KeycloakLoginModule (scheduling 14.1.0-SNAPSHOT API)

java.lang.Object
- org.ow2.proactive.authentication.FileLoginModule
- - org.ow2.proactive.authentication.KeycloakLoginModule

All Implemented Interfaces:

LoginModule, Loggable

Direct Known Subclasses:

RMKeycloakLoginModule
```
public abstract class KeycloakLoginModule
extends FileLoginModule
implements Loggable
```
Login Module that performs user authentication and authorization against Keycloak. It uses the OIDC REST endpoints of Keycloak to obtain an access token given a username and password.

Since:

ProActive Scheduling 14.0

Field Summary
- Fields inherited from class org.ow2.proactive.authentication.FileLoginModule
  callbackHandler, ENCRYPTED_DATA_SEP, groupFile, loginFile, subject, tenantFile

Constructor Summary

Constructors
Constructor and Description

KeycloakLoginModule()
Creates a new instance of KeycloakLoginModule

Constructors
Constructor and Description
`KeycloakLoginModule()` Creates a new instance of KeycloakLoginModule

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`abort()` Aborts the login operation
`boolean`	`commit()`
`protected abstract String`	`getKeycloakConfigFileName()` Retrieves Keycloak configuration file name.
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)` Initialize this `KeycloakLoginModule`.
`boolean`	`login()` Authenticate the user by getting the username and password from the CallbackHandler.
`boolean`	`logout()` Logs out the user and invalidates Keycloak access tokens
`protected void`	`parseAccessTokenResponse(org.keycloak.representations.AccessToken accessToken, String tokenString)` Parses the verified tokens and extract the user principal and roles

Methods inherited from class org.ow2.proactive.authentication.FileLoginModule
checkGroupFile, checkLoginFile, checkTenantFile, getConfiguredDomains, getGroupFileName, getLoginFileName, getPrivateKey, getTenantFileName, groupMembershipFromFile, logUser, removeOldFailedAttempts, resetFailedAttempt, retryInHowManyMinutes, storeFailedAttempt, tenantMembershipFromFile, tooManyFailedAttempts

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.ow2.proactive.authentication.Loggable
getLogger

- Constructor Detail
  - KeycloakLoginModule
```
public KeycloakLoginModule()
```
    Creates a new instance of KeycloakLoginModule
- Method Detail
  - initialize
```
public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)
```
    Initialize this KeycloakLoginModule.
    
    Specified by:
    
    initialize in interface LoginModule
    
    Overrides:
    
    initialize in class FileLoginModule
    
    Parameters:
    
    subject - the Subject not to be authenticated.
    
    callbackHandler - a CallbackHandler to get the credentials of the user, must work with NoCallback callbacks.
    
    sharedState - State shared with other configured LoginModules.
    
    options - Options specified in the login Configuration for this particular KeycloakLoginModule.
    
    See Also:
    
    LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
  - login
```
public boolean login()
              throws LoginException
```
    Authenticate the user by getting the username and password from the CallbackHandler.
    
    Specified by:
    
    login in interface LoginModule
    
    Overrides:
    
    login in class FileLoginModule
    
    Returns:
    
    Whether the login against KeycloakLoginModule succeeded
    
    Throws:
    
    LoginException - if this KeycloakLoginModule is unable to perform the authentication.
    
    See Also:
    
    LoginModule.login()
  - parseAccessTokenResponse
```
protected void parseAccessTokenResponse(org.keycloak.representations.AccessToken accessToken,
                                        String tokenString)
```
    Parses the verified tokens and extract the user principal and roles
    
    Parameters:
    
    accessToken - Token to be parsed
    
    tokenString - Token in raw (JSON) format
  - commit
```
public boolean commit()
```
    Specified by:
    
    commit in interface LoginModule
    
    Overrides:
    
    commit in class FileLoginModule
    
    See Also:
    
    LoginModule.commit()
  - abort
```
public boolean abort()
```
    Aborts the login operation
    
    Specified by:
    
    abort in interface LoginModule
    
    Overrides:
    
    abort in class FileLoginModule
    
    Returns:
    
    Actual status of the aborted login
    
    See Also:
    
    LoginModule.abort()
  - logout
```
public boolean logout()
```
    Logs out the user and invalidates Keycloak access tokens
    
    Specified by:
    
    logout in interface LoginModule
    
    Overrides:
    
    logout in class FileLoginModule
    
    Returns:
    
    Whether the logout is successful
    
    See Also:
    
    LoginModule.logout()
  - getKeycloakConfigFileName
```
protected abstract String getKeycloakConfigFileName()
```
    Retrieves Keycloak configuration file name.
    
    Returns:
    
    name of the file with Keycloak configuration.

Class KeycloakLoginModule

Field Summary

Fields inherited from class org.ow2.proactive.authentication.FileLoginModule

Constructor Summary

Method Summary

Methods inherited from class org.ow2.proactive.authentication.FileLoginModule

Methods inherited from class java.lang.Object

Methods inherited from interface org.ow2.proactive.authentication.Loggable

Constructor Detail

KeycloakLoginModule

Method Detail

initialize

login

parseAccessTokenResponse

commit

abort

logout

getKeycloakConfigFileName