protected void validateUser(RealmModel realm, UserModel user) { if (managedUsers.containsKey(user.getId())) { return; } UserFederationProvider link = getFederationLink(realm, user); if (link != null && !link.isValid(realm, user)) { deleteInvalidUser(realm, user); throw new IllegalStateException("Federated user no longer valid"); } }
protected UserModel validateAndProxyUser(RealmModel realm, UserModel user) { UserModel managed = managedUsers.get(user.getId()); if (managed != null) { return managed; } UserFederationProvider link = getFederationLink(realm, user); if (link != null) { UserModel validatedProxyUser = link.validateAndProxy(realm, user); if (validatedProxyUser != null) { managedUsers.put(user.getId(), validatedProxyUser); return validatedProxyUser; } else { deleteInvalidUser(realm, user); return null; } } return user; }
@Override public boolean removeUser(RealmModel realm, UserModel user) { UserFederationProvider link = getFederationLink(realm, user); if (link != null) { boolean fedRemoved = link.removeUser(realm, user); if (fedRemoved) { boolean localRemoved = session.userStorage().removeUser(realm, user); managedUsers.remove(user.getId()); if (!localRemoved) { logger.warn("User removed from federation provider, but failed to remove him from keycloak model"); } return localRemoved; } else { logger.warn("Failed to remove user from federation provider"); return false; } } return session.userStorage().removeUser(realm, user); }
@Override public boolean validCredentials(KeycloakSession session, RealmModel realm, UserModel user, List<UserCredentialModel> input) { UserFederationProvider link = getFederationLink(realm, user); if (link != null) { validateUser(realm, user); Set<String> supportedCredentialTypes = link.getSupportedCredentialTypes(user); if (supportedCredentialTypes.size() > 0) { List<UserCredentialModel> fedCreds = new ArrayList<UserCredentialModel>(); List<UserCredentialModel> localCreds = new ArrayList<UserCredentialModel>(); for (UserCredentialModel cred : input) { if (supportedCredentialTypes.contains(cred.getType())) { fedCreds.add(cred); } else { localCreds.add(cred); } } if (!link.validCredentials(realm, user, fedCreds)) { return false; } return session.userStorage().validCredentials(session, realm, user, localCreds); } } return session.userStorage().validCredentials(session, realm, user, input); }
UserFederationProvider link = getFederationLink(realm, user); if (link != null) { Set<String> supportedCredentialTypes = link.getSupportedCredentialTypes(user);