org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticator クラス

org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticator の継承関係図

org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticator 連携図

公開メンバ関数
boolean	requiresUser ()
boolean	configuredFor (KeycloakSession session, RealmModel realm, UserModel user)
void	authenticate (AuthenticationFlowContext context)
void	action (AuthenticationFlowContext context)
void	setRequiredActions (KeycloakSession session, RealmModel realm, UserModel user)
void	close ()

静的公開メンバ関数
static UserModel	getExistingUser (KeycloakSession session, RealmModel realm, AuthenticationSessionModel authSession)

静的公開変数類
static final String	BROKERED_CONTEXT_NOTE = "BROKERED_CONTEXT"
static final String	EXISTING_USER_INFO = "EXISTING_USER_INFO"
static final String	UPDATE_PROFILE_EMAIL_CHANGED = "UPDATE_PROFILE_EMAIL_CHANGED"
static final String	ENFORCE_UPDATE_PROFILE = "ENFORCE_UPDATE_PROFILE"
static final String	BROKER_REGISTERED_NEW_USER = "BROKER_REGISTERED_NEW_USER"
static final String	FIRST_BROKER_LOGIN_SUCCESS = "FIRST_BROKER_LOGIN_SUCCESS"

限定公開メンバ関数
void	authenticateImpl (AuthenticationFlowContext context, SerializedBrokeredIdentityContext userCtx, BrokeredIdentityContext brokerContext)
boolean	requiresUpdateProfilePage (AuthenticationFlowContext context, SerializedBrokeredIdentityContext userCtx, BrokeredIdentityContext brokerContext)
void	actionImpl (AuthenticationFlowContext context, SerializedBrokeredIdentityContext userCtx, BrokeredIdentityContext brokerContext)
void	sendFailureChallenge (AuthenticationFlowContext context, Response.Status status, String eventError, String errorMessage, AuthenticationFlowError flowError)

静的非公開変数類
static final Logger	logger = Logger.getLogger(IdpReviewProfileAuthenticator.class)

詳解

著者

Marek Posolda

関数詳解

action()

void org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.action ( AuthenticationFlowContext  context )

inlineinherited

                                                          {
        AuthenticationSessionModel clientSession = context.getAuthenticationSession();

        SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(clientSession, BROKERED_CONTEXT_NOTE);
        if (serializedCtx == null) {
            throw new AuthenticationFlowException("Not found serialized context in clientSession", AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
        }
        BrokeredIdentityContext brokerContext = serializedCtx.deserialize(context.getSession(), clientSession);

        if (!brokerContext.getIdpConfig().isEnabled()) {
            sendFailureChallenge(context, Response.Status.BAD_REQUEST, Errors.IDENTITY_PROVIDER_ERROR, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR, AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
        }

        actionImpl(context, serializedCtx, brokerContext);
    }

actionImpl()

void org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticator.actionImpl ( AuthenticationFlowContext  context, SerializedBrokeredIdentityContext  userCtx, BrokeredIdentityContext  brokerContext  )

inlineprotected

                                                                                                                                                   {
        EventBuilder event = context.getEvent();
        event.event(EventType.UPDATE_PROFILE);
        MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();

        RealmModel realm = context.getRealm();

        List<FormMessage> errors = Validation.validateUpdateProfileForm(realm, formData);
        if (errors != null && !errors.isEmpty()) {
            Response challenge = context.form()
                    .setErrors(errors)
                    .setAttribute(LoginFormsProvider.UPDATE_PROFILE_CONTEXT_ATTR, userCtx)
                    .setFormData(formData)
                    .createUpdateProfilePage();
            context.challenge(challenge);
            return;
        }

        String username = realm.isRegistrationEmailAsUsername() ? formData.getFirst(UserModel.EMAIL) : formData.getFirst(UserModel.USERNAME);
        userCtx.setUsername(username);
        userCtx.setFirstName(formData.getFirst(UserModel.FIRST_NAME));
        userCtx.setLastName(formData.getFirst(UserModel.LAST_NAME));

        String email = formData.getFirst(UserModel.EMAIL);
        if (!ObjectUtil.isEqualOrBothNull(email, userCtx.getEmail())) {
            if (logger.isTraceEnabled()) {
                logger.tracef("Email updated on updateProfile page to '%s' ", email);
            }

            userCtx.setEmail(email);
            context.getAuthenticationSession().setAuthNote(UPDATE_PROFILE_EMAIL_CHANGED, "true");
        }

        AttributeFormDataProcessor.process(formData, realm, userCtx);

        userCtx.saveToAuthenticationSession(context.getAuthenticationSession(), BROKERED_CONTEXT_NOTE);

        logger.debugf("Profile updated successfully after first authentication with identity provider '%s' for broker user '%s'.", brokerContext.getIdpConfig().getAlias(), userCtx.getUsername());

        event.detail(Details.UPDATED_EMAIL, email);
        context.success();
    }

authenticate()

void org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.authenticate ( AuthenticationFlowContext  context )

inlineinherited

                                                                {
        AuthenticationSessionModel authSession = context.getAuthenticationSession();

        SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, BROKERED_CONTEXT_NOTE);
        if (serializedCtx == null) {
            throw new AuthenticationFlowException("Not found serialized context in clientSession", AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
        }
        BrokeredIdentityContext brokerContext = serializedCtx.deserialize(context.getSession(), authSession);

        if (!brokerContext.getIdpConfig().isEnabled()) {
            sendFailureChallenge(context, Response.Status.BAD_REQUEST, Errors.IDENTITY_PROVIDER_ERROR, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR, AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
        }

        authenticateImpl(context, serializedCtx, brokerContext);
    }

authenticateImpl()

void org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticator.authenticateImpl ( AuthenticationFlowContext  context, SerializedBrokeredIdentityContext  userCtx, BrokeredIdentityContext  brokerContext  )

inlineprotected

                                                                                                                                                         {
        IdentityProviderModel idpConfig = brokerContext.getIdpConfig();

        if (requiresUpdateProfilePage(context, userCtx, brokerContext)) {

            logger.debugf("Identity provider '%s' requires update profile action for broker user '%s'.", idpConfig.getAlias(), userCtx.getUsername());

            // No formData for first render. The profile is rendered from userCtx
            Response challengeResponse = context.form()
                    .setAttribute(LoginFormsProvider.UPDATE_PROFILE_CONTEXT_ATTR, userCtx)
                    .setFormData(null)
                    .createUpdateProfilePage();
            context.challenge(challengeResponse);
        } else {
            // Not required to update profile. Marked success
            context.success();
        }
    }

close()

void org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.close ( )

inlineinherited

                        {

    }

configuredFor()

boolean org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticator.configuredFor ( KeycloakSession  session, RealmModel  realm, UserModel  user  )

inline

                                                                                            {
        return true;
    }

getExistingUser()

static UserModel org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.getExistingUser ( KeycloakSession  session, RealmModel  realm, AuthenticationSessionModel  authSession  )

inlinestaticinherited

                                                                                                                               {
        String existingUserId = authSession.getAuthNote(EXISTING_USER_INFO);
        if (existingUserId == null) {
            throw new AuthenticationFlowException("Unexpected state. There is no existing duplicated user identified in ClientSession",
                    AuthenticationFlowError.INTERNAL_ERROR);
        }

        ExistingUserInfo duplication = ExistingUserInfo.deserialize(existingUserId);

        UserModel existingUser = session.users().getUserById(duplication.getExistingUserId(), realm);
        if (existingUser == null) {
            throw new AuthenticationFlowException("User with ID '" + existingUserId + "' not found.", AuthenticationFlowError.INVALID_USER);
        }

        if (!existingUser.isEnabled()) {
            throw new AuthenticationFlowException("User with ID '" + existingUserId + "', username '" + existingUser.getUsername() + "' disabled.", AuthenticationFlowError.USER_DISABLED);
        }

        return existingUser;
    }

requiresUpdateProfilePage()

boolean org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticator.requiresUpdateProfilePage ( AuthenticationFlowContext  context, SerializedBrokeredIdentityContext  userCtx, BrokeredIdentityContext  brokerContext  )

inlineprotected

                                                                                                                                                                     {
        String enforceUpdateProfile = context.getAuthenticationSession().getAuthNote(ENFORCE_UPDATE_PROFILE);
        if (Boolean.parseBoolean(enforceUpdateProfile)) {
            return true;
        }

        String updateProfileFirstLogin;
        AuthenticatorConfigModel authenticatorConfig = context.getAuthenticatorConfig();
        if (authenticatorConfig == null || !authenticatorConfig.getConfig().containsKey(IdpReviewProfileAuthenticatorFactory.UPDATE_PROFILE_ON_FIRST_LOGIN)) {
            updateProfileFirstLogin = IdentityProviderRepresentation.UPFLM_MISSING;
        } else {
            updateProfileFirstLogin = authenticatorConfig.getConfig().get(IdpReviewProfileAuthenticatorFactory.UPDATE_PROFILE_ON_FIRST_LOGIN);
        }

        RealmModel realm = context.getRealm();
        return IdentityProviderRepresentation.UPFLM_ON.equals(updateProfileFirstLogin)
                || (IdentityProviderRepresentation.UPFLM_MISSING.equals(updateProfileFirstLogin) && !Validation.validateUserMandatoryFields(realm, userCtx));
    }

requiresUser()

boolean org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticator.requiresUser ( )

inline

                                  {
        return false;
    }

sendFailureChallenge()

void org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.sendFailureChallenge ( AuthenticationFlowContext  context, Response.Status  status, String  eventError, String  errorMessage, AuthenticationFlowError  flowError  )

inlineprotectedinherited

                                                                                                                                                                              {
        context.getEvent().user(context.getUser())
                .error(eventError);
        Response challengeResponse = context.form()
                .setError(errorMessage)
                .createErrorPage(status);
        context.failureChallenge(flowError, challengeResponse);
    }

setRequiredActions()

void org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.setRequiredActions ( KeycloakSession  session, RealmModel  realm, UserModel  user  )

inlineinherited

                                                                                              {
    }

メンバ詳解

BROKER_REGISTERED_NEW_USER

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.BROKER_REGISTERED_NEW_USER = "BROKER_REGISTERED_NEW_USER"

staticinherited

BROKERED_CONTEXT_NOTE

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE = "BROKERED_CONTEXT"

staticinherited

ENFORCE_UPDATE_PROFILE

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.ENFORCE_UPDATE_PROFILE = "ENFORCE_UPDATE_PROFILE"

staticinherited

EXISTING_USER_INFO

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.EXISTING_USER_INFO = "EXISTING_USER_INFO"

staticinherited

FIRST_BROKER_LOGIN_SUCCESS

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.FIRST_BROKER_LOGIN_SUCCESS = "FIRST_BROKER_LOGIN_SUCCESS"

staticinherited

logger

final Logger org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticator.logger = Logger.getLogger(IdpReviewProfileAuthenticator.class)

staticprivate

UPDATE_PROFILE_EMAIL_CHANGED

final String org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.UPDATE_PROFILE_EMAIL_CHANGED = "UPDATE_PROFILE_EMAIL_CHANGED"

staticinherited

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/authentication/authenticators/broker/IdpReviewProfileAuthenticator.java