Class SpnegoAuthenticator
- java.lang.Object
-
- org.keycloak.authentication.AbstractFormAuthenticator
-
- org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
-
- org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator
-
- All Implemented Interfaces:
Authenticator,Provider
public class SpnegoAuthenticator extends AbstractUsernameFormAuthenticator implements Authenticator
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Field Summary
Fields Modifier and Type Field Description static booleanbypassChallengeJavascript-
Fields inherited from class org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
ATTEMPTED_USERNAME, REGISTRATION_FORM_ACTION, USER_SET_BEFORE_USERNAME_PASSWORD_AUTH
-
-
Constructor Summary
Constructors Constructor Description SpnegoAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaction(AuthenticationFlowContext context)Called from a form action invocation.voidauthenticate(AuthenticationFlowContext context)Initial call for the authenticator.voidclose()booleanconfiguredFor(KeycloakSession session, RealmModel realm, UserModel user)Is this authenticator configured for this user.protected javax.ws.rs.core.ResponseoptionalChallengeRedirect(AuthenticationFlowContext context, String negotiateHeader)401 challenge sent back that bypassesbooleanrequiresUser()Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?voidsetRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)Set actions to configure authenticator-
Methods inherited from class org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
challenge, challenge, createLoginForm, disabledByBruteForceError, disabledByBruteForceFieldError, dummyHash, enabledUser, getDefaultChallengeMessage, isDisabledByBruteForce, isUserAlreadySetBeforeUsernamePasswordAuth, runDefaultDummyHash, setDuplicateUserChallenge, testInvalidUser, validatePassword, validateUser, validateUserAndPassword
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.authentication.Authenticator
areRequiredActionsEnabled, getRequiredActions
-
-
-
-
Method Detail
-
requiresUser
public boolean requiresUser()
Description copied from interface:AuthenticatorDoes this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?- Specified by:
requiresUserin interfaceAuthenticator- Returns:
-
action
public void action(AuthenticationFlowContext context)
Description copied from interface:AuthenticatorCalled from a form action invocation.- Specified by:
actionin interfaceAuthenticator- Overrides:
actionin classAbstractUsernameFormAuthenticator
-
authenticate
public void authenticate(AuthenticationFlowContext context)
Description copied from interface:AuthenticatorInitial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.- Specified by:
authenticatein interfaceAuthenticator
-
optionalChallengeRedirect
protected javax.ws.rs.core.Response optionalChallengeRedirect(AuthenticationFlowContext context, String negotiateHeader)
401 challenge sent back that bypasses- Parameters:
context-negotiateHeader-- Returns:
-
configuredFor
public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user)
Description copied from interface:AuthenticatorIs this authenticator configured for this user.- Specified by:
configuredForin interfaceAuthenticator- Returns:
-
setRequiredActions
public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)
Description copied from interface:AuthenticatorSet actions to configure authenticator- Specified by:
setRequiredActionsin interfaceAuthenticator
-
close
public void close()
- Specified by:
closein interfaceProvider- Overrides:
closein classAbstractFormAuthenticator
-
-