Package org.keycloak.broker.kubernetes

Class KubernetesIdentityProvider

java.lang.Object

org.keycloak.broker.provider.AbstractIdentityProvider<C>

org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

org.keycloak.broker.oidc.OIDCIdentityProvider

org.keycloak.broker.kubernetes.KubernetesIdentityProvider

All Implemented Interfaces:

ClientAssertionIdentityProvider, ExchangeExternalToken, ExchangeTokenToIdentityProviderToken, IdentityProvider<OIDCIdentityProviderConfig>, Provider

public class KubernetesIdentityProvider
extends OIDCIdentityProvider

Nested Class Summary

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider

OIDCIdentityProvider.OIDCEndpoint

Nested classes/interfaces inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

AbstractOAuth2IdentityProvider.Endpoint, AbstractOAuth2IdentityProvider.OAuthResponse

Nested classes/interfaces inherited from interface org.keycloak.broker.provider.IdentityProvider

IdentityProvider.AuthenticationCallback

Field Summary

Fields inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider

EXCHANGE_PROVIDER, FEDERATED_ACCESS_TOKEN_RESPONSE, FEDERATED_ID_TOKEN, logger, SCOPE_OPENID, USER_INFO, VALIDATED_ACCESS_TOKEN, VALIDATED_ID_TOKEN

Fields inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

ACCESS_DENIED, ACCESS_TOKEN_EXPIRATION, FEDERATED_REFRESH_TOKEN, FEDERATED_TOKEN_EXPIRATION, mapper, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE, OAUTH2_GRANT_TYPE_REFRESH_TOKEN, OAUTH2_PARAMETER_ACCESS_TOKEN, OAUTH2_PARAMETER_CLIENT_ID, OAUTH2_PARAMETER_CLIENT_SECRET, OAUTH2_PARAMETER_CODE, OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_PARAMETER_REDIRECT_URI, OAUTH2_PARAMETER_RESPONSE_TYPE, OAUTH2_PARAMETER_SCOPE, OAUTH2_PARAMETER_STATE

Fields inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

ACCOUNT_LINK_URL, BROKER_REGISTERED_NEW_USER, session, UPDATE_PROFILE_EMAIL_CHANGED, UPDATE_PROFILE_USERNAME_CHANGED

Fields inherited from interface org.keycloak.broker.provider.IdentityProvider

EXTERNAL_IDENTITY_PROVIDER, FEDERATED_ACCESS_TOKEN

Constructor Summary

Constructors

Constructor	Description
KubernetesIdentityProvider(KeycloakSession session, KubernetesIdentityProviderConfig config, String globalJwksUrl)

Method Summary

Modifier and Type	Method	Description
void	authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
void	backchannelLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm)
Object	callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event)
jakarta.ws.rs.core.Response	export(jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format)
protected KeyWrapper	getIdentityProviderKeyWrapper(org.keycloak.jose.jws.JWSInput jws)
IdentityProviderDataMarshaller	getMarshaller()
void	importNewUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)
jakarta.ws.rs.core.Response	keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm)
jakarta.ws.rs.core.Response	performLogin(AuthenticationRequest request)
void	preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context)
jakarta.ws.rs.core.Response	retrieveToken(KeycloakSession session, FederatedIdentityModel identity)
void	updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)

Methods inherited from class org.keycloak.broker.oidc.OIDCIdentityProvider

backchannelLogout, createAuthorizationUrl, exchangeExternalTokenV1Impl, exchangeExternalTokenV2Impl, exchangeSessionToken, exchangeStoredToken, extractIdentity, extractIdentityFromProfile, getDefaultScopes, getFederatedIdentity, getProfileEndpointForValidation, getUserInfoUrl, getusernameClaimNameForIdToken, getUsernameFromUserInfo, isAuthTimeExpired, isIssuer, isTokenTypeSupported, parseTokenInput, processAccessTokenResponse, refreshTokenForLogout, reloadKeys, setEmailVerified, supportsExternalExchange, validateExternalTokenThroughUserInfo, validateJwt, validateToken, validateToken, verify, verifyClientAssertion

Methods inherited from class org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider

asJsonNode, authenticateTokenRequest, buildUserInfoRequest, doGetFederatedIdentity, exchangeExternal, exchangeExternalComplete, exchangeExternalUserInfoValidationOnly, exchangeFromToken, extractTokenFromResponse, generateToken, getAccessTokenResponseParameter, getConfig, getJsonProperty, getRefreshTokenRequest, getSignatureContext, hasExternalExchangeToken, sendTokenIntrospectionRequest, supportsLongStateParameter, validateExternalTokenWithIntrospectionEndpoint

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProvider

close, exchangeErrorResponse, exchangeNotLinked, exchangeNotLinkedNoStore, exchangeNotSupported, exchangeTokenExpired, exchangeUnsupportedRequiredType, getLinkingUrl, updateEmail

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.broker.provider.ExchangeExternalToken

exchangeExternal, exchangeExternalComplete

Methods inherited from interface org.keycloak.broker.provider.IdentityProvider

isMapperSupported

Constructor Details

KubernetesIdentityProvider

public KubernetesIdentityProvider(KeycloakSession session,
 KubernetesIdentityProviderConfig config,
 String globalJwksUrl)

Method Details

getIdentityProviderKeyWrapper

protected KeyWrapper getIdentityProviderKeyWrapper(org.keycloak.jose.jws.JWSInput jws)

Overrides:

getIdentityProviderKeyWrapper in class OIDCIdentityProvider

preprocessFederatedIdentity

public void preprocessFederatedIdentity(KeycloakSession session,
 RealmModel realm,
 BrokeredIdentityContext context)

Specified by:

preprocessFederatedIdentity in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

preprocessFederatedIdentity in class OIDCIdentityProvider

authenticationFinished

public void authenticationFinished(AuthenticationSessionModel authSession,
 BrokeredIdentityContext context)

Specified by:

authenticationFinished in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

authenticationFinished in class OIDCIdentityProvider

importNewUser

public void importNewUser(KeycloakSession session,
 RealmModel realm,
 UserModel user,
 BrokeredIdentityContext context)

Specified by:

importNewUser in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

importNewUser in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

updateBrokeredUser

public void updateBrokeredUser(KeycloakSession session,
 RealmModel realm,
 UserModel user,
 BrokeredIdentityContext context)

Specified by:

updateBrokeredUser in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

updateBrokeredUser in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

callback

public Object callback(RealmModel realm,
 IdentityProvider.AuthenticationCallback callback,
 EventBuilder event)

Specified by:

callback in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

callback in class OIDCIdentityProvider

performLogin

public jakarta.ws.rs.core.Response performLogin(AuthenticationRequest request)

Specified by:

performLogin in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

performLogin in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

retrieveToken

public jakarta.ws.rs.core.Response retrieveToken(KeycloakSession session,
 FederatedIdentityModel identity)

Specified by:

retrieveToken in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

retrieveToken in class AbstractOAuth2IdentityProvider<OIDCIdentityProviderConfig>

backchannelLogout

public void backchannelLogout(KeycloakSession session,
 UserSessionModel userSession,
 jakarta.ws.rs.core.UriInfo uriInfo,
 RealmModel realm)

Specified by:

backchannelLogout in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

backchannelLogout in class OIDCIdentityProvider

keycloakInitiatedBrowserLogout

public jakarta.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session,
 UserSessionModel userSession,
 jakarta.ws.rs.core.UriInfo uriInfo,
 RealmModel realm)

Specified by:

keycloakInitiatedBrowserLogout in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

keycloakInitiatedBrowserLogout in class OIDCIdentityProvider

export

public jakarta.ws.rs.core.Response export(jakarta.ws.rs.core.UriInfo uriInfo,
 RealmModel realm,
 String format)

Specified by:

export in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

export in class AbstractIdentityProvider<OIDCIdentityProviderConfig>

getMarshaller

public IdentityProviderDataMarshaller getMarshaller()

Specified by:

getMarshaller in interface IdentityProvider<OIDCIdentityProviderConfig>

Overrides:

getMarshaller in class AbstractIdentityProvider<OIDCIdentityProviderConfig>