Class ScriptBasedAuthenticator
- java.lang.Object
-
- org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator
-
- All Implemented Interfaces:
org.keycloak.authentication.Authenticator
,org.keycloak.provider.Provider
public class ScriptBasedAuthenticator extends Object implements org.keycloak.authentication.Authenticator
AnAuthenticator
that can execute a configured script during authentication flow.Scripts must at least provide one of the following functions:
authenticate(..)
which is called fromAuthenticator.authenticate(AuthenticationFlowContext)
action(..)
which is called fromAuthenticator.action(AuthenticationFlowContext)
Custom
Authenticator's
should at least provide theauthenticate(..)
function. The following scriptBindings
are available for convenient use within script code.script
theScriptModel
to access script metadatarealm
theRealmModel
user
the currentUserModel
session
the activeKeycloakSession
authenticationSession
the currentAuthenticationSessionModel
httpRequest
the currentHttpRequest
LOG
aLogger
scoped toScriptBasedAuthenticator
/li>
Note that the
user
variable is only defined when the user was identified by a preceeding authentication step, e.g. by theUsernamePasswordForm
authenticator.Additional context information can be extracted from the
context
argument passed to theauthenticate(context)
oraction(context)
function.An example
ScriptBasedAuthenticator
definition could look as follows:AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationFlowError"); function authenticate(context) { var username = user ? user.username : "anonymous"; LOG.info(script.name + " --> trace auth for: " + username); if ( username === "tester" && user.getAttribute("someAttribute") && user.getAttribute("someAttribute").contains("someValue")) { context.failure(AuthenticationFlowError.INVALID_USER); return; } context.success(); }
- Author:
- Thomas Darimont
-
-
Constructor Summary
Constructors Constructor Description ScriptBasedAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
action(org.keycloak.authentication.AuthenticationFlowContext context)
void
authenticate(org.keycloak.authentication.AuthenticationFlowContext context)
void
close()
boolean
configuredFor(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.UserModel user)
protected org.keycloak.models.AuthenticatorConfigModel
getAuthenticatorConfig(org.keycloak.authentication.AuthenticationFlowContext context)
boolean
requiresUser()
void
setRequiredActions(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.UserModel user)
-
-
-
Method Detail
-
authenticate
public void authenticate(org.keycloak.authentication.AuthenticationFlowContext context)
- Specified by:
authenticate
in interfaceorg.keycloak.authentication.Authenticator
-
action
public void action(org.keycloak.authentication.AuthenticationFlowContext context)
- Specified by:
action
in interfaceorg.keycloak.authentication.Authenticator
-
getAuthenticatorConfig
protected org.keycloak.models.AuthenticatorConfigModel getAuthenticatorConfig(org.keycloak.authentication.AuthenticationFlowContext context)
-
requiresUser
public boolean requiresUser()
- Specified by:
requiresUser
in interfaceorg.keycloak.authentication.Authenticator
-
configuredFor
public boolean configuredFor(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.UserModel user)
- Specified by:
configuredFor
in interfaceorg.keycloak.authentication.Authenticator
-
setRequiredActions
public void setRequiredActions(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.UserModel user)
- Specified by:
setRequiredActions
in interfaceorg.keycloak.authentication.Authenticator
-
close
public void close()
- Specified by:
close
in interfaceorg.keycloak.provider.Provider
-
-