All Classes and Interfaces
Class
Description
AbstractClientPolicyConditionProvider<CONFIG extends ClientPolicyConditionConfigurationRepresentation>
Abstract base class for updating a single reference (specified via a single config property).
Abstract class for number validator.
A
AccountResourceProvider creates JAX-RS resource instances for the Account endpoints, allowing
an implementor to override the behavior of the entire Account console.A factory that creates
AccountResourceProvider instances.A
Spi to replace Account resources.Enum for actions taken by PartialImport.
Ancestor for a provider factory for both a standalone
ProviderFactory and a ComponentFactory.A criteria that matches a property based on its annotations
Provides a way to create and resolve artifacts for SAML Artifact binding
Exception to indicate a configuration error in
ArtifactResolver.A factory that creates
ArtifactResolver instances.Exception to indicate a processing error in
ArtifactResolver.Interface of the user profile attribute change listener.
Holds attributes, their values and provides utility methods to manage them.
Holds an attribute and its values, providing useful methods for obtaining and formatting values.
Callback to be triggered during various lifecycle events of authentication flow.
Factory to create
AuthenticationFlowCallback instances.This interface encapsulates information about an execution in an AuthenticationFlow.
Set of error codes that can be thrown by an Authenticator, FormAuthenticator, or FormAction
Throw this exception from an Authenticator, FormAuthenticator, or FormAction if you want to completely abort the flow.
This interface is for users that want to add custom authenticators to an authentication flow.
Factory for creating Authenticator instances.
The main contract here is the creation of
PermissionEvaluator instances.Checks a password against a configured password blacklist.
Creates
BlacklistPasswordPolicyProvider instances.A
BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist uses password-blacklist files as
to construct a BlacklistPasswordPolicyProviderFactory.PasswordBlacklist.A
BlacklistPasswordPolicyProviderFactory.PasswordBlacklist describes a list of too easy to guess
or potentially leaked passwords that users should not be able to use.Represents all identity information obtained from an
IdentityProvider after a
successful authentication.Cached authorization model classes will implement this interface.
Encapsulates information about the execution in ClientAuthenticationFlow
This interface is for users that want to add custom client authenticators to an authentication flow.
Factory for creating ClientAuthenticator instances.
TODO: remove this class entirely?
Encapsulates necessary data about client login request (OIDC or SAML request).
Provides a template/sample client config adapter file.
This condition determines to which client a client policy is adopted.
This executor specifies what action is executed on the client to which a client policy is adopted.
TODO:client-types javadocs
TODO:client-types javadoc
Task to be executed on all cluster nodes once it's notified.
Various utils related to clustering and concurrent tasks on cluster nodes
Event listener which synchronizes mapper configs, when references change.
Interface for updating references in mapper configs, when references (like group path) change.
Marking any required action implementation, that is supposed to work with user credentials
used to set an execution a state based on type.
Marking implementation of the action, which is able to register credential of the particular type
The default implementation for
Attributes.The default implementation for generating/formatting user code of OAuth 2.0 Device Authorization Grant.
The default implementation for
UserProfile.Allows to CRUD for configurations (like Authenticator configs).
Allows to register "deployed configurations", which are retrieved in runtime from deployed providers and hence are not saved in the DB
Validate input being any kind of
Number.Email Validator Utility to check email inputs based on
hibernate-validator implementation.
Email format validation - accepts plain string and collection of strings, for basic behavior like null/blank values
handling and collections support see
AbstractStringValidator.Providers that are only supported in some environments can implement this interface to be able to determine if they
should be available or not.
Wraps a
ScriptModel so it can be evaluated with custom bindings.An
Evaluation is mainly used by PolicyProvider in order to evaluate a single
and specific ResourcePermission against the configured policies.This interface serves as a bridge between the policy evaluation runtime and the environment in which it is running.
A factory for the different
PermissionEvaluator implementations.Use to unwrap exceptions specifically if there is an exception at JTA commit
Exchange a token crafted by this provider for a local realm token.
This adapter allows the exporter to act independent of APIs used to serve the exported data to the caller.
Custom consumer that is allowed to throw an
IOException as writing to an output stream might do this.Manage importing and updating of realms for the store.
Status of an execution/authenticator in a Authentication Flow
Thrown internally when authenticator wants to fork the current flow.
Fine grain processing of a form.
Factory for instantiating FormAction objects.
This class is responsible for rendering a form.
Factory for instantiating FormAuthenticators.
Interface that encapsulates the current state of the current form being executed
Message (eg.
Updates a group reference in a mapper config, when the path of a group changes.
Represents a security identity, which can be a person or non-person entity that was previously authenticated.
Encapsulates parsing logic related to state passed to identity provider in "state" (or RelayState) parameter
Session note metadata for impersonation details stored in user session notes.
Deprecated.
Wraps a
ScriptModel and makes it Invocable.A date validator that only takes into account the format associated with the current locale.
Utility methods for manipulating JSON objects.
JTA TransactionManager lookup
Set of helper methods, which are useful in various model implementations.
String value length validation - accepts plain string and collection of strings, for basic behavior like null/blank
values handling and collections support see
AbstractStringValidator.This interface is used for controlling load balancer.
A date validator that only takes into account the format associated with the current locale.
A Service Provider Interface (SPI) that allows to plug-in an embedded cache manager instance.
Specifies the maximum age of an authentication with which a password may be changed without re-authentication.
Enum with types of messages.
Various common utils needed for migration from older version to newer
A criteria that matches a property based on name
Validate that value exists and is not empty nor blank.
A
PasswordPolicyProvider which does not allow to use the current email as password.Check that input value is not empty.
Provider interface for OAuth 2.0 grant types
Provider interface for OAuth 2.0 grant types
A
Spi to support pluggable OAuth 2.0 grant types in Token Endpoint.Hacked extension to UserSessionModel so that user id can be obtain directly so
Callback for component creation.
Callback for component update.
Validation against list of allowed values - accepts plain string and collection of strings (every value is validated against allowed values), for basic behavior like null/blank
values handling and collections support see
AbstractStringValidator.A
Provider that manages organization and its data within the scope of a realm.Deprecated.
This class represents a single result for a resource imported.
Aggregates all the PartialImportResult objects.
Validate String against configured RegEx pattern - accepts plain string and collection of strings, for basic behavior
like null/blank values handling and collections support see
AbstractStringValidator.Implementation PBKDF2 password hash algorithm.
Deprecated.
The PBKDF2 provider with SHA1 and the recommended number of 1.300.000 iterations is known to be very slow.
PBKDF2 Password Hash provider with HMAC using SHA256
Provider factory for SHA512 variant of the PBKDF2 password hash algorithm.
An
PermissionEvaluator represents a source of ResourcePermission, responsible for emitting these permissions
to a consumer in order to evaluate the authorization policies based on a EvaluationContext.A
PermissionTicketStore is responsible to manage the persistence of PermissionTicket instances.Represents an authorization policy and all the configuration associated with it.
A
PolicyEvaluator evaluates authorization policies based on a given ResourcePermission, sending
the results to a Decision point through the methods defined in that interface.A
PolicyStore is responsible to manage the persistence of Policy instances.Executed at startup after model migration is finished
Utility class for working with JavaBean style properties
A representation of a JavaBean style property
A property criteria can be used to filter the properties found by a
PropertyQueryUtilities for working with property queries
Queries a target class for properties that match certain criteria.
This interface provides methods to query information from a realm.
A sub-resource instances for paths relative
to Realm's RESTful API that could not be resolved by the server.
RealmResourceProvider creates JAX-RS A factory that creates
RealmResourceProvider instances.A
Spi to plug additional sub-resources to Realms' RESTful API.Interface that encapsulates information about the current required action
Factory interface for
RequiredActionProvider's.Helpers for managing RequiredActions.
RequiredAction provider.
Useful when there is a need for callback when time offset is restarted.
Represents a resource, which is usually protected by a set of policies within a resource server.
Represents a permission for a given resource.
Represents a resource server, whose resources are managed and protected.
A
ResourceServerStore is responsible to manage the persistence of ResourceServer instances.A
ResourceStore is responsible to manage the persistence of Resource instances.Represents Keycloak resource types for which
AdminEvent's can be triggered.Enum for each resource type that can be partially imported.
Updates a role reference in a mapper config, when a client ID changes.
Updates a role reference a in mapper config, when a role name changes.
Limit the amount of data read to prevent a
OutOfMemoryError.Represents a scope, which is usually associated with one or more resources in order to define the actions that can be performed
or a specific access context.
A
ScopeStore is responsible to manage the persistence of Scope instances.A
ScriptModel which holds some meta-data.Callback interface for customization of
Bindings for a ScriptEngine.Indicates compilation problems reported by a
ScriptException and adds additional metadata.Augments a
ScriptException and adds additional metadata.A
Provider than provides Scripting capabilities.The security profile provider is a default security configuration that enforces a
minimum level of security in the keycloak environment.
Marker interface for
ProviderFactory of Provider which wants to show some info on "Server Info" page in Admin console.Non-recoverable error thrown during server startup
Shared methods to calculate the session expiration and idle.
Event to trigger that will add defaults for a realm after it has been imported.
Password that uses SHA to encode passwords.
A factory for the different types of storages that manage the persistence of the domain model types.
Event for notifying the store, so it can do migrations on the representation as needed.
Event for notifying the store about the need to reconfigure user providers
synchronization.
interface to encapsulate the getComponentProperties() function in order to make the code unit-testable
Wrapper around
ScheduledTask.TOTP: Time-based One-time Password Algorithm Based on http://tools.ietf.org/html/draft-mraihi-totp-timebased-06
Token exchange context
Provides token exchange mechanism for supported tokens
A factory that creates
TokenExchangeProvider instances.A
Spi to support pluggable token exchange handlers in the OAuth2 Token Endpoint.Provides introspection for a determined OAuth2 token type.
A factory that creates
TokenIntrospectionProvider instances.A
Spi to support additional tokens types to the OAuth2 Token Introspection Endpoint.A criteria that matches a property based on its type
Different options can be used to match a specific property based on its type.
This will perform update operation for particular attribute/property just if the existing value is not already same.
An interface that serves an entry point for managing users and their attributes.
The provider responsible for creating
UserProfile instances.Describes a user session note for simple and generic
ProtocolMapperModel creation.Interface that encapsulates the current validation that is being performed.
Validate that input value is
ValidatorConfig and it is correct for validator (inputHint must be
ID of the validator config is for) by
Validators.validateConfig(org.keycloak.models.KeycloakSession, String, ValidatorConfig).