@Override public String getFederationLink() { return delegate.getFederationLink(); }
@Override public String getFederationLink() { return delegate.getFederationLink(); }
@Override public String getFederationLink() { if (updated != null) return updated.getFederationLink(); return cached.getFederationLink(); }
@Override public String getFederationLink() { if (updated != null) return updated.getFederationLink(); return cached.getFederationLink(); }
protected UserFederationProvider getFederationLink(RealmModel realm, UserModel user) { if (user.getFederationLink() == null) return null; for (UserFederationProviderModel fed : realm.getUserFederationProviders()) { if (fed.getId().equals(user.getFederationLink())) { return getFederationProvider(fed); } } return null; }
private PasswordCredentialProvider getPasswordCredentialProvider(final RealmModel realm, final UserModel user) { PasswordCredentialProvider passwordCredentialProvider = null; if (!StorageId.isLocalStorage(user)) { String providerId = StorageId.resolveProviderId(user); UserStorageProvider provider = UserStorageManager.getStorageProvider(keycloakSession, realm, providerId); if (provider instanceof PasswordCredentialProvider) { passwordCredentialProvider = (PasswordCredentialProvider)provider; } } else { if (user.getFederationLink() != null) { UserStorageProvider provider = UserStorageManager.getStorageProvider(keycloakSession, realm, user.getFederationLink()); if (provider != null && provider instanceof PasswordCredentialProvider) { passwordCredentialProvider = (PasswordCredentialProvider)provider; } } } if(passwordCredentialProvider == null) { List<CredentialInputValidator> credentialProviders = UserCredentialStoreManager.getCredentialProviders(keycloakSession, realm, CredentialInputValidator.class); for (CredentialInputValidator validator : credentialProviders) { if (validator != null && validator instanceof PasswordCredentialProvider) { passwordCredentialProvider = (PasswordCredentialProvider)validator; break; } } } return passwordCredentialProvider; }
public AccountFederatedIdentityBean(KeycloakSession session, RealmModel realm, UserModel user, URI baseUri, String stateChecker) { this.session = session; URI accountIdentityUpdateUri = Urls.accountFederatedIdentityUpdate(baseUri, realm.getName()); List<IdentityProviderModel> identityProviders = realm.getIdentityProviders(); Set<FederatedIdentityModel> identities = session.users().getFederatedIdentities(user, realm); Set<FederatedIdentityEntry> orderedSet = new TreeSet<>(IdentityProviderComparator.INSTANCE); int availableIdentities = 0; if (identityProviders != null && !identityProviders.isEmpty()) { for (IdentityProviderModel provider : identityProviders) { String providerId = provider.getAlias(); FederatedIdentityModel identity = getIdentity(identities, providerId); if (identity != null) { availableIdentities++; } String action = identity != null ? "remove" : "add"; String actionUrl = UriBuilder.fromUri(accountIdentityUpdateUri) .queryParam("action", action) .queryParam("provider_id", providerId) .queryParam("stateChecker", stateChecker) .build().toString(); FederatedIdentityEntry entry = new FederatedIdentityEntry(identity, provider.getAlias(), provider.getAlias(), actionUrl, provider.getConfig() != null ? provider.getConfig().get("guiOrder") : null); orderedSet.add(entry); } } this.identities = new LinkedList<FederatedIdentityEntry>(orderedSet); // Removing last social provider is not possible if you don't have other possibility to authenticate this.removeLinkPossible = availableIdentities > 1 || user.getFederationLink() != null || AccountService.isPasswordSet(user); }
public CachedUser(Long revision, RealmModel realm, UserModel user, int notBefore) { super(revision, user.getId()); this.realm = realm.getId(); this.username = user.getUsername(); this.createdTimestamp = user.getCreatedTimestamp(); this.firstName = user.getFirstName(); this.lastName = user.getLastName(); this.email = user.getEmail(); this.emailVerified = user.isEmailVerified(); this.enabled = user.isEnabled(); this.federationLink = user.getFederationLink(); this.serviceAccountClientLink = user.getServiceAccountClientLink(); this.notBefore = notBefore; this.requiredActions = new DefaultLazyLoader<>(UserModel::getRequiredActions, Collections::emptySet); this.attributes = new DefaultLazyLoader<>(userModel -> new MultivaluedHashMap<>(userModel.getAttributes()), MultivaluedHashMap::new); this.roleMappings = new DefaultLazyLoader<>(userModel -> userModel.getRoleMappings().stream().map(RoleModel::getId).collect(Collectors.toSet()), Collections::emptySet); this.groups = new DefaultLazyLoader<>(userModel -> userModel.getGroups().stream().map(GroupModel::getId).collect(Collectors.toCollection(LinkedHashSet::new)), LinkedHashSet::new); }
/** * Called after successful authentication * * @param realm realm * @param username username without realm prefix * @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider */ protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) { UserModel user = session.userLocalStorage().getUserByUsername(username, realm); if (user != null) { user = session.users().getUserById(user.getId(), realm); // make sure we get a cached instance logger.debug("Kerberos authenticated user " + username + " found in Keycloak storage"); if (!model.getId().equals(user.getFederationLink())) { logger.warn("User with username " + username + " already exists, but is not linked to provider [" + model.getName() + "]"); return null; } else { UserModel proxied = validate(realm, user); if (proxied != null) { return proxied; } else { logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getName() + "] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL)); logger.warn("Will re-create user"); new UserManager(session).removeUser(realm, user, session.userLocalStorage()); } } } logger.debug("Kerberos authenticated user " + username + " not in Keycloak storage. Creating him"); return importUserToKeycloak(realm, username); }
userRep.setFederationLink(user.getFederationLink());
public CachedUser(RealmModel realm, UserModel user) { this.id = user.getId(); this.realm = realm.getId(); this.username = user.getUsername(); this.createdTimestamp = user.getCreatedTimestamp(); this.firstName = user.getFirstName(); this.lastName = user.getLastName(); this.attributes.putAll(user.getAttributes()); this.email = user.getEmail(); this.emailVerified = user.isEmailVerified(); this.credentials.addAll(user.getCredentialsDirectly()); this.enabled = user.isEnabled(); this.totp = user.isOtpEnabled(); this.federationLink = user.getFederationLink(); this.serviceAccountClientLink = user.getServiceAccountClientLink(); this.requiredActions.addAll(user.getRequiredActions()); for (RoleModel role : user.getRoleMappings()) { roleMappings.add(role.getId()); } Set<GroupModel> groupMappings = user.getGroups(); if (groupMappings != null) { for (GroupModel group : groupMappings) { groups.add(group.getId()); } } }
public static UserRepresentation toRepresentation(UserModel user) { UserRepresentation rep = new UserRepresentation(); rep.setId(user.getId()); rep.setUsername(user.getUsername()); rep.setCreatedTimestamp(user.getCreatedTimestamp()); rep.setLastName(user.getLastName()); rep.setFirstName(user.getFirstName()); rep.setEmail(user.getEmail()); rep.setEnabled(user.isEnabled()); rep.setEmailVerified(user.isEmailVerified()); rep.setTotp(user.isOtpEnabled()); rep.setFederationLink(user.getFederationLink()); List<String> reqActions = new ArrayList<String>(); Set<String> requiredActions = user.getRequiredActions(); for (String ra : requiredActions){ reqActions.add(ra); } rep.setRequiredActions(reqActions); if (user.getAttributes() != null && !user.getAttributes().isEmpty()) { Map<String, Object> attrs = new HashMap<>(); attrs.putAll(user.getAttributes()); rep.setAttributes(attrs); } return rep; }
protected UserModel cacheUser(RealmModel realm, UserModel delegate, Long revision) { int notBefore = getDelegate().getNotBeforeOfUser(realm, delegate); StorageId storageId = delegate.getFederationLink() != null ? new StorageId(delegate.getFederationLink(), delegate.getId()) : new StorageId(delegate.getId()); CachedUser cached = null; UserAdapter adapter = null;