org.keycloak.models.ProtocolMapperModel Java Examples
The following examples show how to use
org.keycloak.models.ProtocolMapperModel.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AudienceResolveProtocolMapper.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
UserSessionModel userSession, ClientSessionContext clientSessionCtx) {
String clientId = clientSessionCtx.getClientSession().getClient().getClientId();
for (Map.Entry<String, AccessToken.Access> entry : RoleResolveUtil.getAllResolvedClientRoles(session, clientSessionCtx).entrySet()) {
// Don't add client itself to the audience
if (entry.getKey().equals(clientId)) {
continue;
}
AccessToken.Access access = entry.getValue();
if (access != null && access.getRoles() != null && !access.getRoles().isEmpty()) {
token.addAudience(entry.getKey());
}
}
return token;
}
Example #2
| Source File: DefaultClientSessionContext.java From keycloak with Apache License 2.0 | 6 votes |
|
private Set<ProtocolMapperModel> loadProtocolMappers() {
Set<ClientScopeModel> clientScopes = getClientScopes();
String protocol = clientSession.getClient().getProtocol();
// Being rather defensive. But protocol should normally always be there
if (protocol == null) {
logger.warnf("Client '%s' doesn't have protocol set. Fallback to openid-connect. Please fix client configuration", clientSession.getClient().getClientId());
protocol = OIDCLoginProtocol.LOGIN_PROTOCOL;
}
Set<ProtocolMapperModel> protocolMappers = new HashSet<>();
for (ClientScopeModel clientScope : clientScopes) {
Set<ProtocolMapperModel> currentMappers = clientScope.getProtocolMappers();
for (ProtocolMapperModel currentMapper : currentMappers) {
if (protocol.equals(currentMapper.getProtocol()) && ProtocolMapperUtils.isEnabled(session, currentMapper)) {
protocolMappers.add(currentMapper);
}
}
}
return protocolMappers;
}
Example #3
| Source File: ProtocolMapperUtils.java From keycloak with Apache License 2.0 | 6 votes |
|
public static List<Map.Entry<ProtocolMapperModel, ProtocolMapper>> getSortedProtocolMappers(KeycloakSession session, ClientSessionContext ctx) {
Set<ProtocolMapperModel> mapperModels = ctx.getProtocolMappers();
Map<ProtocolMapperModel, ProtocolMapper> result = new HashMap<>();
KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
for (ProtocolMapperModel mapperModel : mapperModels) {
ProtocolMapper mapper = (ProtocolMapper) sessionFactory.getProviderFactory(ProtocolMapper.class, mapperModel.getProtocolMapper());
if (mapper == null) {
continue;
}
result.put(mapperModel, mapper);
}
return result.entrySet()
.stream()
.sorted(Comparator.comparing(ProtocolMapperUtils::compare))
.collect(Collectors.toList());
}
Example #4
| Source File: ClientScopeAdapter.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
public ProtocolMapperModel addProtocolMapper(ProtocolMapperModel model) {
if (getProtocolMapperByName(model.getProtocol(), model.getName()) != null) {
throw new ModelDuplicateException("Protocol mapper name must be unique per protocol");
}
String id = model.getId() != null ? model.getId() : KeycloakModelUtils.generateId();
ProtocolMapperEntity entity = new ProtocolMapperEntity();
entity.setId(id);
entity.setName(model.getName());
entity.setProtocol(model.getProtocol());
entity.setProtocolMapper(model.getProtocolMapper());
entity.setClientScope(this.entity);
entity.setConfig(model.getConfig());
em.persist(entity);
this.entity.getProtocolMappers().add(entity);
return entityToModel(entity);
}
Example #5
| Source File: RoleListMapper.java From keycloak with Apache License 2.0 | 6 votes |
|
public static ProtocolMapperModel create(String name, String samlAttributeName, String nameFormat, String friendlyName, boolean singleAttribute) {
ProtocolMapperModel mapper = new ProtocolMapperModel();
mapper.setName(name);
mapper.setProtocolMapper(PROVIDER_ID);
mapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<>();
config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, samlAttributeName);
if (friendlyName != null) {
config.put(AttributeStatementHelper.FRIENDLY_NAME, friendlyName);
}
if (nameFormat != null) {
config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, nameFormat);
}
config.put(SINGLE_ROLE_ATTRIBUTE, Boolean.toString(singleAttribute));
mapper.setConfig(config);
return mapper;
}
Example #6
| Source File: AddressMapper.java From keycloak with Apache License 2.0 | 6 votes |
|
public static ProtocolMapperModel createAddressMapper(boolean idToken, boolean accessToken, boolean userInfo) {
Map<String, String> config;
ProtocolMapperModel address = new ProtocolMapperModel();
address.setName("address");
address.setProtocolMapper(PROVIDER_ID);
address.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
config = new HashMap<>();
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, Boolean.toString(accessToken));
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, Boolean.toString(idToken));
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, Boolean.toString(userInfo));
config.put(getModelPropertyName(STREET), STREET);
config.put(getModelPropertyName(AddressClaimSet.LOCALITY), AddressClaimSet.LOCALITY);
config.put(getModelPropertyName(AddressClaimSet.REGION), AddressClaimSet.REGION);
config.put(getModelPropertyName(AddressClaimSet.POSTAL_CODE), AddressClaimSet.POSTAL_CODE);
config.put(getModelPropertyName(AddressClaimSet.COUNTRY), AddressClaimSet.COUNTRY);
config.put(getModelPropertyName(AddressClaimSet.FORMATTED), AddressClaimSet.FORMATTED);
address.setConfig(config);
return address;
}
Example #7
| Source File: HardcodedClaim.java From keycloak with Apache License 2.0 | 6 votes |
|
public static ProtocolMapperModel create(String name,
String hardcodedName,
String hardcodedValue, String claimType,
boolean accessToken, boolean idToken) {
ProtocolMapperModel mapper = new ProtocolMapperModel();
mapper.setName(name);
mapper.setProtocolMapper(PROVIDER_ID);
mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<>();
config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, hardcodedName);
config.put(CLAIM_VALUE, hardcodedValue);
config.put(OIDCAttributeMapperHelper.JSON_TYPE, claimType);
if (accessToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
if (idToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
mapper.setConfig(config);
return mapper;
}
Example #8
| Source File: RepresentationToModel.java From keycloak with Apache License 2.0 | 5 votes |
|
public static ProtocolMapperModel toModel(ProtocolMapperRepresentation rep) {
ProtocolMapperModel model = new ProtocolMapperModel();
model.setId(rep.getId());
model.setName(rep.getName());
model.setProtocol(rep.getProtocol());
model.setProtocolMapper(rep.getProtocolMapper());
model.setConfig(removeEmptyString(rep.getConfig()));
return model;
}
Example #9
| Source File: UserSessionNoteMapper.java From keycloak-protocol-cas with Apache License 2.0 | 5 votes |
|
@Override
public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession,
KeycloakSession session, ClientSessionContext clientSessionCt) {
String noteName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_SESSION_NOTE);
String noteValue = userSession.getNote(noteName);
if (noteValue == null) return;
setMappedAttribute(attributes, mappingModel, noteValue);
}
Example #10
| Source File: RepresentationToModel.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void updateClientProtocolMappers(ClientRepresentation rep, ClientModel resource) {
if (rep.getProtocolMappers() != null) {
Map<String,ProtocolMapperModel> existingProtocolMappers = new HashMap<>();
for (ProtocolMapperModel existingProtocolMapper : resource.getProtocolMappers()) {
existingProtocolMappers.put(generateProtocolNameKey(existingProtocolMapper.getProtocol(), existingProtocolMapper.getName()), existingProtocolMapper);
}
for (ProtocolMapperRepresentation protocolMapperRepresentation : rep.getProtocolMappers()) {
String protocolNameKey = generateProtocolNameKey(protocolMapperRepresentation.getProtocol(), protocolMapperRepresentation.getName());
ProtocolMapperModel existingMapper = existingProtocolMappers.get(protocolNameKey);
if (existingMapper != null) {
ProtocolMapperModel updatedProtocolMapperModel = toModel(protocolMapperRepresentation);
updatedProtocolMapperModel.setId(existingMapper.getId());
resource.updateProtocolMapper(updatedProtocolMapperModel);
existingProtocolMappers.remove(protocolNameKey);
} else {
resource.addProtocolMapper(toModel(protocolMapperRepresentation));
}
}
for (Map.Entry<String, ProtocolMapperModel> entryToDelete : existingProtocolMappers.entrySet()) {
resource.removeProtocolMapper(entryToDelete.getValue());
}
}
}
Example #11
| Source File: TokenManager.java From keycloak with Apache License 2.0 | 5 votes |
|
public void transformIDToken(KeycloakSession session, IDToken token,
UserSessionModel userSession, ClientSessionContext clientSessionCtx) {
for (Map.Entry<ProtocolMapperModel, ProtocolMapper> entry : ProtocolMapperUtils.getSortedProtocolMappers(session, clientSessionCtx)) {
ProtocolMapperModel mapping = entry.getKey();
ProtocolMapper mapper = entry.getValue();
if (mapper instanceof OIDCIDTokenMapper) {
token = ((OIDCIDTokenMapper) mapper).transformIDToken(token, mapping, session, userSession, clientSessionCtx);
}
}
}
Example #12
| Source File: MigrateTo1_6_0.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void migrateImport(KeycloakSession session, RealmModel realm, RealmRepresentation rep, boolean skipUserDependent) {
MigrationProvider provider = session.getProvider(MigrationProvider.class);
ProtocolMapperModel localeMapper = provider.getBuiltinMappers("openid-connect").get("locale");
if (localeMapper == null) {
throw new RuntimeException("Can't find default locale mapper");
}
migrateRealm(session, localeMapper, realm);
}
Example #13
| Source File: GroupMembershipMapper.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
String single = mappingModel.getConfig().get(SINGLE_GROUP_ATTRIBUTE);
boolean singleAttribute = Boolean.parseBoolean(single);
boolean fullPath = useFullPath(mappingModel);
AttributeType singleAttributeType = null;
for (GroupModel group : userSession.getUser().getGroups()) {
String groupName;
if (fullPath) {
groupName = ModelToRepresentation.buildGroupPath(group);
} else {
groupName = group.getName();
}
AttributeType attributeType = null;
if (singleAttribute) {
if (singleAttributeType == null) {
singleAttributeType = AttributeStatementHelper.createAttributeType(mappingModel);
attributeStatement.addAttribute(new AttributeStatementType.ASTChoiceType(singleAttributeType));
}
attributeType = singleAttributeType;
} else {
attributeType = AttributeStatementHelper.createAttributeType(mappingModel);
attributeStatement.addAttribute(new AttributeStatementType.ASTChoiceType(attributeType));
}
attributeType.addAttributeValue(groupName);
}
}
Example #14
| Source File: UserAttributeMapper.java From keycloak with Apache License 2.0 | 5 votes |
|
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
UserModel user = userSession.getUser();
String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
boolean aggregateAttrs = Boolean.valueOf(mappingModel.getConfig().get(ProtocolMapperUtils.AGGREGATE_ATTRS));
Collection<String> attributeValue = KeycloakModelUtils.resolveAttribute(user, attributeName, aggregateAttrs);
if (attributeValue == null) return;
OIDCAttributeMapperHelper.mapClaim(token, mappingModel, attributeValue);
}
Example #15
| Source File: SHA256PairwiseSubMapper.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public String generateSub(ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub) {
String saltStr = PairwiseSubMapperHelper.getSalt(mappingModel);
if (saltStr == null) {
throw new IllegalStateException("Salt not available on mappingModel. Please update protocol mapper");
}
Charset charset = Charset.forName("UTF-8");
byte[] salt = saltStr.getBytes(charset);
String pairwiseSub = generateSub(sectorIdentifier, localSub, salt);
logger.tracef("local sub = '%s', pairwise sub = '%s'", localSub, pairwiseSub);
return pairwiseSub;
}
Example #16
| Source File: ClientScopeAdapter.java From keycloak with Apache License 2.0 | 5 votes |
|
protected ProtocolMapperModel entityToModel(ProtocolMapperEntity entity) {
ProtocolMapperModel mapping = new ProtocolMapperModel();
mapping.setId(entity.getId());
mapping.setName(entity.getName());
mapping.setProtocol(entity.getProtocol());
mapping.setProtocolMapper(entity.getProtocolMapper());
Map<String, String> config = new HashMap<String, String>();
if (entity.getConfig() != null) config.putAll(entity.getConfig());
mapping.setConfig(config);
return mapping;
}
Example #17
| Source File: AbstractOIDCProtocolMapper.java From keycloak with Apache License 2.0 | 5 votes |
|
public IDToken transformIDToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
UserSessionModel userSession, ClientSessionContext clientSessionCtx) {
if (!OIDCAttributeMapperHelper.includeInIDToken(mappingModel)){
return token;
}
setClaim(token, mappingModel, userSession, session, clientSessionCtx);
return token;
}
Example #18
| Source File: SimpleOidcMapper.java From keycloak-extension-playground with Apache License 2.0 | 5 votes |
|
@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession, ClientSessionContext clientSessionCtx) {
Object claimValue = mappingModel.getConfig().getOrDefault(CONFIG_PROPERTY, "defaultProperty");
LOGGER.infof("setClaim %s=%s", mappingModel.getName(), claimValue);
OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
}
Example #19
| Source File: ClientAdapter.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void updateProtocolMapper(ProtocolMapperModel mapping) {
ProtocolMapperEntity entity = getProtocolMapperEntity(mapping.getId());
entity.setProtocolMapper(mapping.getProtocolMapper());
if (entity.getConfig() == null) {
entity.setConfig(mapping.getConfig());
} else {
entity.getConfig().clear();
entity.getConfig().putAll(mapping.getConfig());
}
em.flush();
}
Example #20
| Source File: ClientScopeAdapter.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public ProtocolMapperModel getProtocolMapperById(String id) {
for (ProtocolMapperModel mapping : cached.getProtocolMappers()) {
if (mapping.getId().equals(id)) return mapping;
}
return null;
}
Example #21
| Source File: UserAttributeStatementMapper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static ProtocolMapperModel createAttributeMapper(String name, String userAttribute,
String samlAttributeName, String nameFormat, String friendlyName) {
String mapperId = PROVIDER_ID;
return AttributeStatementHelper.createAttributeMapper(name, userAttribute, samlAttributeName, nameFormat, friendlyName,
mapperId);
}
Example #22
| Source File: UserPropertyAttributeStatementMapper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static ProtocolMapperModel createAttributeMapper(String name, String userAttribute,
String samlAttributeName, String nameFormat, String friendlyName,
boolean consentRequired, String consentText) {
String mapperId = PROVIDER_ID;
return AttributeStatementHelper.createAttributeMapper(name, userAttribute, samlAttributeName, nameFormat, friendlyName,
mapperId);
}
Example #23
| Source File: AttributeStatementHelper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static AttributeType createAttributeType(ProtocolMapperModel mappingModel) {
String attributeName = mappingModel.getConfig().get(SAML_ATTRIBUTE_NAME);
AttributeType attribute = new AttributeType(attributeName);
String attributeType = mappingModel.getConfig().get(SAML_ATTRIBUTE_NAMEFORMAT);
String attributeNameFormat = JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get();
if (URI_REFERENCE.equals(attributeType)) attributeNameFormat = JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get();
else if (UNSPECIFIED.equals(attributeType)) attributeNameFormat = JBossSAMLURIConstants.ATTRIBUTE_FORMAT_UNSPECIFIED.get();
attribute.setNameFormat(attributeNameFormat);
String friendlyName = mappingModel.getConfig().get(FRIENDLY_NAME);
if (friendlyName != null && !friendlyName.trim().equals("")) attribute.setFriendlyName(friendlyName);
return attribute;
}
Example #24
| Source File: RoleNameMapper.java From keycloak with Apache License 2.0 | 5 votes |
|
public static ProtocolMapperModel create(String name,
String role,
String newName) {
String mapperId = PROVIDER_ID;
ProtocolMapperModel mapper = new ProtocolMapperModel();
mapper.setName(name);
mapper.setProtocolMapper(mapperId);
mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<>();
config.put(ROLE_CONFIG, role);
config.put(NEW_ROLE_NAME, newName);
mapper.setConfig(config);
return mapper;
}
Example #25
| Source File: UserStorageConsentTest.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void setupConsent(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("demo");
ClientModel product = session.realms().getClientByClientId("product-portal", realm);
product.setConsentRequired(true);
ClientScopeModel clientScope = realm.addClientScope("clientScope");
clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
System.err.println("client scope protocol mappers size: " + clientScope.getProtocolMappers().size());
for (ProtocolMapperModel mapper : product.getProtocolMappers()) {
if (mapper.getProtocol().equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) {
if (mapper.getName().equals(OIDCLoginProtocolFactory.USERNAME)
|| mapper.getName().equals(OIDCLoginProtocolFactory.EMAIL)
|| mapper.getName().equals(OIDCLoginProtocolFactory.GIVEN_NAME)
) {
ProtocolMapperModel copy = new ProtocolMapperModel();
copy.setName(mapper.getName());
copy.setProtocol(mapper.getProtocol());
Map<String, String> config = new HashMap<>();
config.putAll(mapper.getConfig());
copy.setConfig(config);
copy.setProtocolMapper(mapper.getProtocolMapper());
clientScope.addProtocolMapper(copy);
}
}
product.removeProtocolMapper(mapper);
}
product.addClientScope(clientScope, true);
}
Example #26
| Source File: AbstractKerberosSingleRealmTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void credentialDelegationTest() throws Exception {
Assume.assumeTrue("Ignoring test as the embedded server is not started", getKerberosRule().isStartEmbeddedLdapServer());
// Add kerberos delegation credential mapper
ProtocolMapperModel protocolMapper = UserSessionNoteMapper.createClaimMapper(KerberosConstants.GSS_DELEGATION_CREDENTIAL_DISPLAY_NAME,
KerberosConstants.GSS_DELEGATION_CREDENTIAL,
KerberosConstants.GSS_DELEGATION_CREDENTIAL, "String",
true, false);
ProtocolMapperRepresentation protocolMapperRep = ModelToRepresentation.toRepresentation(protocolMapper);
ClientResource clientResource = findClientByClientId(testRealmResource(), "kerberos-app");
Response response = clientResource.getProtocolMappers().createMapper(protocolMapperRep);
String protocolMapperId = ApiUtil.getCreatedId(response);
response.close();
// SPNEGO login
AccessToken token = assertSuccessfulSpnegoLogin("hnelson", "hnelson", "secret");
// Assert kerberos ticket in the accessToken can be re-used to authenticate against other 3rd party kerberos service (ApacheDS Server in this case)
String serializedGssCredential = (String) token.getOtherClaims().get(KerberosConstants.GSS_DELEGATION_CREDENTIAL);
Assert.assertNotNull(serializedGssCredential);
GSSCredential gssCredential = KerberosSerializationUtils.deserializeCredential(serializedGssCredential);
String ldapResponse = invokeLdap(gssCredential, token.getPreferredUsername());
Assert.assertEquals("Horatio Nelson", ldapResponse);
// Logout
oauth.openLogout();
// Remove protocolMapper
clientResource.getProtocolMappers().delete(protocolMapperId);
// Login and assert delegated credential not anymore
token = assertSuccessfulSpnegoLogin("hnelson", "hnelson", "secret");
Assert.assertFalse(token.getOtherClaims().containsKey(KerberosConstants.GSS_DELEGATION_CREDENTIAL));
events.clear();
}
Example #27
| Source File: AddressMapper.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
UserModel user = userSession.getUser();
AddressClaimSet addressSet = new AddressClaimSet();
addressSet.setStreetAddress(getUserModelAttributeValue(user, mappingModel, STREET));
addressSet.setLocality(getUserModelAttributeValue(user, mappingModel, AddressClaimSet.LOCALITY));
addressSet.setRegion(getUserModelAttributeValue(user, mappingModel, AddressClaimSet.REGION));
addressSet.setPostalCode(getUserModelAttributeValue(user, mappingModel, AddressClaimSet.POSTAL_CODE));
addressSet.setCountry(getUserModelAttributeValue(user, mappingModel, AddressClaimSet.COUNTRY));
addressSet.setFormattedAddress(getUserModelAttributeValue(user, mappingModel, AddressClaimSet.FORMATTED));
token.getOtherClaims().put("address", addressSet);
}
Example #28
| Source File: AddressMapper.java From keycloak with Apache License 2.0 | 5 votes |
|
private String getUserModelAttributeValue(UserModel user, ProtocolMapperModel mappingModel, String claim) {
String modelPropertyName = getModelPropertyName(claim);
String userAttrName = mappingModel.getConfig().get(modelPropertyName);
if (userAttrName == null) {
userAttrName = claim;
}
return user.getFirstAttribute(userAttrName);
}
Example #29
| Source File: UserRealmRoleMappingMapper.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession session, ClientSessionContext clientSessionCtx) {
String rolePrefix = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX);
AccessToken.Access access = RoleResolveUtil.getResolvedRealmRoles(session, clientSessionCtx, false);
if (access == null) {
return;
}
AbstractUserRoleMappingMapper.setClaim(token, mappingModel, access.getRoles(),null, rolePrefix);
}
Example #30
| Source File: ProtocolMappersResource.java From keycloak with Apache License 2.0 | 5 votes |
|
/**
* Delete the mapper
*
* @param id Mapper id
*/
@DELETE
@NoCache
@Path("models/{id}")
public void delete(@PathParam("id") String id) {
managePermission.require();
ProtocolMapperModel model = client.getProtocolMapperById(id);
if (model == null) throw new NotFoundException("Model not found");
client.removeProtocolMapper(model);
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
}
