org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator 連携図

クラス
class	AcceptSecContext

公開メンバ関数
	SPNEGOAuthenticator (CommonKerberosConfig kerberosConfig, KerberosServerSubjectAuthenticator kerberosSubjectAuthenticator, String spnegoToken)

void	authenticate ()

boolean	isAuthenticated ()

String	getResponseToken ()

String	getSerializedDelegationCredential ()

String	getAuthenticatedUsername ()

限定公開メンバ関数
GSSContext	establishContext () throws GSSException, IOException

void	logAuthDetails (GSSContext gssContext) throws GSSException

非公開変数類
final KerberosServerSubjectAuthenticator	kerberosSubjectAuthenticator

final String	spnegoToken

final CommonKerberosConfig	kerberosConfig

boolean	authenticated = false

String	authenticatedKerberosPrincipal = null

GSSCredential	delegationCredential

KerberosTicket	kerberosTicket

String	responseToken = null

静的非公開変数類
static final Logger	log = Logger.getLogger(SPNEGOAuthenticator.class)

詳解

著者: Marek Posolda

構築子と解体子

◆ SPNEGOAuthenticator()

org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.SPNEGOAuthenticator	(	CommonKerberosConfig	kerberosConfig,
		KerberosServerSubjectAuthenticator	kerberosSubjectAuthenticator,
		String	spnegoToken
	)

inline

                                                                                                                                                          {
         this.kerberosConfig = kerberosConfig;
         this.kerberosSubjectAuthenticator = kerberosSubjectAuthenticator;
         this.spnegoToken = spnegoToken;
     }

関数詳解

◆ authenticate()

void org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.authenticate ( )

inline

                                {
         if (log.isTraceEnabled()) {
             log.trace("SPNEGO Login with token: " + spnegoToken);
         }
 
         try {
             Subject serverSubject = kerberosSubjectAuthenticator.authenticateServerSubject();
             authenticated = Subject.doAs(serverSubject, new AcceptSecContext());
 
             // kerberosTicketis available in IBM JDK in case that GSSContext supports delegated credentials
             Set<KerberosTicket> kerberosTickets = serverSubject.getPrivateCredentials(KerberosTicket.class);
             Iterator<KerberosTicket> iterator = kerberosTickets.iterator();
             if (iterator.hasNext()) {
                 kerberosTicket = iterator.next();
             }
 
         } catch (Exception e) {
             log.warn("SPNEGO login failed", e);
         } finally {
             kerberosSubjectAuthenticator.logoutServerSubject();
         }
     }

◆ establishContext()

GSSContext org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.establishContext ( ) throws GSSException, IOException

inlineprotected

                                                                              {
         GSSManager manager = GSSManager.getInstance();
 
         Oid[] supportedMechs = new Oid[] { KerberosConstants.KRB5_OID, KerberosConstants.SPNEGO_OID };
         GSSCredential gssCredential = manager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, supportedMechs, GSSCredential.ACCEPT_ONLY);
         GSSContext gssContext = manager.createContext(gssCredential);
 
         byte[] inputToken = Base64.decode(spnegoToken);
         byte[] respToken = gssContext.acceptSecContext(inputToken, 0, inputToken.length);
         responseToken = Base64.encodeBytes(respToken);
 
         return gssContext;
     }

◆ getAuthenticatedUsername()

String org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.getAuthenticatedUsername ( )

inline

戻り値: username to be used in Keycloak. Username is authenticated kerberos principal without realm name

                                              {
         String[] tokens = authenticatedKerberosPrincipal.split("@");
         String username = tokens[0];
         return username;
     }

◆ getResponseToken()

String org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.getResponseToken ( )

inline

                                      {
         return responseToken;
     }

◆ getSerializedDelegationCredential()

String org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.getSerializedDelegationCredential ( )

inline

                                                       {
         if (delegationCredential == null) {
             if (log.isTraceEnabled()) {
                 log.trace("No delegation credential available.");
             }
 
             return null;
         }
 
         try {
             if (log.isTraceEnabled()) {
                 log.trace("Serializing credential " + delegationCredential);
             }
             return KerberosSerializationUtils.serializeCredential(kerberosTicket, delegationCredential);
         } catch (KerberosSerializationUtils.KerberosSerializationException kse) {
             log.warn("Couldn't serialize credential: " + delegationCredential, kse);
             return null;
         }
     }

◆ isAuthenticated()

boolean org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.isAuthenticated ( )

inline

                                      {
         return authenticated;
     }

◆ logAuthDetails()

void org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.logAuthDetails ( GSSContext gssContext ) throws GSSException

inlineprotected

                                                                              {
         if (log.isDebugEnabled()) {
             String message = new StringBuilder("SPNEGO Security context accepted with token: " + responseToken)
                     .append(", established: ").append(gssContext.isEstablished())
                     .append(", credDelegState: ").append(gssContext.getCredDelegState())
                     .append(", mutualAuthState: ").append(gssContext.getMutualAuthState())
                     .append(", lifetime: ").append(gssContext.getLifetime())
                     .append(", confState: ").append(gssContext.getConfState())
                     .append(", integState: ").append(gssContext.getIntegState())
                     .append(", srcName: ").append(gssContext.getSrcName())
                     .append(", targName: ").append(gssContext.getTargName())
                     .toString();
             log.debug(message);
         }
     }

メンバ詳解

◆ authenticated

boolean org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.authenticated = false

private

◆ authenticatedKerberosPrincipal

String org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.authenticatedKerberosPrincipal = null

private

◆ delegationCredential

GSSCredential org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.delegationCredential

private

◆ kerberosConfig

final CommonKerberosConfig org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.kerberosConfig

private

◆ kerberosSubjectAuthenticator

final KerberosServerSubjectAuthenticator org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.kerberosSubjectAuthenticator

private

◆ kerberosTicket

KerberosTicket org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.kerberosTicket

private

◆ log

final Logger org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.log = Logger.getLogger(SPNEGOAuthenticator.class)

staticprivate

◆ responseToken

String org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.responseToken = null

private

◆ spnegoToken

final String org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.spnegoToken

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java

クラス

公開メンバ関数

限定公開メンバ関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ SPNEGOAuthenticator()

関数詳解

◆ authenticate()

◆ establishContext()

◆ getAuthenticatedUsername()

◆ getResponseToken()

◆ getSerializedDelegationCredential()

◆ isAuthenticated()

◆ logAuthDetails()

メンバ詳解

◆ authenticated

◆ authenticatedKerberosPrincipal

◆ delegationCredential

◆ kerberosConfig

◆ kerberosSubjectAuthenticator

◆ kerberosTicket

◆ log

◆ responseToken

◆ spnegoToken