keycloak-service
公開メンバ関数 | 限定公開メンバ関数 | 全メンバ一覧
org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider.KeycloakEndpoint クラス
org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider.KeycloakEndpoint の継承関係図
Inheritance graph
org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider.KeycloakEndpoint 連携図
Collaboration graph

公開メンバ関数

 KeycloakEndpoint (AuthenticationCallback callback, RealmModel realm, EventBuilder event)
 
Response backchannelLogout (String input)
 
SimpleHttp generateTokenRequest (String authorizationCode)
 
Response logoutResponse (@QueryParam("state") String state)
 

限定公開メンバ関数

boolean validateAction (AdminAction action)
 

詳解

構築子と解体子

◆ KeycloakEndpoint()

org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider.KeycloakEndpoint.KeycloakEndpoint ( AuthenticationCallback  callback,
RealmModel  realm,
EventBuilder  event 
)
inline
72  {
73  super(callback, realm, event);
74  }
org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider.callback
Object callback(RealmModel realm, AuthenticationCallback callback, EventBuilder event)
Definition: KeycloakOIDCIdentityProvider.java:61

関数詳解

◆ backchannelLogout()

Response org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider.KeycloakEndpoint.backchannelLogout ( String  input)
inline
78  {
79  JWSInput token = null;
80  try {
81  token = new JWSInput(input);
82  } catch (JWSInputException e) {
83  logger.warn("Failed to verify logout request");
84  return Response.status(400).build();
85  }
86 
87  if (!verify(token)) {
88  logger.warn("Failed to verify logout request");
89  return Response.status(400).build();
90  }
91 
92  LogoutAction action = null;
93  try {
94  action = JsonSerialization.readValue(token.getContent(), LogoutAction.class);
95  } catch (IOException e) {
96  throw new RuntimeException(e);
97  }
98  if (!validateAction(action)) return Response.status(400).build();
99  if (action.getKeycloakSessionIds() != null) {
100  for (String sessionId : action.getKeycloakSessionIds()) {
101  String brokerSessionId = getConfig().getAlias() + "." + sessionId;
102  UserSessionModel userSession = session.sessions().getUserSessionByBrokerSessionId(realm, brokerSessionId);
103  if (userSession != null
104  && userSession.getState() != UserSessionModel.State.LOGGING_OUT
105  && userSession.getState() != UserSessionModel.State.LOGGED_OUT
106  ) {
107  AuthenticationManager.backchannelLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers, false);
108  }
109  }
110 
111  }
112  return Response.ok().build();
113  }
org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider.KeycloakEndpoint.validateAction
boolean validateAction(AdminAction action)
Definition: KeycloakOIDCIdentityProvider.java:115
org.keycloak.broker.oidc.OIDCIdentityProvider.verify
boolean verify(JWSInput jws)
Definition: OIDCIdentityProvider.java:447
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< OIDCIdentityProviderConfig >::getConfig
C getConfig()
Definition: AbstractOAuth2IdentityProvider.java:126
org.keycloak.broker.oidc.OIDCIdentityProvider.logger
static final Logger logger
Definition: OIDCIdentityProvider.java:71

◆ generateTokenRequest()

SimpleHttp org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider.KeycloakEndpoint.generateTokenRequest ( String  authorizationCode)
inline
133  {
134  return super.generateTokenRequest(authorizationCode)
135  .param(AdapterConstants.CLIENT_SESSION_STATE, "n/a"); // hack to get backchannel logout to work
136 
137  }

◆ logoutResponse()

Response org.keycloak.broker.oidc.OIDCIdentityProvider.OIDCEndpoint.logoutResponse ( @QueryParam("state") String  state)
inlineinherited
104  {
105  UserSessionModel userSession = session.sessions().getUserSession(realm, state);
106  if (userSession == null) {
107  logger.error("no valid user session");
108  EventBuilder event = new EventBuilder(realm, session, clientConnection);
109  event.event(EventType.LOGOUT);
110  event.error(Errors.USER_SESSION_NOT_FOUND);
111  return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR);
112  }
113  if (userSession.getState() != UserSessionModel.State.LOGGING_OUT) {
114  logger.error("usersession in different state");
115  EventBuilder event = new EventBuilder(realm, session, clientConnection);
116  event.event(EventType.LOGOUT);
117  event.error(Errors.USER_SESSION_NOT_FOUND);
118  return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.SESSION_NOT_ACTIVE);
119  }
120  return AuthenticationManager.finishBrowserLogout(session, realm, userSession, session.getContext().getUri(), clientConnection, headers);
121  }
org.keycloak.broker.oidc.OIDCIdentityProvider.logger
static final Logger logger
Definition: OIDCIdentityProvider.java:71

◆ validateAction()

boolean org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider.KeycloakEndpoint.validateAction ( AdminAction  action)
inlineprotected
115  {
116  if (!action.validate()) {
117  logger.warn("admin request failed, not validated" + action.getAction());
118  return false;
119  }
120  if (action.isExpired()) {
121  logger.warn("admin request failed, expired token");
122  return false;
123  }
124  if (!getConfig().getClientId().equals(action.getResource())) {
125  logger.warn("Resource name does not match");
126  return false;
127 
128  }
129  return true;
130  }
org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider< OIDCIdentityProviderConfig >::getConfig
C getConfig()
Definition: AbstractOAuth2IdentityProvider.java:126
org.keycloak.broker.oidc.OIDCIdentityProvider.logger
static final Logger logger
Definition: OIDCIdentityProvider.java:71
このクラス詳解は次のファイルから抽出されました:
2018年11月18日(日) 14時00分08秒作成 - keycloak-service / 構成:   doxygen 1.8.13