Kerberos refactored to be federation provider. Support for Kerberos a…

…nd LDAP. Username/password authentication support with kerberos credentials.

First step - KerberosFederationProvider

Finished KerberosFederationProvider. Added support for username/password authentication with kerberos credentials

Added Kerberos UI to LDAPFederationProvider

Fixes

broker/pom.xml

@@ -18,7 +18,6 @@
         <module>core</module>
         <module>oidc</module>
         <module>saml</module>
-        <module>kerberos</module>
     </modules>
 
 </project>

core/src/main/java/org/keycloak/representations/idm/CredentialRepresentation.java

@@ -10,6 +10,7 @@ public class CredentialRepresentation {
     public static final String PASSWORD_TOKEN = "password-token";
     public static final String TOTP = "totp";
     public static final String CLIENT_CERT = "cert";
+    public static final String KERBEROS = "kerberos";
 
     protected String type;
     protected String device;

dependencies/server-all/pom.xml

@@ -95,7 +95,7 @@
         </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-broker-kerberos</artifactId>
+            <artifactId>keycloak-kerberos-federation</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>

examples/providers/federation-provider/src/main/java/org/keycloak/examples/federation/properties/BasePropertiesFederationProvider.java

@@ -1,5 +1,6 @@
 package org.keycloak.examples.federation.properties;
 
+import org.keycloak.models.CredentialValidationOutput;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
@@ -127,6 +128,11 @@ public Set<String> getSupportedCredentialTypes(UserModel user) {
         return supportedCredentialTypes;
     }
 
+    @Override
+    public Set<String> getSupportedCredentialTypes() {
+        return supportedCredentialTypes;
+    }
+
     @Override
     public boolean validCredentials(RealmModel realm, UserModel user, List<UserCredentialModel> input) {
         for (UserCredentialModel cred : input) {
@@ -155,6 +161,11 @@ public boolean validCredentials(RealmModel realm, UserModel user, UserCredential
         return true;
     }
 
+    @Override
+    public CredentialValidationOutput validCredentials(RealmModel realm, UserCredentialModel credential) {
+        return CredentialValidationOutput.failed();
+    }
+
     @Override
     public void close() {
 

broker/kerberos/pom.xml → federation/kerberos/pom.xml

@@ -1,6 +1,5 @@
-<?xml version="1.0"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
@@ -9,21 +8,22 @@
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
-    <artifactId>keycloak-broker-kerberos</artifactId>
-    <name>Keycloak Broker Kerberos</name>
-    <description/>
-    <packaging>jar</packaging>
+    <artifactId>keycloak-kerberos-federation</artifactId>
+    <name>Keycloak Kerberos Federation</name>
+    <description />
 
     <dependencies>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-broker-core</artifactId>
+            <artifactId>keycloak-core</artifactId>
             <version>${project.version}</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-login-api</artifactId>
+            <artifactId>keycloak-model-api</artifactId>
             <version>${project.version}</version>
+            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jboss.logging</groupId>
@@ -36,4 +36,17 @@
             <scope>provided</scope>
         </dependency>
     </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>${maven.compiler.source}</source>
+                    <target>${maven.compiler.target}</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
 </project>

federation/kerberos/src/main/java/org/keycloak/federation/kerberos/CommonKerberosConfig.java

@@ -0,0 +1,46 @@
+package org.keycloak.federation.kerberos;
+
+import java.util.Map;
+
+import org.keycloak.models.UserFederationProviderModel;
+import org.keycloak.models.utils.KerberosConstants;
+
+/**
+ * Common configuration useful for all providers
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public abstract class CommonKerberosConfig {
+
+    private final UserFederationProviderModel providerModel;
+
+    public CommonKerberosConfig(UserFederationProviderModel userFederationProvider) {
+        this.providerModel = userFederationProvider;
+    }
+
+    // Should be always true for KerberosFederationProvider
+    public boolean isAllowKerberosAuthentication() {
+        return Boolean.valueOf(getConfig().get(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION));
+    }
+
+    public String getKerberosRealm() {
+        return getConfig().get("kerberosRealm");
+    }
+
+    public String getServerPrincipal() {
+        return getConfig().get("serverPrincipal");
+    }
+
+    public String getKeyTab() {
+        return getConfig().get("keyTab");
+    }
+
+    public boolean getDebug() {
+        return Boolean.valueOf(getConfig().get("debug"));
+    }
+
+    protected Map<String, String> getConfig() {
+        return providerModel.getConfig();
+    }
+
+}