@Override public void updateConsent(RealmModel realm, String userId, UserConsentModel consent) { session.userLocalStorage().updateConsent(realm, userId, consent); }
@Override public List<UserConsentModel> getConsents(RealmModel realm, String userId) { return session.userLocalStorage().getConsents(realm, userId); }
@Override public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientInternalId) { return session.userLocalStorage().getConsentByClient(realm, userId, clientInternalId); }
@Override public boolean revokeConsentForClient(RealmModel realm, String userId, String clientInternalId) { return session.userLocalStorage().revokeConsentForClient(realm, userId, clientInternalId); }
@Override public void addConsent(RealmModel realm, String userId, UserConsentModel consent) { session.userLocalStorage().addConsent(realm, userId, consent); }
/** * Called after successful authentication * * @param realm realm * @param username username without realm prefix * @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider */ protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) { UserModel user = session.userLocalStorage().getUserByUsername(username, realm); if (user != null) { user = session.users().getUserById(user.getId(), realm); // make sure we get a cached instance logger.debug("Kerberos authenticated user " + username + " found in Keycloak storage"); if (!model.getId().equals(user.getFederationLink())) { logger.warn("User with username " + username + " already exists, but is not linked to provider [" + model.getName() + "]"); return null; } else { UserModel proxied = validate(realm, user); if (proxied != null) { return proxied; } else { logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getName() + "] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL)); logger.warn("Will re-create user"); new UserManager(session).removeUser(realm, user, session.userLocalStorage()); } } } logger.debug("Kerberos authenticated user " + username + " not in Keycloak storage. Creating him"); return importUserToKeycloak(realm, username); }
protected UserModel importUserToKeycloak(RealmModel realm, String username) { // Just guessing email from kerberos realm String email = username + "@" + kerberosConfig.getKerberosRealm().toLowerCase(); logger.debugf("Creating kerberos user: %s, email: %s to local Keycloak storage", username, email); UserModel user = session.userLocalStorage().addUser(realm, username); user.setEnabled(true); user.setEmail(email); user.setFederationLink(model.getId()); user.setSingleAttribute(KERBEROS_PRINCIPAL, username + "@" + kerberosConfig.getKerberosRealm()); if (kerberosConfig.isUpdateProfileFirstLogin()) { user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE); } return validate(realm, user); } }