callback for component creation.
Callback for component update.
Validation against list of allowed values - accepts plain string and collection of strings (every value is validated against allowed values), for basic behavior like null/blank
values handling and collections support see
AbstractStringValidator.Deprecated.
This class represents a single result for a resource imported.
Aggregates all the PartialImportResult objects.
Validate String against configured RegEx pattern - accepts plain string and collection of strings, for basic behavior
like null/blank values handling and collections support see
AbstractStringValidator.PBKDF2 Password Hash provider with HMAC using SHA256
Provider factory for SHA512 variant of the PBKDF2 password hash algorithm.
An
PermissionEvaluator represents a source of ResourcePermission, responsible for emitting these permissions
to a consumer in order to evaluate the authorization policies based on a EvaluationContext.A
PermissionTicketStore is responsible to manage the persistence of PermissionTicket instances.Represents an authorization policy and all the configuration associated with it.
A
PolicyEvaluator evaluates authorization policies based on a given ResourcePermission, sending
the results to a Decision point through the methods defined in that interface.A
PolicyStore is responsible to manage the persistence of Policy instances.Executed at startup after model migration is finished
Utility class for working with JavaBean style properties
A representation of a JavaBean style property
A property criteria can be used to filter the properties found by a
PropertyQueryUtilities for working with property queries
Queries a target class for properties that match certain criteria.
This interface provides methods to query information from a realm.
A sub-resource instances for paths relative
to Realm's RESTful API that could not be resolved by the server.
RealmResourceProvider creates JAX-RS A factory that creates
RealmResourceProvider instances.A
Spi to plug additional sub-resources to Realms' RESTful API.Interface that encapsulates current information about the current requred action
You must specify a file
META-INF/services/org.keycloak.authentication.RequiredActionFactory in the jar that this class is contained in
This file must have the fully qualified class name of all your RequiredActionFactory classes
RequiredAction provider.
Useful when there is a need for callback when time offset is restarted.
Represents a resource, which is usually protected by a set of policies within a resource server.
Represents a permission for a given resource.
Represents a resource server, whose resources are managed and protected.
A
ResourceServerStore is responsible to manage the persistence of ResourceServer instances.A
ResourceStore is responsible to manage the persistence of Resource instances.Represents Keycloak resource types for which
AdminEvent's can be triggered.Enum for each resource type that can be partially imported.
Updates a role reference in a mapper config, when a client ID changes.
Updates a role reference a in mapper config, when a role name changes.
Represents a scope, which is usually associated with one or more resources in order to define the actions that can be performed
or a specific access context.
A
ScopeStore is responsible to manage the persistence of Scope instances.A
ScriptModel which holds some meta-data.Callback interface for customization of
Bindings for a ScriptEngine.Indicates compilation problems reported by a
ScriptException and adds additional metadata.Augments a
ScriptException and adds additional metadata.A
Provider than provides Scripting capabilities.Marker interface for
ProviderFactory of Provider which wants to show some info on "Server Info" page in Admin console.Non-recoverable error thrown during server startup
Shared methods to calculate the session expiration and idle.
Event to trigger that will add defaults for a realm after it has been imported.
Password that uses SHA to encode passwords.
A factory for the different types of storages that manage the persistence of the domain model types.
TOTP: Time-based One-time Password Algorithm Based on http://tools.ietf.org/html/draft-mraihi-totp-timebased-06
Token exchange context
Provides token exchange mechanism for supported tokens
A factory that creates
TokenExchangeProvider instances.A
Spi to support pluggable token exchange handlers in the OAuth2 Token Endpoint.Provides introspection for a determined OAuth2 token type.
A factory that creates
TokenIntrospectionProvider instances.A
Spi to support additional tokens types to the OAuth2 Token Introspection Endpoint.A criteria that matches a property based on its type
Different options can be used to match a specific property based on its type.
This will perform update operation for particular attribute/property just if the existing value is not already same.
An interface providing as an entry point for managing users.
The provider responsible for creating
UserProfile instances.Describes a user session note for simple and generic
ProtocolMapperModel creation.Interface that encapsulates the current validation that is being performed.
Validate that input value is
ValidatorConfig and it is correct for validator (inputHint must be
ID of the validator config is for) by
Validators.validateConfig(org.keycloak.models.KeycloakSession, String, ValidatorConfig).