diff --git a/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java b/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java
index 9cfee78..9551579 100644
--- a/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java
+++ b/federation/sssd/src/main/java/org/keycloak/federation/sssd/api/Sssd.java
@@ -21,7 +21,6 @@ import org.freedesktop.dbus.DBusConnection;
import org.freedesktop.dbus.Variant;
import org.freedesktop.dbus.exceptions.DBusException;
import org.freedesktop.sssd.infopipe.InfoPipe;
-import org.freedesktop.sssd.infopipe.User;
import org.jboss.logging.Logger;
import java.nio.file.Files;
@@ -38,17 +37,10 @@ import java.util.Vector;
*/
public class Sssd {
- public static User user() {
- return SingletonHolder.USER_OBJECT;
- }
-
- public static InfoPipe infopipe() {
- return SingletonHolder.INFOPIPE_OBJECT;
- }
-
+ private static DBusConnection dBusConnection;
public static void disconnect() {
- SingletonHolder.DBUS_CONNECTION.disconnect();
+ dBusConnection.disconnect();
}
private String username;
@@ -59,22 +51,12 @@ public class Sssd {
public Sssd(String username) {
this.username = username;
- }
-
- private static final class SingletonHolder {
- private static InfoPipe INFOPIPE_OBJECT;
- private static User USER_OBJECT;
- private static DBusConnection DBUS_CONNECTION;
-
- static {
- try {
- DBUS_CONNECTION = DBusConnection.getConnection(DBusConnection.SYSTEM);
- INFOPIPE_OBJECT = DBUS_CONNECTION.getRemoteObject(InfoPipe.BUSNAME, InfoPipe.OBJECTPATH, InfoPipe.class);
- USER_OBJECT = DBUS_CONNECTION.getRemoteObject(InfoPipe.BUSNAME, User.OBJECTPATH, User.class);
- } catch (DBusException e) {
- logger.error("Failed to obtain D-Bus connection", e);
- }
+ try {
+ dBusConnection = DBusConnection.getConnection(DBusConnection.SYSTEM);
+ } catch (DBusException e) {
+ e.printStackTrace();
}
+
}
public static String getRawAttribute(Variant variant) {
@@ -91,7 +73,7 @@ public class Sssd {
String[] attr = {"mail", "givenname", "sn", "telephoneNumber"};
Map<String, Variant> attributes = null;
try {
- InfoPipe infoPipe = infopipe();
+ InfoPipe infoPipe = dBusConnection.getRemoteObject(InfoPipe.BUSNAME, InfoPipe.OBJECTPATH, InfoPipe.class);
attributes = infoPipe.getUserAttributes(username, Arrays.asList(attr));
} catch (Exception e) {
throw new SSSDException("Failed to retrieve user's attributes. Check if SSSD service is active.");
@@ -103,7 +85,7 @@ public class Sssd {
public List<String> getUserGroups() {
List<String> userGroups;
try {
- InfoPipe infoPipe = Sssd.infopipe();
+ InfoPipe infoPipe = dBusConnection.getRemoteObject(InfoPipe.BUSNAME, InfoPipe.OBJECTPATH, InfoPipe.class);
userGroups = infoPipe.getUserGroups(username);
} catch (Exception e) {
throw new SSSDException("Failed to retrieve user's groups from SSSD. Check if SSSD service is active.");
@@ -125,4 +107,5 @@ public class Sssd {
}
return sssdAvailable;
}
+
}
diff --git a/federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java b/federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java
index a7a05f2..7d43c89 100755
--- a/federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java
+++ b/federation/sssd/src/main/java/org/keycloak/federation/sssd/SSSDFederationProvider.java
@@ -20,22 +20,19 @@ package org.keycloak.federation.sssd;
import org.freedesktop.dbus.Variant;
import org.jboss.logging.Logger;
import org.keycloak.credential.CredentialInput;
+import org.keycloak.credential.CredentialInputUpdater;
import org.keycloak.credential.CredentialInputValidator;
import org.keycloak.credential.CredentialModel;
import org.keycloak.federation.sssd.api.Sssd;
import org.keycloak.federation.sssd.impl.PAMAuthenticator;
-import org.keycloak.models.GroupModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.RoleModel;
-import org.keycloak.models.UserCredentialModel;
-import org.keycloak.models.UserModel;
+import org.keycloak.models.*;
import org.keycloak.models.utils.KeycloakModelUtils;
-import org.keycloak.models.UserManager;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
+import org.keycloak.storage.user.ImportedUserValidation;
import org.keycloak.storage.user.UserLookupProvider;
+import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@@ -47,7 +44,11 @@ import java.util.Set;
* @author <a href="mailto:bruno@abstractj.org">Bruno Oliveira</a>
* @version $Revision: 1 $
*/
-public class SSSDFederationProvider implements UserStorageProvider, UserLookupProvider, CredentialInputValidator {
+public class SSSDFederationProvider implements UserStorageProvider,
+ UserLookupProvider,
+ CredentialInputUpdater,
+ CredentialInputValidator,
+ ImportedUserValidation {
private static final Logger logger = Logger.getLogger(SSSDFederationProvider.class);
@@ -72,13 +73,18 @@ public class SSSDFederationProvider implements UserStorageProvider, UserLookupPr
return findOrCreateAuthenticatedUser(realm, username);
}
- /**
- * Called after successful authentication
- *
- * @param realm realm
- * @param username username without realm prefix
- * @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider
- */
+ @Override
+ public UserModel validate(RealmModel realm, UserModel user) {
+ return validateAndProxy(realm, user);
+ }
+
+ /**
+ * Called after successful authentication
+ *
+ * @param realm realm
+ * @param username username without realm prefix
+ * @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider
+ */
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) {
UserModel user = session.userLocalStorage().getUserByUsername(username, realm);
if (user != null) {
@@ -187,4 +193,18 @@ public class SSSDFederationProvider implements UserStorageProvider, UserLookupPr
public void close() {
Sssd.disconnect();
}
+
+ @Override
+ public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
+ throw new IllegalStateException("You can't update your password as your account is read only.");
+ }
+
+ @Override
+ public void disableCredentialType(RealmModel realm, UserModel user, String credentialType) {
+ }
+
+ @Override
+ public Set<String> getDisableableCredentialTypes(RealmModel realm, UserModel user) {
+ return Collections.EMPTY_SET;
+ }
}
