org.keycloak.services.managers

Class AuthenticationManager

java.lang.Object

org.keycloak.services.managers.AuthenticationManager

Direct Known Subclasses:

AppAuthManager

public class AuthenticationManager
extends Object

Stateless object that manages authentication

Version:

$Revision: 1 $

Author:

Bill Burke

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AuthenticationManager.AuthenticationStatus
static class	AuthenticationManager.AuthResult

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTH_TIME
static String	CLIENT_LOGOUT_STATE Auth session note on client logout state (when logging out)
static String	END_AFTER_REQUIRED_ACTIONS
static String	FORM_USERNAME
static String	INVALIDATE_ACTION_TOKEN
static String	KEYCLOAK_IDENTITY_COOKIE
static String	KEYCLOAK_LOGOUT_PROTOCOL
static String	KEYCLOAK_REMEMBER_ME
static String	KEYCLOAK_SESSION_COOKIE
protected static org.jboss.logging.Logger	logger
static String	SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS
static String	SSO_AUTH

Constructor Summary

Constructors

Constructor and Description
AuthenticationManager()

Method Summary

Modifier and Type	Method and Description
static javax.ws.rs.core.Response	actionRequired(KeycloakSession session, AuthenticationSessionModel authSession, org.keycloak.common.ClientConnection clientConnection, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, EventBuilder event)
AuthenticationManager.AuthResult	authenticateIdentityCookie(KeycloakSession session, RealmModel realm)
static AuthenticationManager.AuthResult	authenticateIdentityCookie(KeycloakSession session, RealmModel realm, boolean checkActive)
static void	backchannelLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection, javax.ws.rs.core.HttpHeaders headers, boolean logoutBroker)
static void	backchannelLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection, javax.ws.rs.core.HttpHeaders headers, boolean logoutBroker, boolean offlineSession)
static void	backchannelLogout(KeycloakSession session, UserSessionModel userSession, boolean logoutBroker)
static void	backchannelLogoutUserFromClient(KeycloakSession session, RealmModel realm, UserModel user, ClientModel client, javax.ws.rs.core.UriInfo uriInfo, javax.ws.rs.core.HttpHeaders headers) Logout all clientSessions of this user and client
static javax.ws.rs.core.Response	browserLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection, javax.ws.rs.core.HttpHeaders headers)
static AccessToken	createIdentityToken(KeycloakSession keycloakSession, RealmModel realm, UserModel user, UserSessionModel session, String issuer)
static void	createLoginCookie(KeycloakSession keycloakSession, RealmModel realm, UserModel user, UserSessionModel session, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection)
static void	createRememberMeCookie(RealmModel realm, String username, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection)
static RequiredActionProvider	createRequiredAction(RequiredActionContextResult context)
protected static String	encodeToken(KeycloakSession session, RealmModel realm, Object token)
static void	evaluateRequiredActionTriggers(KeycloakSession session, AuthenticationSessionModel authSession, org.keycloak.common.ClientConnection clientConnection, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, EventBuilder event, RealmModel realm, UserModel user)
protected static javax.ws.rs.core.Response	executionActions(KeycloakSession session, AuthenticationSessionModel authSession, org.jboss.resteasy.spi.HttpRequest request, EventBuilder event, RealmModel realm, UserModel user, Set<String> requiredActions)
static void	expireCookie(RealmModel realm, String cookieName, String path, boolean httpOnly, org.keycloak.common.ClientConnection connection)
static void	expireIdentityCookie(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection)
static void	expireOldAuthSessionCookie(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection)
static void	expireOldIdentityCookie(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection)
static void	expireRememberMeCookie(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection)
static void	expireUserSessionCookie(KeycloakSession session, UserSessionModel userSession, RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, javax.ws.rs.core.HttpHeaders headers, org.keycloak.common.ClientConnection connection)
static javax.ws.rs.core.Response	finishBrowserLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection, javax.ws.rs.core.HttpHeaders headers)
static javax.ws.rs.core.Response	finishedRequiredActions(KeycloakSession session, AuthenticationSessionModel authSession, UserSessionModel userSession, org.keycloak.common.ClientConnection clientConnection, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, EventBuilder event)
static String	getAccountCookiePath(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo)
static CommonClientSessionModel.Action	getClientLogoutAction(AuthenticationSessionModel logoutAuthSession, String clientUuid) Returns the logout state of the particular client as per the logoutAuthSession
protected static String	getIdentityCookiePath(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo)
static String	getOldCookiePath(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo)
static String	getRealmCookiePath(RealmModel realm, javax.ws.rs.core.UriInfo uriInfo)
static String	getRememberMeUsername(RealmModel realm, javax.ws.rs.core.HttpHeaders headers)
static boolean	isOfflineSessionValid(RealmModel realm, UserSessionModel userSession)
static boolean	isSessionValid(RealmModel realm, UserSessionModel userSession)
static boolean	isSSOAuthentication(AuthenticatedClientSessionModel clientSession)
static javax.ws.rs.core.Response	nextActionAfterAuthentication(KeycloakSession session, AuthenticationSessionModel authSession, org.keycloak.common.ClientConnection clientConnection, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, EventBuilder event)
static String	nextRequiredAction(KeycloakSession session, AuthenticationSessionModel authSession, org.keycloak.common.ClientConnection clientConnection, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, EventBuilder event)
static javax.ws.rs.core.Response	redirectAfterSuccessfulFlow(KeycloakSession session, RealmModel realm, UserSessionModel userSession, ClientSessionContext clientSessionCtx, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection clientConnection, EventBuilder event, LoginProtocol protocol)
static javax.ws.rs.core.Response	redirectAfterSuccessfulFlow(KeycloakSession session, RealmModel realm, UserSessionModel userSession, ClientSessionContext clientSessionCtx, org.jboss.resteasy.spi.HttpRequest request, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection clientConnection, EventBuilder event, String protocol)
static javax.ws.rs.core.Response	redirectToRequiredActions(KeycloakSession session, RealmModel realm, AuthenticationSessionModel authSession, javax.ws.rs.core.UriInfo uriInfo, String requiredAction)
static void	setClientLogoutAction(AuthenticationSessionModel logoutAuthSession, String clientUuid, CommonClientSessionModel.Action action) Sets logout state of the particular client into the logoutAuthSession
static void	setClientScopesInSession(AuthenticationSessionModel authSession)
static AuthenticationManager.AuthResult	verifyIdentityToken(KeycloakSession session, RealmModel realm, javax.ws.rs.core.UriInfo uriInfo, org.keycloak.common.ClientConnection connection, boolean checkActive, boolean checkTokenType, boolean isCookie, String tokenString, javax.ws.rs.core.HttpHeaders headers)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS

public static final String SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS

See Also:

Constant Field Values

END_AFTER_REQUIRED_ACTIONS

public static final String END_AFTER_REQUIRED_ACTIONS

See Also:

Constant Field Values

INVALIDATE_ACTION_TOKEN

public static final String INVALIDATE_ACTION_TOKEN

See Also:

Constant Field Values

CLIENT_LOGOUT_STATE

public static final String CLIENT_LOGOUT_STATE

Auth session note on client logout state (when logging out)

See Also:

Constant Field Values

AUTH_TIME

public static final String AUTH_TIME

See Also:

Constant Field Values

SSO_AUTH

public static final String SSO_AUTH

See Also:

Constant Field Values

logger

protected static final org.jboss.logging.Logger logger

FORM_USERNAME

public static final String FORM_USERNAME

See Also:

Constant Field Values

KEYCLOAK_IDENTITY_COOKIE

public static final String KEYCLOAK_IDENTITY_COOKIE

See Also:

Constant Field Values

KEYCLOAK_SESSION_COOKIE

public static final String KEYCLOAK_SESSION_COOKIE

See Also:

Constant Field Values

KEYCLOAK_REMEMBER_ME

public static final String KEYCLOAK_REMEMBER_ME

See Also:

Constant Field Values

KEYCLOAK_LOGOUT_PROTOCOL

public static final String KEYCLOAK_LOGOUT_PROTOCOL

See Also:

Constant Field Values

Constructor Detail

AuthenticationManager

public AuthenticationManager()

Method Detail

isSessionValid

public static boolean isSessionValid(RealmModel realm,
                                     UserSessionModel userSession)

isOfflineSessionValid

public static boolean isOfflineSessionValid(RealmModel realm,
                                            UserSessionModel userSession)

expireUserSessionCookie

public static void expireUserSessionCookie(KeycloakSession session,
                                           UserSessionModel userSession,
                                           RealmModel realm,
                                           javax.ws.rs.core.UriInfo uriInfo,
                                           javax.ws.rs.core.HttpHeaders headers,
                                           org.keycloak.common.ClientConnection connection)

backchannelLogout

public static void backchannelLogout(KeycloakSession session,
                                     UserSessionModel userSession,
                                     boolean logoutBroker)

backchannelLogout

public static void backchannelLogout(KeycloakSession session,
                                     RealmModel realm,
                                     UserSessionModel userSession,
                                     javax.ws.rs.core.UriInfo uriInfo,
                                     org.keycloak.common.ClientConnection connection,
                                     javax.ws.rs.core.HttpHeaders headers,
                                     boolean logoutBroker)

backchannelLogout

public static void backchannelLogout(KeycloakSession session,
                                     RealmModel realm,
                                     UserSessionModel userSession,
                                     javax.ws.rs.core.UriInfo uriInfo,
                                     org.keycloak.common.ClientConnection connection,
                                     javax.ws.rs.core.HttpHeaders headers,
                                     boolean logoutBroker,
                                     boolean offlineSession)

Parameters:

session -

realm -

userSession -

uriInfo -

connection -

headers -

logoutBroker -

offlineSession -

setClientLogoutAction

public static void setClientLogoutAction(AuthenticationSessionModel logoutAuthSession,
                                         String clientUuid,
                                         CommonClientSessionModel.Action action)

Sets logout state of the particular client into the logoutAuthSession

Parameters:

logoutAuthSession - logoutAuthSession. May be null in which case this is a no-op.

clientUuid - Client. Must not be null

action -

getClientLogoutAction

public static CommonClientSessionModel.Action getClientLogoutAction(AuthenticationSessionModel logoutAuthSession,
                                                                    String clientUuid)

Returns the logout state of the particular client as per the logoutAuthSession

Parameters:

logoutAuthSession - logoutAuthSession. May be null in which case this is a no-op.

clientUuid - Internal ID of the client. Must not be null

Returns:

State if it can be determined, null otherwise.

backchannelLogoutUserFromClient

public static void backchannelLogoutUserFromClient(KeycloakSession session,
                                                   RealmModel realm,
                                                   UserModel user,
                                                   ClientModel client,
                                                   javax.ws.rs.core.UriInfo uriInfo,
                                                   javax.ws.rs.core.HttpHeaders headers)

Logout all clientSessions of this user and client

Parameters:

session -

realm -

user -

client -

uriInfo -

headers -

browserLogout

public static javax.ws.rs.core.Response browserLogout(KeycloakSession session,
                                                      RealmModel realm,
                                                      UserSessionModel userSession,
                                                      javax.ws.rs.core.UriInfo uriInfo,
                                                      org.keycloak.common.ClientConnection connection,
                                                      javax.ws.rs.core.HttpHeaders headers)

finishBrowserLogout

public static javax.ws.rs.core.Response finishBrowserLogout(KeycloakSession session,
                                                            RealmModel realm,
                                                            UserSessionModel userSession,
                                                            javax.ws.rs.core.UriInfo uriInfo,
                                                            org.keycloak.common.ClientConnection connection,
                                                            javax.ws.rs.core.HttpHeaders headers)

createIdentityToken

public static AccessToken createIdentityToken(KeycloakSession keycloakSession,
                                              RealmModel realm,
                                              UserModel user,
                                              UserSessionModel session,
                                              String issuer)

createLoginCookie

public static void createLoginCookie(KeycloakSession keycloakSession,
                                     RealmModel realm,
                                     UserModel user,
                                     UserSessionModel session,
                                     javax.ws.rs.core.UriInfo uriInfo,
                                     org.keycloak.common.ClientConnection connection)

createRememberMeCookie

public static void createRememberMeCookie(RealmModel realm,
                                          String username,
                                          javax.ws.rs.core.UriInfo uriInfo,
                                          org.keycloak.common.ClientConnection connection)

getRememberMeUsername

public static String getRememberMeUsername(RealmModel realm,
                                           javax.ws.rs.core.HttpHeaders headers)

encodeToken

protected static String encodeToken(KeycloakSession session,
                                    RealmModel realm,
                                    Object token)

expireIdentityCookie

public static void expireIdentityCookie(RealmModel realm,
                                        javax.ws.rs.core.UriInfo uriInfo,
                                        org.keycloak.common.ClientConnection connection)

expireOldIdentityCookie

public static void expireOldIdentityCookie(RealmModel realm,
                                           javax.ws.rs.core.UriInfo uriInfo,
                                           org.keycloak.common.ClientConnection connection)

expireRememberMeCookie

public static void expireRememberMeCookie(RealmModel realm,
                                          javax.ws.rs.core.UriInfo uriInfo,
                                          org.keycloak.common.ClientConnection connection)

expireOldAuthSessionCookie

public static void expireOldAuthSessionCookie(RealmModel realm,
                                              javax.ws.rs.core.UriInfo uriInfo,
                                              org.keycloak.common.ClientConnection connection)

getIdentityCookiePath

protected static String getIdentityCookiePath(RealmModel realm,
                                              javax.ws.rs.core.UriInfo uriInfo)

getRealmCookiePath

public static String getRealmCookiePath(RealmModel realm,
                                        javax.ws.rs.core.UriInfo uriInfo)

getOldCookiePath

public static String getOldCookiePath(RealmModel realm,
                                      javax.ws.rs.core.UriInfo uriInfo)

getAccountCookiePath

public static String getAccountCookiePath(RealmModel realm,
                                          javax.ws.rs.core.UriInfo uriInfo)

expireCookie

public static void expireCookie(RealmModel realm,
                                String cookieName,
                                String path,
                                boolean httpOnly,
                                org.keycloak.common.ClientConnection connection)

authenticateIdentityCookie

public AuthenticationManager.AuthResult authenticateIdentityCookie(KeycloakSession session,
                                                                   RealmModel realm)

authenticateIdentityCookie

public static AuthenticationManager.AuthResult authenticateIdentityCookie(KeycloakSession session,
                                                                          RealmModel realm,
                                                                          boolean checkActive)

redirectAfterSuccessfulFlow

public static javax.ws.rs.core.Response redirectAfterSuccessfulFlow(KeycloakSession session,
                                                                    RealmModel realm,
                                                                    UserSessionModel userSession,
                                                                    ClientSessionContext clientSessionCtx,
                                                                    org.jboss.resteasy.spi.HttpRequest request,
                                                                    javax.ws.rs.core.UriInfo uriInfo,
                                                                    org.keycloak.common.ClientConnection clientConnection,
                                                                    EventBuilder event,
                                                                    String protocol)

redirectAfterSuccessfulFlow

public static javax.ws.rs.core.Response redirectAfterSuccessfulFlow(KeycloakSession session,
                                                                    RealmModel realm,
                                                                    UserSessionModel userSession,
                                                                    ClientSessionContext clientSessionCtx,
                                                                    org.jboss.resteasy.spi.HttpRequest request,
                                                                    javax.ws.rs.core.UriInfo uriInfo,
                                                                    org.keycloak.common.ClientConnection clientConnection,
                                                                    EventBuilder event,
                                                                    LoginProtocol protocol)

isSSOAuthentication

public static boolean isSSOAuthentication(AuthenticatedClientSessionModel clientSession)

nextActionAfterAuthentication

public static javax.ws.rs.core.Response nextActionAfterAuthentication(KeycloakSession session,
                                                                      AuthenticationSessionModel authSession,
                                                                      org.keycloak.common.ClientConnection clientConnection,
                                                                      org.jboss.resteasy.spi.HttpRequest request,
                                                                      javax.ws.rs.core.UriInfo uriInfo,
                                                                      EventBuilder event)

redirectToRequiredActions

public static javax.ws.rs.core.Response redirectToRequiredActions(KeycloakSession session,
                                                                  RealmModel realm,
                                                                  AuthenticationSessionModel authSession,
                                                                  javax.ws.rs.core.UriInfo uriInfo,
                                                                  String requiredAction)

finishedRequiredActions

public static javax.ws.rs.core.Response finishedRequiredActions(KeycloakSession session,
                                                                AuthenticationSessionModel authSession,
                                                                UserSessionModel userSession,
                                                                org.keycloak.common.ClientConnection clientConnection,
                                                                org.jboss.resteasy.spi.HttpRequest request,
                                                                javax.ws.rs.core.UriInfo uriInfo,
                                                                EventBuilder event)

nextRequiredAction

public static String nextRequiredAction(KeycloakSession session,
                                        AuthenticationSessionModel authSession,
                                        org.keycloak.common.ClientConnection clientConnection,
                                        org.jboss.resteasy.spi.HttpRequest request,
                                        javax.ws.rs.core.UriInfo uriInfo,
                                        EventBuilder event)

actionRequired

public static javax.ws.rs.core.Response actionRequired(KeycloakSession session,
                                                       AuthenticationSessionModel authSession,
                                                       org.keycloak.common.ClientConnection clientConnection,
                                                       org.jboss.resteasy.spi.HttpRequest request,
                                                       javax.ws.rs.core.UriInfo uriInfo,
                                                       EventBuilder event)

setClientScopesInSession

public static void setClientScopesInSession(AuthenticationSessionModel authSession)

createRequiredAction

public static RequiredActionProvider createRequiredAction(RequiredActionContextResult context)

executionActions

protected static javax.ws.rs.core.Response executionActions(KeycloakSession session,
                                                            AuthenticationSessionModel authSession,
                                                            org.jboss.resteasy.spi.HttpRequest request,
                                                            EventBuilder event,
                                                            RealmModel realm,
                                                            UserModel user,
                                                            Set<String> requiredActions)

evaluateRequiredActionTriggers

public static void evaluateRequiredActionTriggers(KeycloakSession session,
                                                  AuthenticationSessionModel authSession,
                                                  org.keycloak.common.ClientConnection clientConnection,
                                                  org.jboss.resteasy.spi.HttpRequest request,
                                                  javax.ws.rs.core.UriInfo uriInfo,
                                                  EventBuilder event,
                                                  RealmModel realm,
                                                  UserModel user)

verifyIdentityToken

public static AuthenticationManager.AuthResult verifyIdentityToken(KeycloakSession session,
                                                                   RealmModel realm,
                                                                   javax.ws.rs.core.UriInfo uriInfo,
                                                                   org.keycloak.common.ClientConnection connection,
                                                                   boolean checkActive,
                                                                   boolean checkTokenType,
                                                                   boolean isCookie,
                                                                   String tokenString,
                                                                   javax.ws.rs.core.HttpHeaders headers)