@Override public boolean validCredentials(RealmModel realm, UserModel user, List<UserCredentialModel> input) { if (user.getUsername().equals("test-user") && input.size() == 1) { UserCredentialModel password = input.get(0); if (password.getType().equals(UserCredentialModel.PASSWORD)) { return "secret".equals(password.getValue()); } } return false; }
public static UserCredentialModel generateSecret(ClientModel client) { UserCredentialModel secret = UserCredentialModel.generateSecret(); client.setSecret(secret.getValue()); return secret; }
private static boolean validCredential(KeycloakSession session, RealmModel realm, UserModel user, UserCredentialModel credential) { if (credential.getType().equals(UserCredentialModel.PASSWORD)) { if (!validPassword(session, realm, user, credential.getValue())) { return false; } } else if (credential.getType().equals(UserCredentialModel.PASSWORD_TOKEN)) { if (!validPasswordToken(realm, user, credential.getValue())) { return false; } } else if (credential.getType().equals(UserCredentialModel.TOTP)) { if (!validTOTP(realm, user, credential.getValue())) { return false; } } else if (credential.getType().equals(UserCredentialModel.HOTP)) { if (!validHOTP(realm, user, credential.getValue())) { return false; } } else if (credential.getType().equals(UserCredentialModel.SECRET)) { if (!validSecret(realm, user, credential.getValue())) { return false; } } else { return false; } return true; } }
public static CredentialRepresentation toRepresentation(UserCredentialModel cred) { CredentialRepresentation rep = new CredentialRepresentation(); rep.setType(CredentialRepresentation.SECRET); rep.setValue(cred.getValue()); return rep; }
@Override public boolean isValid(RealmModel realmModel, UserModel userModel, CredentialInput credentialInput) { String token = ((UserCredentialModel) credentialInput).getValue(); String userName = authenticateToken(token, client, httpClient); boolean authenticated = Objects.equals(userModel.getUsername(), userName); if(userName == null) { LOG.debug("User: " + userModel.getUsername() + " not authenticated for realm " + realmModel.getName()); } else if(!authenticated) { LOG.debug("Attempt to log in for user " + userModel.getUsername() + " in realm " + realmModel.getName() + " with token for " + userName); } return authenticated; }
@Override public boolean isValid(RealmModel realm, UserModel user, CredentialInput input) { if (!(input instanceof UserCredentialModel)) return false; if (input.getType().equals(UserCredentialModel.PASSWORD) && !session.userCredentialManager().isConfiguredLocally(realm, user, UserCredentialModel.PASSWORD)) { return validPassword(user.getUsername(), ((UserCredentialModel)input).getValue()); } else { return false; // invalid cred type } }
public void updateCredential(RealmModel realm, UserModel user, UserCredentialModel credential) { if (credential.getType().equals(UserCredentialModel.PASSWORD)) { if (realm.getPasswordPolicy() != null) { PasswordPolicy.Error error = realm.getPasswordPolicy().validate(session, user, credential.getValue()); if (error != null) throw new ModelException(error.getMessage(), error.getParameters()); } } user.updateCredential(credential); }
@Override public CredentialValidationOutput authenticate(RealmModel realm, CredentialInput input) { if (!(input instanceof UserCredentialModel)) return null; UserCredentialModel credential = (UserCredentialModel)input; if (credential.getType().equals(UserCredentialModel.KERBEROS)) { String spnegoToken = credential.getValue(); SPNEGOAuthenticator spnegoAuthenticator = factory.createSPNEGOAuthenticator(spnegoToken, kerberosConfig); spnegoAuthenticator.authenticate(); Map<String, String> state = new HashMap<String, String>(); if (spnegoAuthenticator.isAuthenticated()) { String username = spnegoAuthenticator.getAuthenticatedUsername(); UserModel user = findOrCreateAuthenticatedUser(realm, username); if (user == null) { return CredentialValidationOutput.failed(); } else { String delegationCredential = spnegoAuthenticator.getSerializedDelegationCredential(); if (delegationCredential != null) { state.put(KerberosConstants.GSS_DELEGATION_CREDENTIAL, delegationCredential); } return new CredentialValidationOutput(user, CredentialValidationOutput.Status.AUTHENTICATED, state); } } else { state.put(KerberosConstants.RESPONSE_TOKEN, spnegoAuthenticator.getResponseToken()); return new CredentialValidationOutput(null, CredentialValidationOutput.Status.CONTINUE, state); } } else { return null; } }