[keycloak-dev] disabling credential types
Bill Burke
bburke at redhat.com
Fri Oct 28 17:00:29 EDT 2016
Admin console user credential tab has been changed. It will now list
"disabable credential types". This will be a list of credential types
that can be disabled by the admin (i.e. OTP, PASSWORD, CERT, etc..).
All this hooks into the Credential SPI that I went over a few weeks
ago. So, if new credential types are created, they should show up in
the console too.
Note that disabling happens per credential type, and not per device
(i.e. OTP). I honestly could not figure out how to have an SPI and
generic admin console UI that would take into account ideas like
multiple OTPs, certs, etc...So, disabling is done per type, not per OTP
generator. These are the SPI items that are the backbone of this
feature. They are methods on UserCredentialManager
/** * Calls disableCredential on UserStorageProvider and
UserFederationProviders first, then loop through * each
CredentialProvider. * * @param realm * @param user * @param
credentialType */ void disableCredentialType(RealmModel realm, UserModel user, String credentialType);
/** * Returns a set of credential types that can be disabled by
disableCredentialType() method * * @param realm * @param user * @return */ Set<String> getDisableableCredentialTypes(RealmModel realm, UserModel user);
CredentialProviders and UserStorageProviders will be required to
implement these methods if they support credential updates.
More information about the keycloak-dev
mailing list