@Override public String getFirstAttribute(String name) { return delegate.getFirstAttribute(name); }
@Override public String getFirstAttribute(String name) { return delegate.getFirstAttribute(name); }
@Override public boolean isConfiguredFor(RealmModel realmModel, UserModel userModel, String s) { return "serviceaccount".equals(userModel.getFirstAttribute("authenticationType")) ; }
@Override public Set<String> getDisableableCredentialTypes(RealmModel realmModel, UserModel userModel) { if(!"serviceaccount".equals(userModel.getFirstAttribute("authenticationType"))) { return Collections.singleton(ENMASSE_SERVICE_ACCOUNT_TYPE); } else { return Collections.emptySet(); } }
public boolean isValid(RealmModel realm, UserModel local) { // KerberosUsernamePasswordAuthenticator.isUserAvailable is an overhead, so avoid it for now String kerberosPrincipal = local.getUsername() + "@" + kerberosConfig.getKerberosRealm(); return kerberosPrincipal.equalsIgnoreCase(local.getFirstAttribute(KERBEROS_PRINCIPAL)); }
@Override public String getFirstAttribute(String name) { if (updated != null) return updated.getFirstAttribute(name); return cached.getAttributes(modelSupplier).getFirst(name); }
@Override public String getFirstAttribute(String name) { if (updated != null) return updated.getFirstAttribute(name); return cached.getAttributes().getFirst(name); }
@Override public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String attribute = mapperModel.getConfig().get(USER_ATTRIBUTE); Object value = getClaimValue(mapperModel, context); String current = user.getFirstAttribute(attribute); if (value != null && !value.equals(current)) { user.setSingleAttribute(attribute, value.toString()); } else if (value == null) { user.removeAttribute(attribute); } }
/** * * * @param user * @param name * @return */ public static String resolveFirstAttribute(UserModel user, String name) { String value = user.getFirstAttribute(name); if (value != null) return value; for (GroupModel group : user.getGroups()) { value = resolveFirstAttribute(group, name); if (value != null) return value; } return null; }
final UserModel user = keycloakSession.userStorageManager().getUserByUsername(tokenUser, realm); if (user != null) { if ("serviceaccount".equals(user.getFirstAttribute("authenticationType"))) { authenticatedUser = new UserDataImpl(user.getId(), user.getUsername(), user.getGroups().stream().map(GroupModel::getName).collect(Collectors.toSet())); authenticated = true; final UserModel user = keycloakSession.userStorageManager().getUserByUsername(username, realm); if (user != null) { UserCredentialModel credentialModel = "serviceaccount".equals(user.getFirstAttribute("authenticationType")) ? createServiceAccountUserCredential(password) : UserCredentialModel.password(password); if (keycloakSession.userCredentialManager().isValid(realm, user, credentialModel)) { authenticatedUser = new UserDataImpl(user.getId(), user.getUsername(), user.getGroups().stream().map(GroupModel::getName).collect(Collectors.toSet()));
/** * Called after successful authentication * * @param realm realm * @param username username without realm prefix * @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider */ protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) { UserModel user = session.userLocalStorage().getUserByUsername(username, realm); if (user != null) { user = session.users().getUserById(user.getId(), realm); // make sure we get a cached instance logger.debug("Kerberos authenticated user " + username + " found in Keycloak storage"); if (!model.getId().equals(user.getFederationLink())) { logger.warn("User with username " + username + " already exists, but is not linked to provider [" + model.getName() + "]"); return null; } else { UserModel proxied = validate(realm, user); if (proxied != null) { return proxied; } else { logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getName() + "] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL)); logger.warn("Will re-create user"); new UserManager(session).removeUser(realm, user, session.userLocalStorage()); } } } logger.debug("Kerberos authenticated user " + username + " not in Keycloak storage. Creating him"); return importUserToKeycloak(realm, username); }