org.keycloak.federation.sssd.SSSDFederationProvider の継承関係図

org.keycloak.federation.sssd.SSSDFederationProvider 連携図

公開メンバ関数
	SSSDFederationProvider (KeycloakSession session, UserStorageProviderModel model, SSSDFederationProviderFactory sssdFederationProviderFactory)

UserModel	getUserByUsername (String username, RealmModel realm)

UserModel	validate (RealmModel realm, UserModel user)

UserModel	getUserById (String id, RealmModel realm)

UserModel	getUserByEmail (String email, RealmModel realm)

void	preRemove (RealmModel realm)

void	preRemove (RealmModel realm, RoleModel role)

void	preRemove (RealmModel realm, GroupModel group)

boolean	isValid (RealmModel realm, UserModel local)

boolean	supportsCredentialType (String credentialType)

boolean	isConfiguredFor (RealmModel realm, UserModel user, String credentialType)

boolean	isValid (RealmModel realm, UserModel user, CredentialInput input)

UserModel	validateAndProxy (RealmModel realm, UserModel local)

void	close ()

boolean	updateCredential (RealmModel realm, UserModel user, CredentialInput input)

void	disableCredentialType (RealmModel realm, UserModel user, String credentialType)

Set< String >	getDisableableCredentialTypes (RealmModel realm, UserModel user)

限定公開メンバ関数
UserModel	findOrCreateAuthenticatedUser (RealmModel realm, String username)

UserModel	importUserToKeycloak (RealmModel realm, String username)

限定公開変数類
KeycloakSession	session

UserStorageProviderModel	model

静的限定公開変数類
static final Set< String >	supportedCredentialTypes = new HashSet<>()

静的関数
	[static initializer]

非公開変数類
final SSSDFederationProviderFactory	factory

静的非公開変数類
static final Logger	logger = Logger.getLogger(SSSDFederationProvider.class)

詳解

SPI provider implementation to retrieve data from SSSD and authenticate against PAM

著者: Bruno Oliveira

バージョン

Revision: 1

構築子と解体子

◆ SSSDFederationProvider()

org.keycloak.federation.sssd.SSSDFederationProvider.SSSDFederationProvider	(	KeycloakSession	session,
		UserStorageProviderModel	model,
		SSSDFederationProviderFactory	sssdFederationProviderFactory
	)

inline

                                                                                                                                                         {
         this.session = session;
         this.model = model;
         this.factory = sssdFederationProviderFactory;
     }

関数詳解

◆ [static initializer]()

org.keycloak.federation.sssd.SSSDFederationProvider.[static initializer] ( )

inlinestaticpackage

◆ close()

void org.keycloak.federation.sssd.SSSDFederationProvider.close ( )

inline

                         {
         Sssd.disconnect();
     }

◆ disableCredentialType()

void org.keycloak.federation.sssd.SSSDFederationProvider.disableCredentialType	(	RealmModel	realm,
		UserModel	user,
		String	credentialType
	)

inline

202 {

203 }

◆ findOrCreateAuthenticatedUser()

UserModel org.keycloak.federation.sssd.SSSDFederationProvider.findOrCreateAuthenticatedUser	(	RealmModel	realm,
		String	username
	)

inlineprotected

Called after successful authentication

引数

realm	realm
username	username without realm prefix

戻り値: user if found or successfully created. Null if user with same username already exists, but is not linked to this provider

                                                                                          {
         UserModel user = session.userLocalStorage().getUserByUsername(username, realm);
         if (user != null) {
             logger.debug("SSSD authenticated user " + username + " found in Keycloak storage");
 
             if (!model.getId().equals(user.getFederationLink())) {
                 logger.warn("User with username " + username + " already exists, but is not linked to provider [" + model.getName() + "]");
                 return null;
             } else {
                 UserModel proxied = validateAndProxy(realm, user);
                 if (proxied != null) {
                     return proxied;
                 } else {
                     logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getName() +
                             "] but principal is not correct.");
                     logger.warn("Will re-create user");
                     new UserManager(session).removeUser(realm, user, session.userLocalStorage());
                 }
             }
         }
 
         logger.debug("SSSD authenticated user " + username + " not in Keycloak storage. Creating...");
         return importUserToKeycloak(realm, username);
     }

◆ getDisableableCredentialTypes()

Set<String> org.keycloak.federation.sssd.SSSDFederationProvider.getDisableableCredentialTypes	(	RealmModel	realm,
		UserModel	user
	)

inline

                                                                                        {
         return Collections.EMPTY_SET;
     }

◆ getUserByEmail()

UserModel org.keycloak.federation.sssd.SSSDFederationProvider.getUserByEmail	(	String	email,
		RealmModel	realm
	)

inline

                                                                     {
         return null;
     }

◆ getUserById()

UserModel org.keycloak.federation.sssd.SSSDFederationProvider.getUserById	(	String	id,
		RealmModel	realm
	)

inline

                                                               {
         return null;
     }

◆ getUserByUsername()

UserModel org.keycloak.federation.sssd.SSSDFederationProvider.getUserByUsername	(	String	username,
		RealmModel	realm
	)

inline

                                                                           {
         return findOrCreateAuthenticatedUser(realm, username);
     }

◆ importUserToKeycloak()

UserModel org.keycloak.federation.sssd.SSSDFederationProvider.importUserToKeycloak	(	RealmModel	realm,
		String	username
	)

inlineprotected

                                                                                 {
         Sssd sssd = new Sssd(username);
         User sssdUser = sssd.getUser();
         logger.debugf("Creating SSSD user: %s to local Keycloak storage", username);
         UserModel user = session.userLocalStorage().addUser(realm, username);
         user.setEnabled(true);
         user.setEmail(sssdUser.getEmail());
         user.setFirstName(sssdUser.getFirstName());
         user.setLastName(sssdUser.getLastName());
         for (String s : sssd.getGroups()) {
             GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "/" + s);
             if (group == null) {
                 group = session.realms().createGroup(realm, s);
             }
             user.joinGroup(group);
         }
         user.setFederationLink(model.getId());
         return validateAndProxy(realm, user);
     }

◆ isConfiguredFor()

boolean org.keycloak.federation.sssd.SSSDFederationProvider.isConfiguredFor	(	RealmModel	realm,
		UserModel	user,
		String	credentialType
	)

inline

                                                                                             {
         return CredentialModel.PASSWORD.equals(credentialType);
     }

◆ isValid() [1/2]

boolean org.keycloak.federation.sssd.SSSDFederationProvider.isValid	(	RealmModel	realm,
		UserModel	local
	)

inline

                                                               {
         User user = new Sssd(local.getUsername()).getUser();
         return user.equals(local);
     }

◆ isValid() [2/2]

boolean org.keycloak.federation.sssd.SSSDFederationProvider.isValid	(	RealmModel	realm,
		UserModel	user,
		CredentialInput	input
	)

inline

                                                                                     {
         if (!supportsCredentialType(input.getType()) || !(input instanceof UserCredentialModel)) return false;
 
         UserCredentialModel cred = (UserCredentialModel)input;
         PAMAuthenticator pam = factory.createPAMAuthenticator(user.getUsername(), cred.getValue());
         return (pam.authenticate() != null);
     }

◆ preRemove() [1/3]

void org.keycloak.federation.sssd.SSSDFederationProvider.preRemove ( RealmModel realm )

inline

                                             {
         // complete  We don't care about the realm being removed
     }

◆ preRemove() [2/3]

void org.keycloak.federation.sssd.SSSDFederationProvider.preRemove	(	RealmModel	realm,
		RoleModel	role
	)

inline

                                                             {
         // complete we dont'care if a role is removed
 
     }

◆ preRemove() [3/3]

void org.keycloak.federation.sssd.SSSDFederationProvider.preRemove	(	RealmModel	realm,
		GroupModel	group
	)

inline

                                                               {
         // complete we dont'care if a role is removed
 
     }

◆ supportsCredentialType()

boolean org.keycloak.federation.sssd.SSSDFederationProvider.supportsCredentialType ( String credentialType )

inline

                                                                  {
         return CredentialModel.PASSWORD.equals(credentialType);
     }

◆ updateCredential()

boolean org.keycloak.federation.sssd.SSSDFederationProvider.updateCredential	(	RealmModel	realm,
		UserModel	user,
		CredentialInput	input
	)

inline

                                                                                              {
         throw new IllegalStateException("You can't update your password as your account is read only.");
     }

◆ validate()

UserModel org.keycloak.federation.sssd.SSSDFederationProvider.validate	(	RealmModel	realm,
		UserModel	user
	)

inline

                                                                 {
         return validateAndProxy(realm, user);
     }

◆ validateAndProxy()

UserModel org.keycloak.federation.sssd.SSSDFederationProvider.validateAndProxy	(	RealmModel	realm,
		UserModel	local
	)

inline

                                                                          {
         if (isValid(realm, local)) {
             return new ReadonlySSSDUserModelDelegate(local, this);
         } else {
             return null;
         }
     }

メンバ詳解

◆ factory

final SSSDFederationProviderFactory org.keycloak.federation.sssd.SSSDFederationProvider.factory

private

◆ logger

final Logger org.keycloak.federation.sssd.SSSDFederationProvider.logger = Logger.getLogger(SSSDFederationProvider.class)

staticprivate

◆ model

UserStorageProviderModel org.keycloak.federation.sssd.SSSDFederationProvider.model

protected

◆ session

KeycloakSession org.keycloak.federation.sssd.SSSDFederationProvider.session

protected

◆ supportedCredentialTypes

final Set<String> org.keycloak.federation.sssd.SSSDFederationProvider.supportedCredentialTypes = new HashSet<>()

staticprotected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/federation/src/federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java

公開メンバ関数

限定公開メンバ関数

限定公開変数類

静的限定公開変数類

静的関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ SSSDFederationProvider()

関数詳解

◆ [static initializer]()

◆ close()

◆ disableCredentialType()

◆ findOrCreateAuthenticatedUser()

◆ getDisableableCredentialTypes()

◆ getUserByEmail()

◆ getUserById()

◆ getUserByUsername()

◆ importUserToKeycloak()

◆ isConfiguredFor()

◆ isValid() [1/2]

◆ isValid() [2/2]

◆ preRemove() [1/3]

◆ preRemove() [2/3]

◆ preRemove() [3/3]

◆ supportsCredentialType()

◆ updateCredential()

◆ validate()

◆ validateAndProxy()

メンバ詳解

◆ factory

◆ logger

◆ model

◆ session

◆ supportedCredentialTypes