Package org.jenkinsci.plugins

Class KeycloakSecurityRealm

java.lang.Object
hudson.model.AbstractDescribableImpl<SecurityRealm>
hudson.security.SecurityRealm
org.jenkinsci.plugins.KeycloakSecurityRealm
All Implemented Interfaces:
ExtensionPoint, Describable<SecurityRealm>
public class KeycloakSecurityRealm extends SecurityRealm
Implementation of the AbstractPasswordBasedSecurityRealm that uses keycloak oauth for sso. This is based on the MySQLSecurityRealm from the mysql-auth-plugin written by Alex Ackerman.
Author:
Mohammad Nadeem, devlauer

  • Field Details

    • JENKINS_FINISH_LOGIN_URL

      public static final String JENKINS_FINISH_LOGIN_URL
      The default URL to finish the login process of this plugin
      See Also:

    • AUTH_REQUESTED

      public static final String AUTH_REQUESTED
      This constant is used to save the state of an authenticated session. If the login process starts it is set to true, if a logout process is initiated it is set to false.
      See Also:

  • Constructor Details

    • KeycloakSecurityRealm

      @DataBoundConstructor public KeycloakSecurityRealm(String keycloakIdp, String keycloakJson, boolean keycloakValidate, boolean keycloakRespectAccessTokenTimeout) throws IOException
      Constructor
      Throws:
      IOException - -

    • KeycloakSecurityRealm

      protected KeycloakSecurityRealm()

  • Method Details

    • doCommenceLogin

      public org.kohsuke.stapler.HttpResponse doCommenceLogin(org.kohsuke.stapler.StaplerRequest request, org.kohsuke.stapler.StaplerResponse response, @Header("Referer") String referer) throws IOException
      Parameters:
      request - the Jenkins request
      response - the Jenkins response
      referer - the referrer
      Returns:
      HttpResponse the response
      Throws:
      IOException

    • doFinishLogin

      public org.kohsuke.stapler.HttpResponse doFinishLogin(org.kohsuke.stapler.StaplerRequest request) throws IOException
      This is where the user comes back to at the end of the OpenID redirect ping-pong.
      Parameters:
      request - the Jenkins request
      Returns:
      HttpResponse the response
      Throws:
      IOException

    • allowsSignup

      public boolean allowsSignup()
      Overrides:
      allowsSignup in class SecurityRealm

    • createSecurityComponents

      public SecurityRealm.SecurityComponents createSecurityComponents()
      Specified by:
      createSecurityComponents in class SecurityRealm

    • getLoginUrl

      public String getLoginUrl()
      Overrides:
      getLoginUrl in class SecurityRealm

    • doLogout

      public void doLogout(org.kohsuke.stapler.StaplerRequest req, org.kohsuke.stapler.StaplerResponse rsp) throws IOException, javax.servlet.ServletException
      Overrides:
      doLogout in class SecurityRealm
      Throws:
      IOException
      javax.servlet.ServletException

    • getKeycloakJson

      public String getKeycloakJson()
      Returns the keycloak configuration
      Returns:
      String the configuration string

    • setKeycloakJson

      public void setKeycloakJson(String keycloakJson)
      Sets the keycloak json configuration string
      Parameters:
      keycloakJson - the configuration

    • isKeycloakValidate

      public boolean isKeycloakValidate()
      Returns the configuration parameter for the authentication check on each request
      Returns:
      Boolean if true, authentication is checked on each request

    • setKeycloakValidate

      public void setKeycloakValidate(boolean keycloakValidate)
      Sets the configuration parameter for the authentication check
      Parameters:
      keycloakValidate - Boolean if true authentication is checked on each request

    • isKeycloakRespectAccessTokenTimeout

      public boolean isKeycloakRespectAccessTokenTimeout()
      Returns the configuration parameter for the access token check
      Returns:
      Boolean whether the expiration of the access token should be checked or not before a token refresh

    • setKeycloakRespectAccessTokenTimeout

      public void setKeycloakRespectAccessTokenTimeout(boolean keycloakRespectAccessTokenTimeout)
      Sets the configuration parameter for the access token check
      Parameters:
      keycloakRespectAccessTokenTimeout - Boolean whether the expiration of the access token should be checked or not before a token refresh

    • getKeycloakIdp

      public String getKeycloakIdp()
      Returns the keycloak idp hint.
      Returns:
      String the keycloak idp hint

    • setKeycloakIdp

      public void setKeycloakIdp(String keycloakIdp)
      Sets the keycloak idp hint.
      Parameters:
      keycloakIdp - String the keycloak idp hint

    • checkKeycloakOnEachRequest

      public boolean checkKeycloakOnEachRequest()
      Returns true if authentication should be checked on each response
      Returns:
      Boolean

    • respectAccessTokenTimeout

      public boolean respectAccessTokenTimeout()
      Returns true if the access token should be only refreshed after its timeout
      Returns:
      Boolean

    • getKeycloakDeployment

      public org.keycloak.adapters.KeycloakDeployment getKeycloakDeployment() throws IOException
      Returns the current KeycloakDeployment configuration.
      Returns:
      KeycloakDeployment the keycloak configuration
      Throws:
      IOException