org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator の継承関係図

org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator 連携図

公開メンバ関数
boolean	requiresUser ()

boolean	configuredFor (KeycloakSession session, RealmModel realm, UserModel user)

void	authenticate (AuthenticationFlowContext context)

void	action (AuthenticationFlowContext context)

void	setRequiredActions (KeycloakSession session, RealmModel realm, UserModel user)

void	close ()

静的公開メンバ関数
static UserModel	getExistingUser (KeycloakSession session, RealmModel realm, AuthenticationSessionModel authSession)

静的公開変数類
static final String	BROKERED_CONTEXT_NOTE = "BROKERED_CONTEXT"

static final String	EXISTING_USER_INFO = "EXISTING_USER_INFO"

static final String	UPDATE_PROFILE_EMAIL_CHANGED = "UPDATE_PROFILE_EMAIL_CHANGED"

static final String	ENFORCE_UPDATE_PROFILE = "ENFORCE_UPDATE_PROFILE"

static final String	BROKER_REGISTERED_NEW_USER = "BROKER_REGISTERED_NEW_USER"

static final String	FIRST_BROKER_LOGIN_SUCCESS = "FIRST_BROKER_LOGIN_SUCCESS"

限定公開メンバ関数
void	actionImpl (AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext)

void	authenticateImpl (AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext)

ExistingUserInfo	checkExistingUser (AuthenticationFlowContext context, String username, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext)

String	getUsername (AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext)

void	userRegisteredSuccess (AuthenticationFlowContext context, UserModel registeredUser, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext)

void	sendFailureChallenge (AuthenticationFlowContext context, Response.Status status, String eventError, String errorMessage, AuthenticationFlowError flowError)

静的非公開変数類
static Logger	logger = Logger.getLogger(IdpCreateUserIfUniqueAuthenticator.class)

詳解

著者: Marek Posolda

関数詳解

◆ action()

void org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.action ( AuthenticationFlowContext context )

inlineinherited

                                                           {
         AuthenticationSessionModel clientSession = context.getAuthenticationSession();
 
         SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(clientSession, BROKERED_CONTEXT_NOTE);
         if (serializedCtx == null) {
             throw new AuthenticationFlowException("Not found serialized context in clientSession", AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
         }
         BrokeredIdentityContext brokerContext = serializedCtx.deserialize(context.getSession(), clientSession);
 
         if (!brokerContext.getIdpConfig().isEnabled()) {
             sendFailureChallenge(context, Response.Status.BAD_REQUEST, Errors.IDENTITY_PROVIDER_ERROR, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR, AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
         }
 
         actionImpl(context, serializedCtx, brokerContext);
     }

◆ actionImpl()

void org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator.actionImpl	(	AuthenticationFlowContext	context,
		SerializedBrokeredIdentityContext	serializedCtx,
		BrokeredIdentityContext	brokerContext
	)

inlineprotected

47 {

48 }

◆ authenticate()

void org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.authenticate ( AuthenticationFlowContext context )

inlineinherited

                                                                 {
         AuthenticationSessionModel authSession = context.getAuthenticationSession();
 
         SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, BROKERED_CONTEXT_NOTE);
         if (serializedCtx == null) {
             throw new AuthenticationFlowException("Not found serialized context in clientSession", AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
         }
         BrokeredIdentityContext brokerContext = serializedCtx.deserialize(context.getSession(), authSession);
 
         if (!brokerContext.getIdpConfig().isEnabled()) {
             sendFailureChallenge(context, Response.Status.BAD_REQUEST, Errors.IDENTITY_PROVIDER_ERROR, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR, AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
         }
 
         authenticateImpl(context, serializedCtx, brokerContext);
     }

◆ authenticateImpl()

void org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator.authenticateImpl	(	AuthenticationFlowContext	context,
		SerializedBrokeredIdentityContext	serializedCtx,
		BrokeredIdentityContext	brokerContext
	)

inlineprotected

                                                                                                                                                                {
 
         KeycloakSession session = context.getSession();
         RealmModel realm = context.getRealm();
 
         if (context.getAuthenticationSession().getAuthNote(EXISTING_USER_INFO) != null) {
             context.attempted();
             return;
         }
 
         String username = getUsername(context, serializedCtx, brokerContext);
         if (username == null) {
             ServicesLogger.LOGGER.resetFlow(realm.isRegistrationEmailAsUsername() ? "Email" : "Username");
             context.getAuthenticationSession().setAuthNote(ENFORCE_UPDATE_PROFILE, "true");
             context.resetFlow();
             return;
         }
 
         ExistingUserInfo duplication = checkExistingUser(context, username, serializedCtx, brokerContext);
 
         if (duplication == null) {
             logger.debugf("No duplication detected. Creating account for user '%s' and linking with identity provider '%s' .",
                     username, brokerContext.getIdpConfig().getAlias());
 
             UserModel federatedUser = session.users().addUser(realm, username);
             federatedUser.setEnabled(true);
             federatedUser.setEmail(brokerContext.getEmail());
             federatedUser.setFirstName(brokerContext.getFirstName());
             federatedUser.setLastName(brokerContext.getLastName());
 
             for (Map.Entry<String, List<String>> attr : serializedCtx.getAttributes().entrySet()) {
                 federatedUser.setAttribute(attr.getKey(), attr.getValue());
             }
 
             AuthenticatorConfigModel config = context.getAuthenticatorConfig();
             if (config != null && Boolean.parseBoolean(config.getConfig().get(IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION))) {
                 logger.debugf("User '%s' required to update password", federatedUser.getUsername());
                 federatedUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
             }
 
             userRegisteredSuccess(context, federatedUser, serializedCtx, brokerContext);
 
             context.setUser(federatedUser);
             context.getAuthenticationSession().setAuthNote(BROKER_REGISTERED_NEW_USER, "true");
             context.success();
         } else {
             logger.debugf("Duplication detected. There is already existing user with %s '%s' .",
                     duplication.getDuplicateAttributeName(), duplication.getDuplicateAttributeValue());
 
             // Set duplicated user, so next authenticators can deal with it
             context.getAuthenticationSession().setAuthNote(EXISTING_USER_INFO, duplication.serialize());
 
             Response challengeResponse = context.form()
                     .setError(Messages.FEDERATED_IDENTITY_EXISTS, duplication.getDuplicateAttributeName(), duplication.getDuplicateAttributeValue())
                     .createErrorPage(Response.Status.CONFLICT);
             context.challenge(challengeResponse);
 
             if (context.getExecution().isRequired()) {
                 context.getEvent()
                         .user(duplication.getExistingUserId())
                         .detail("existing_" + duplication.getDuplicateAttributeName(), duplication.getDuplicateAttributeValue())
                         .removeDetail(Details.AUTH_METHOD)
                         .removeDetail(Details.AUTH_TYPE)
                         .error(Errors.FEDERATED_IDENTITY_EXISTS);
             }
         }
     }

◆ checkExistingUser()

ExistingUserInfo org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator.checkExistingUser	(	AuthenticationFlowContext	context,
		String	username,
		SerializedBrokeredIdentityContext	serializedCtx,
		BrokeredIdentityContext	brokerContext
	)

inlineprotected

                                                                                                                                                                                              {
 
         if (brokerContext.getEmail() != null && !context.getRealm().isDuplicateEmailsAllowed()) {
             UserModel existingUser = context.getSession().users().getUserByEmail(brokerContext.getEmail(), context.getRealm());
             if (existingUser != null) {
                 return new ExistingUserInfo(existingUser.getId(), UserModel.EMAIL, existingUser.getEmail());
             }
         }
 
         UserModel existingUser = context.getSession().users().getUserByUsername(username, context.getRealm());
         if (existingUser != null) {
             return new ExistingUserInfo(existingUser.getId(), UserModel.USERNAME, existingUser.getUsername());
         }
 
         return null;
     }

◆ close()

void org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.close ( )

inlineinherited

                         {
 
     }

◆ configuredFor()

boolean org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator.configuredFor	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user
	)

inline

                                                                                             {
         return true;
     }

◆ getExistingUser()

static UserModel org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.getExistingUser	(	KeycloakSession	session,
		RealmModel	realm,
		AuthenticationSessionModel	authSession
	)

inlinestaticinherited

                                                                                                                                {
         String existingUserId = authSession.getAuthNote(EXISTING_USER_INFO);
         if (existingUserId == null) {
             throw new AuthenticationFlowException("Unexpected state. There is no existing duplicated user identified in ClientSession",
                     AuthenticationFlowError.INTERNAL_ERROR);
         }
 
         ExistingUserInfo duplication = ExistingUserInfo.deserialize(existingUserId);
 
         UserModel existingUser = session.users().getUserById(duplication.getExistingUserId(), realm);
         if (existingUser == null) {
             throw new AuthenticationFlowException("User with ID '" + existingUserId + "' not found.", AuthenticationFlowError.INVALID_USER);
         }
 
         if (!existingUser.isEnabled()) {
             throw new AuthenticationFlowException("User with ID '" + existingUserId + "', username '" + existingUser.getUsername() + "' disabled.", AuthenticationFlowError.USER_DISABLED);
         }
 
         return existingUser;
     }

◆ getUsername()

String org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator.getUsername	(	AuthenticationFlowContext	context,
		SerializedBrokeredIdentityContext	serializedCtx,
		BrokeredIdentityContext	brokerContext
	)

inlineprotected

                                                                                                                                                             {
         RealmModel realm = context.getRealm();
         return realm.isRegistrationEmailAsUsername() ? brokerContext.getEmail() : brokerContext.getModelUsername();
     }

◆ requiresUser()

boolean org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator.requiresUser ( )

inline

                                   {
         return false;
     }

◆ sendFailureChallenge()

void org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.sendFailureChallenge	(	AuthenticationFlowContext	context,
		Response.Status	status,
		String	eventError,
		String	errorMessage,
		AuthenticationFlowError	flowError
	)

inlineprotectedinherited

                                                                                                                                                                               {
         context.getEvent().user(context.getUser())
                 .error(eventError);
         Response challengeResponse = context.form()
                 .setError(errorMessage)
                 .createErrorPage(status);
         context.failureChallenge(flowError, challengeResponse);
     }

◆ setRequiredActions()

void org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.setRequiredActions	(	KeycloakSession	session,
		RealmModel	realm,
		UserModel	user
	)

inlineinherited

107 {

108 }

◆ userRegisteredSuccess()

void org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator.userRegisteredSuccess	(	AuthenticationFlowContext	context,
		UserModel	registeredUser,
		SerializedBrokeredIdentityContext	serializedCtx,
		BrokeredIdentityContext	brokerContext
	)

inlineprotected

                                                                                                                                                                                               {
 
     }

メンバ詳解

◆ BROKER_REGISTERED_NEW_USER

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.BROKER_REGISTERED_NEW_USER = "BROKER_REGISTERED_NEW_USER"

staticinherited

◆ BROKERED_CONTEXT_NOTE

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE = "BROKERED_CONTEXT"

staticinherited

◆ ENFORCE_UPDATE_PROFILE

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.ENFORCE_UPDATE_PROFILE = "ENFORCE_UPDATE_PROFILE"

staticinherited

◆ EXISTING_USER_INFO

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.EXISTING_USER_INFO = "EXISTING_USER_INFO"

staticinherited

◆ FIRST_BROKER_LOGIN_SUCCESS

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.FIRST_BROKER_LOGIN_SUCCESS = "FIRST_BROKER_LOGIN_SUCCESS"

staticinherited

◆ logger

Logger org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator.logger = Logger.getLogger(IdpCreateUserIfUniqueAuthenticator.class)

staticprivate

◆ UPDATE_PROFILE_EMAIL_CHANGED

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.UPDATE_PROFILE_EMAIL_CHANGED = "UPDATE_PROFILE_EMAIL_CHANGED"

staticinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpCreateUserIfUniqueAuthenticator.java

公開メンバ関数

静的公開メンバ関数

静的公開変数類

限定公開メンバ関数

静的非公開変数類

詳解

関数詳解

◆ action()

◆ actionImpl()

◆ authenticate()

◆ authenticateImpl()

◆ checkExistingUser()

◆ close()

◆ configuredFor()

◆ getExistingUser()

◆ getUsername()

◆ requiresUser()

◆ sendFailureChallenge()

◆ setRequiredActions()

◆ userRegisteredSuccess()

メンバ詳解

◆ BROKER_REGISTERED_NEW_USER

◆ BROKERED_CONTEXT_NOTE

◆ ENFORCE_UPDATE_PROFILE

◆ EXISTING_USER_INFO

◆ FIRST_BROKER_LOGIN_SUCCESS

◆ logger

◆ UPDATE_PROFILE_EMAIL_CHANGED