org.keycloak.models.ProtocolMapperModel Java Examples

The following examples show how to use org.keycloak.models.ProtocolMapperModel. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AudienceResolveProtocolMapper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
@Override
public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
                                        UserSessionModel userSession, ClientSessionContext clientSessionCtx) {
    String clientId = clientSessionCtx.getClientSession().getClient().getClientId();

    for (Map.Entry<String, AccessToken.Access> entry : RoleResolveUtil.getAllResolvedClientRoles(session, clientSessionCtx).entrySet()) {
        // Don't add client itself to the audience
        if (entry.getKey().equals(clientId)) {
            continue;
        }

        AccessToken.Access access = entry.getValue();
        if (access != null && access.getRoles() != null && !access.getRoles().isEmpty()) {
            token.addAudience(entry.getKey());
        }
    }

    return token;
}
 
Example #2
Source File: DefaultClientSessionContext.java    From keycloak with Apache License 2.0 6 votes vote down vote up
private Set<ProtocolMapperModel> loadProtocolMappers() {
    Set<ClientScopeModel> clientScopes = getClientScopes();
    String protocol = clientSession.getClient().getProtocol();

    // Being rather defensive. But protocol should normally always be there
    if (protocol == null) {
        logger.warnf("Client '%s' doesn't have protocol set. Fallback to openid-connect. Please fix client configuration", clientSession.getClient().getClientId());
        protocol = OIDCLoginProtocol.LOGIN_PROTOCOL;
    }

    Set<ProtocolMapperModel> protocolMappers = new HashSet<>();
    for (ClientScopeModel clientScope : clientScopes) {
        Set<ProtocolMapperModel> currentMappers = clientScope.getProtocolMappers();
        for (ProtocolMapperModel currentMapper : currentMappers) {
            if (protocol.equals(currentMapper.getProtocol()) && ProtocolMapperUtils.isEnabled(session, currentMapper)) {
                protocolMappers.add(currentMapper);
            }
        }
    }

    return protocolMappers;
}
 
Example #3
Source File: ProtocolMapperUtils.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static List<Map.Entry<ProtocolMapperModel, ProtocolMapper>> getSortedProtocolMappers(KeycloakSession session, ClientSessionContext ctx) {
    Set<ProtocolMapperModel> mapperModels = ctx.getProtocolMappers();
    Map<ProtocolMapperModel, ProtocolMapper> result = new HashMap<>();

    KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
    for (ProtocolMapperModel mapperModel : mapperModels) {
        ProtocolMapper mapper = (ProtocolMapper) sessionFactory.getProviderFactory(ProtocolMapper.class, mapperModel.getProtocolMapper());
        if (mapper == null) {
            continue;
        }

        result.put(mapperModel, mapper);
    }

    return result.entrySet()
            .stream()
            .sorted(Comparator.comparing(ProtocolMapperUtils::compare))
            .collect(Collectors.toList());
}
 
Example #4
Source File: ClientScopeAdapter.java    From keycloak with Apache License 2.0 6 votes vote down vote up
@Override
public ProtocolMapperModel addProtocolMapper(ProtocolMapperModel model) {
    if (getProtocolMapperByName(model.getProtocol(), model.getName()) != null) {
        throw new ModelDuplicateException("Protocol mapper name must be unique per protocol");
    }
    String id = model.getId() != null ? model.getId() : KeycloakModelUtils.generateId();
    ProtocolMapperEntity entity = new ProtocolMapperEntity();
    entity.setId(id);
    entity.setName(model.getName());
    entity.setProtocol(model.getProtocol());
    entity.setProtocolMapper(model.getProtocolMapper());
    entity.setClientScope(this.entity);
    entity.setConfig(model.getConfig());

    em.persist(entity);
    this.entity.getProtocolMappers().add(entity);
    return entityToModel(entity);
}
 
Example #5
Source File: RoleListMapper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static ProtocolMapperModel create(String name, String samlAttributeName, String nameFormat, String friendlyName, boolean singleAttribute) {
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(PROVIDER_ID);
    mapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<>();
    config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, samlAttributeName);
    if (friendlyName != null) {
        config.put(AttributeStatementHelper.FRIENDLY_NAME, friendlyName);
    }
    if (nameFormat != null) {
        config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, nameFormat);
    }
    config.put(SINGLE_ROLE_ATTRIBUTE, Boolean.toString(singleAttribute));
    mapper.setConfig(config);

    return mapper;
}
 
Example #6
Source File: AddressMapper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static ProtocolMapperModel createAddressMapper(boolean idToken, boolean accessToken, boolean userInfo) {
    Map<String, String> config;
    ProtocolMapperModel address = new ProtocolMapperModel();
    address.setName("address");
    address.setProtocolMapper(PROVIDER_ID);
    address.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    config = new HashMap<>();
    config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, Boolean.toString(accessToken));
    config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, Boolean.toString(idToken));
    config.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, Boolean.toString(userInfo));

    config.put(getModelPropertyName(STREET), STREET);
    config.put(getModelPropertyName(AddressClaimSet.LOCALITY), AddressClaimSet.LOCALITY);
    config.put(getModelPropertyName(AddressClaimSet.REGION), AddressClaimSet.REGION);
    config.put(getModelPropertyName(AddressClaimSet.POSTAL_CODE), AddressClaimSet.POSTAL_CODE);
    config.put(getModelPropertyName(AddressClaimSet.COUNTRY), AddressClaimSet.COUNTRY);
    config.put(getModelPropertyName(AddressClaimSet.FORMATTED), AddressClaimSet.FORMATTED);

    address.setConfig(config);
    return address;
}
 
Example #7
Source File: HardcodedClaim.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static ProtocolMapperModel create(String name,
                                  String hardcodedName,
                                  String hardcodedValue, String claimType,
                                  boolean accessToken, boolean idToken) {
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(PROVIDER_ID);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<>();
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, hardcodedName);
    config.put(CLAIM_VALUE, hardcodedValue);
    config.put(OIDCAttributeMapperHelper.JSON_TYPE, claimType);
    if (accessToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    if (idToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    mapper.setConfig(config);
    return mapper;
}
 
Example #8
Source File: RepresentationToModel.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel toModel(ProtocolMapperRepresentation rep) {
    ProtocolMapperModel model = new ProtocolMapperModel();
    model.setId(rep.getId());
    model.setName(rep.getName());
    model.setProtocol(rep.getProtocol());
    model.setProtocolMapper(rep.getProtocolMapper());
    model.setConfig(removeEmptyString(rep.getConfig()));
    return model;
}
 
Example #9
Source File: UserSessionNoteMapper.java    From keycloak-protocol-cas with Apache License 2.0 5 votes vote down vote up
@Override
public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession,
                         KeycloakSession session, ClientSessionContext clientSessionCt) {
    String noteName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_SESSION_NOTE);
    String noteValue = userSession.getNote(noteName);
    if (noteValue == null) return;
    setMappedAttribute(attributes, mappingModel, noteValue);
}
 
Example #10
Source File: RepresentationToModel.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static void updateClientProtocolMappers(ClientRepresentation rep, ClientModel resource) {

        if (rep.getProtocolMappers() != null) {
            Map<String,ProtocolMapperModel> existingProtocolMappers = new HashMap<>();
            for (ProtocolMapperModel existingProtocolMapper : resource.getProtocolMappers()) {
                existingProtocolMappers.put(generateProtocolNameKey(existingProtocolMapper.getProtocol(), existingProtocolMapper.getName()), existingProtocolMapper);
            }

            for (ProtocolMapperRepresentation protocolMapperRepresentation : rep.getProtocolMappers()) {
                String protocolNameKey = generateProtocolNameKey(protocolMapperRepresentation.getProtocol(), protocolMapperRepresentation.getName());
                ProtocolMapperModel existingMapper = existingProtocolMappers.get(protocolNameKey);
                    if (existingMapper != null) {
                        ProtocolMapperModel updatedProtocolMapperModel = toModel(protocolMapperRepresentation);
                        updatedProtocolMapperModel.setId(existingMapper.getId());
                        resource.updateProtocolMapper(updatedProtocolMapperModel);

                        existingProtocolMappers.remove(protocolNameKey);

                } else {
                    resource.addProtocolMapper(toModel(protocolMapperRepresentation));
                }
            }

            for (Map.Entry<String, ProtocolMapperModel> entryToDelete : existingProtocolMappers.entrySet()) {
                resource.removeProtocolMapper(entryToDelete.getValue());
            }
        }
    }
 
Example #11
Source File: TokenManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public void transformIDToken(KeycloakSession session, IDToken token,
                                  UserSessionModel userSession, ClientSessionContext clientSessionCtx) {

    for (Map.Entry<ProtocolMapperModel, ProtocolMapper> entry : ProtocolMapperUtils.getSortedProtocolMappers(session, clientSessionCtx)) {
        ProtocolMapperModel mapping = entry.getKey();
        ProtocolMapper mapper = entry.getValue();

        if (mapper instanceof OIDCIDTokenMapper) {
            token = ((OIDCIDTokenMapper) mapper).transformIDToken(token, mapping, session, userSession, clientSessionCtx);
        }
    }
}
 
Example #12
Source File: MigrateTo1_6_0.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void migrateImport(KeycloakSession session, RealmModel realm, RealmRepresentation rep, boolean skipUserDependent) {
    MigrationProvider provider = session.getProvider(MigrationProvider.class);
    ProtocolMapperModel localeMapper = provider.getBuiltinMappers("openid-connect").get("locale");

    if (localeMapper == null) {
        throw new RuntimeException("Can't find default locale mapper");
    }
    migrateRealm(session, localeMapper, realm);


}
 
Example #13
Source File: GroupMembershipMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
    String single = mappingModel.getConfig().get(SINGLE_GROUP_ATTRIBUTE);
    boolean singleAttribute = Boolean.parseBoolean(single);

    boolean fullPath = useFullPath(mappingModel);
    AttributeType singleAttributeType = null;
    for (GroupModel group : userSession.getUser().getGroups()) {
        String groupName;
        if (fullPath) {
            groupName = ModelToRepresentation.buildGroupPath(group);
        } else {
            groupName = group.getName();
        }
        AttributeType attributeType = null;
        if (singleAttribute) {
            if (singleAttributeType == null) {
                singleAttributeType = AttributeStatementHelper.createAttributeType(mappingModel);
                attributeStatement.addAttribute(new AttributeStatementType.ASTChoiceType(singleAttributeType));
            }
            attributeType = singleAttributeType;
        } else {
            attributeType = AttributeStatementHelper.createAttributeType(mappingModel);
            attributeStatement.addAttribute(new AttributeStatementType.ASTChoiceType(attributeType));
        }
        attributeType.addAttributeValue(groupName);
    }
}
 
Example #14
Source File: UserAttributeMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {

        UserModel user = userSession.getUser();
        String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
        boolean aggregateAttrs = Boolean.valueOf(mappingModel.getConfig().get(ProtocolMapperUtils.AGGREGATE_ATTRS));
        Collection<String> attributeValue = KeycloakModelUtils.resolveAttribute(user, attributeName, aggregateAttrs);
        if (attributeValue == null) return;
        OIDCAttributeMapperHelper.mapClaim(token, mappingModel, attributeValue);
    }
 
Example #15
Source File: SHA256PairwiseSubMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public String generateSub(ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub) {
    String saltStr = PairwiseSubMapperHelper.getSalt(mappingModel);
    if (saltStr == null) {
        throw new IllegalStateException("Salt not available on mappingModel. Please update protocol mapper");
    }

    Charset charset = Charset.forName("UTF-8");
    byte[] salt = saltStr.getBytes(charset);
    String pairwiseSub = generateSub(sectorIdentifier, localSub, salt);
    logger.tracef("local sub = '%s', pairwise sub = '%s'", localSub, pairwiseSub);
    return pairwiseSub;
}
 
Example #16
Source File: ClientScopeAdapter.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected ProtocolMapperModel entityToModel(ProtocolMapperEntity entity) {
    ProtocolMapperModel mapping = new ProtocolMapperModel();
    mapping.setId(entity.getId());
    mapping.setName(entity.getName());
    mapping.setProtocol(entity.getProtocol());
    mapping.setProtocolMapper(entity.getProtocolMapper());
    Map<String, String> config = new HashMap<String, String>();
    if (entity.getConfig() != null) config.putAll(entity.getConfig());
    mapping.setConfig(config);
    return mapping;
}
 
Example #17
Source File: AbstractOIDCProtocolMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public IDToken transformIDToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
                                UserSessionModel userSession, ClientSessionContext clientSessionCtx) {

    if (!OIDCAttributeMapperHelper.includeInIDToken(mappingModel)){
        return token;
    }

    setClaim(token, mappingModel, userSession, session, clientSessionCtx);
    return token;
}
 
Example #18
Source File: SimpleOidcMapper.java    From keycloak-extension-playground with Apache License 2.0 5 votes vote down vote up
@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession, ClientSessionContext clientSessionCtx) {

    Object claimValue = mappingModel.getConfig().getOrDefault(CONFIG_PROPERTY, "defaultProperty");
    LOGGER.infof("setClaim %s=%s", mappingModel.getName(), claimValue);

    OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
}
 
Example #19
Source File: ClientAdapter.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void updateProtocolMapper(ProtocolMapperModel mapping) {
    ProtocolMapperEntity entity = getProtocolMapperEntity(mapping.getId());
    entity.setProtocolMapper(mapping.getProtocolMapper());
    if (entity.getConfig() == null) {
        entity.setConfig(mapping.getConfig());
    } else {
        entity.getConfig().clear();
        entity.getConfig().putAll(mapping.getConfig());
    }
    em.flush();

}
 
Example #20
Source File: ClientScopeAdapter.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public ProtocolMapperModel getProtocolMapperById(String id) {
    for (ProtocolMapperModel mapping : cached.getProtocolMappers()) {
        if (mapping.getId().equals(id)) return mapping;
    }
    return null;
}
 
Example #21
Source File: UserAttributeStatementMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel createAttributeMapper(String name, String userAttribute,
                                                        String samlAttributeName, String nameFormat, String friendlyName) {
    String mapperId = PROVIDER_ID;
    return AttributeStatementHelper.createAttributeMapper(name, userAttribute, samlAttributeName, nameFormat, friendlyName,
            mapperId);

}
 
Example #22
Source File: UserPropertyAttributeStatementMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel createAttributeMapper(String name, String userAttribute,
                                                        String samlAttributeName, String nameFormat, String friendlyName,
                                                        boolean consentRequired, String consentText) {
    String mapperId = PROVIDER_ID;
    return AttributeStatementHelper.createAttributeMapper(name, userAttribute, samlAttributeName, nameFormat, friendlyName,
            mapperId);

}
 
Example #23
Source File: AttributeStatementHelper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static AttributeType createAttributeType(ProtocolMapperModel mappingModel) {
    String attributeName = mappingModel.getConfig().get(SAML_ATTRIBUTE_NAME);
    AttributeType attribute = new AttributeType(attributeName);
    String attributeType = mappingModel.getConfig().get(SAML_ATTRIBUTE_NAMEFORMAT);
    String attributeNameFormat = JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get();
    if (URI_REFERENCE.equals(attributeType)) attributeNameFormat = JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get();
    else if (UNSPECIFIED.equals(attributeType)) attributeNameFormat = JBossSAMLURIConstants.ATTRIBUTE_FORMAT_UNSPECIFIED.get();
    attribute.setNameFormat(attributeNameFormat);
    String friendlyName = mappingModel.getConfig().get(FRIENDLY_NAME);
    if (friendlyName != null && !friendlyName.trim().equals("")) attribute.setFriendlyName(friendlyName);
    return attribute;
}
 
Example #24
Source File: RoleNameMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel create(String name,
                                         String role,
                                         String newName) {
    String mapperId = PROVIDER_ID;
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(mapperId);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<>();
    config.put(ROLE_CONFIG, role);
    config.put(NEW_ROLE_NAME, newName);
    mapper.setConfig(config);
    return mapper;

}
 
Example #25
Source File: UserStorageConsentTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static void setupConsent(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName("demo");
    ClientModel product = session.realms().getClientByClientId("product-portal", realm);
    product.setConsentRequired(true);
    ClientScopeModel clientScope = realm.addClientScope("clientScope");
    clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    System.err.println("client scope protocol mappers size: " + clientScope.getProtocolMappers().size());

    for (ProtocolMapperModel mapper : product.getProtocolMappers()) {
        if (mapper.getProtocol().equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) {
            if (mapper.getName().equals(OIDCLoginProtocolFactory.USERNAME)
                    || mapper.getName().equals(OIDCLoginProtocolFactory.EMAIL)
                    || mapper.getName().equals(OIDCLoginProtocolFactory.GIVEN_NAME)
                    ) {
                ProtocolMapperModel copy = new ProtocolMapperModel();
                copy.setName(mapper.getName());
                copy.setProtocol(mapper.getProtocol());
                Map<String, String> config = new HashMap<>();
                config.putAll(mapper.getConfig());
                copy.setConfig(config);
                copy.setProtocolMapper(mapper.getProtocolMapper());
                clientScope.addProtocolMapper(copy);
            }
        }
        product.removeProtocolMapper(mapper);
    }
    product.addClientScope(clientScope, true);
}
 
Example #26
Source File: AbstractKerberosSingleRealmTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void credentialDelegationTest() throws Exception {
    Assume.assumeTrue("Ignoring test as the embedded server is not started", getKerberosRule().isStartEmbeddedLdapServer());
    // Add kerberos delegation credential mapper
    ProtocolMapperModel protocolMapper = UserSessionNoteMapper.createClaimMapper(KerberosConstants.GSS_DELEGATION_CREDENTIAL_DISPLAY_NAME,
            KerberosConstants.GSS_DELEGATION_CREDENTIAL,
            KerberosConstants.GSS_DELEGATION_CREDENTIAL, "String",
            true, false);
    ProtocolMapperRepresentation protocolMapperRep = ModelToRepresentation.toRepresentation(protocolMapper);
    ClientResource clientResource = findClientByClientId(testRealmResource(), "kerberos-app");
    Response response = clientResource.getProtocolMappers().createMapper(protocolMapperRep);
    String protocolMapperId = ApiUtil.getCreatedId(response);
    response.close();

    // SPNEGO login
    AccessToken token = assertSuccessfulSpnegoLogin("hnelson", "hnelson", "secret");

    // Assert kerberos ticket in the accessToken can be re-used to authenticate against other 3rd party kerberos service (ApacheDS Server in this case)
    String serializedGssCredential = (String) token.getOtherClaims().get(KerberosConstants.GSS_DELEGATION_CREDENTIAL);
    Assert.assertNotNull(serializedGssCredential);
    GSSCredential gssCredential = KerberosSerializationUtils.deserializeCredential(serializedGssCredential);
    String ldapResponse = invokeLdap(gssCredential, token.getPreferredUsername());
    Assert.assertEquals("Horatio Nelson", ldapResponse);

    // Logout
    oauth.openLogout();

    // Remove protocolMapper
    clientResource.getProtocolMappers().delete(protocolMapperId);

    // Login and assert delegated credential not anymore
    token = assertSuccessfulSpnegoLogin("hnelson", "hnelson", "secret");
    Assert.assertFalse(token.getOtherClaims().containsKey(KerberosConstants.GSS_DELEGATION_CREDENTIAL));

    events.clear();
}
 
Example #27
Source File: AddressMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
    UserModel user = userSession.getUser();
    AddressClaimSet addressSet = new AddressClaimSet();
    addressSet.setStreetAddress(getUserModelAttributeValue(user, mappingModel, STREET));
    addressSet.setLocality(getUserModelAttributeValue(user, mappingModel, AddressClaimSet.LOCALITY));
    addressSet.setRegion(getUserModelAttributeValue(user, mappingModel, AddressClaimSet.REGION));
    addressSet.setPostalCode(getUserModelAttributeValue(user, mappingModel, AddressClaimSet.POSTAL_CODE));
    addressSet.setCountry(getUserModelAttributeValue(user, mappingModel, AddressClaimSet.COUNTRY));
    addressSet.setFormattedAddress(getUserModelAttributeValue(user, mappingModel, AddressClaimSet.FORMATTED));
    token.getOtherClaims().put("address", addressSet);
}
 
Example #28
Source File: AddressMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private String getUserModelAttributeValue(UserModel user, ProtocolMapperModel mappingModel, String claim) {
    String modelPropertyName = getModelPropertyName(claim);
    String userAttrName = mappingModel.getConfig().get(modelPropertyName);

    if (userAttrName == null) {
        userAttrName = claim;
    }

    return user.getFirstAttribute(userAttrName);
}
 
Example #29
Source File: UserRealmRoleMappingMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession session, ClientSessionContext clientSessionCtx) {
    String rolePrefix = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX);

    AccessToken.Access access = RoleResolveUtil.getResolvedRealmRoles(session, clientSessionCtx, false);
    if (access == null) {
        return;
    }

    AbstractUserRoleMappingMapper.setClaim(token, mappingModel, access.getRoles(),null, rolePrefix);
}
 
Example #30
Source File: ProtocolMappersResource.java    From keycloak with Apache License 2.0 5 votes vote down vote up
/**
 * Delete the mapper
 *
 * @param id Mapper id
 */
@DELETE
@NoCache
@Path("models/{id}")
public void delete(@PathParam("id") String id) {
    managePermission.require();

    ProtocolMapperModel model = client.getProtocolMapperById(id);
    if (model == null) throw new NotFoundException("Model not found");
    client.removeProtocolMapper(model);
    adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();

}