Esempi in Java per LDAPFederationProviderFactory

Linguaggio di programmazione: Java

Classe/tipologia: LDAPFederationProviderFactory

Esempi su hotexamples.com: 2

LDAPFederationProviderFactory in Java: 2 esempi trovati. Questi sono i migliori esempi reali in Java per LDAPFederationProviderFactory, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Metodi utilizzati di frequente

Mostra Nascondi

createKerberosUsernamePasswordAuthenticator(1)

createSPNEGOAuthenticator(1)

Esempio n. 1

Mostra file

File: LDAPFederationProvider.java Progetto: dylanplecki/keycloak

 public boolean validPassword(RealmModel realm, UserModel user, String password) {
   if (kerberosConfig.isAllowKerberosAuthentication()
       && kerberosConfig.isUseKerberosForPasswordAuthentication()) {
     // Use Kerberos JAAS (Krb5LoginModule)
     KerberosUsernamePasswordAuthenticator authenticator =
         factory.createKerberosUsernamePasswordAuthenticator(kerberosConfig);
     return authenticator.validUser(user.getUsername(), password);
   } else {
     // Use Naming LDAP API
     LDAPObject ldapUser = loadAndValidateUser(realm, user);
     return ldapIdentityStore.validatePassword(ldapUser, password);
   }
 }

Esempio n. 2

Mostra file

File: LDAPFederationProvider.java Progetto: dylanplecki/keycloak

  @Override
  public CredentialValidationOutput validCredentials(
      RealmModel realm, UserCredentialModel credential) {
    if (credential.getType().equals(UserCredentialModel.KERBEROS)) {
      if (kerberosConfig.isAllowKerberosAuthentication()) {
        String spnegoToken = credential.getValue();
        SPNEGOAuthenticator spnegoAuthenticator =
            factory.createSPNEGOAuthenticator(spnegoToken, kerberosConfig);

        spnegoAuthenticator.authenticate();

        Map<String, String> state = new HashMap<String, String>();
        if (spnegoAuthenticator.isAuthenticated()) {

          // TODO: This assumes that LDAP "uid" is equal to kerberos principal name. Like uid
          // "hnelson" and kerberos principal "*****@*****.**".
          // Check if it's correct or if LDAP attribute for mapping kerberos principal should be
          // available (For ApacheDS it seems to be attribute "krb5PrincipalName" but on MSAD it's
          // likely different)
          String username = spnegoAuthenticator.getAuthenticatedUsername();
          UserModel user = findOrCreateAuthenticatedUser(realm, username);

          if (user == null) {
            logger.warnf(
                "Kerberos/SPNEGO authentication succeeded with username [%s], but couldn't find or create user with federation provider [%s]",
                username, model.getDisplayName());
            return CredentialValidationOutput.failed();
          } else {
            String delegationCredential = spnegoAuthenticator.getSerializedDelegationCredential();
            if (delegationCredential != null) {
              state.put(KerberosConstants.GSS_DELEGATION_CREDENTIAL, delegationCredential);
            }

            return new CredentialValidationOutput(
                user, CredentialValidationOutput.Status.AUTHENTICATED, state);
          }
        } else {
          state.put(KerberosConstants.RESPONSE_TOKEN, spnegoAuthenticator.getResponseToken());
          return new CredentialValidationOutput(
              null, CredentialValidationOutput.Status.CONTINUE, state);
        }
      }
    }

    return CredentialValidationOutput.failed();
  }