org.keycloak.protocol.ProtocolMapperUtils Java Examples

The following examples show how to use org.keycloak.protocol.ProtocolMapperUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DefaultClientSessionContext.java    From keycloak with Apache License 2.0 6 votes vote down vote up
private Set<ProtocolMapperModel> loadProtocolMappers() {
    Set<ClientScopeModel> clientScopes = getClientScopes();
    String protocol = clientSession.getClient().getProtocol();

    // Being rather defensive. But protocol should normally always be there
    if (protocol == null) {
        logger.warnf("Client '%s' doesn't have protocol set. Fallback to openid-connect. Please fix client configuration", clientSession.getClient().getClientId());
        protocol = OIDCLoginProtocol.LOGIN_PROTOCOL;
    }

    Set<ProtocolMapperModel> protocolMappers = new HashSet<>();
    for (ClientScopeModel clientScope : clientScopes) {
        Set<ProtocolMapperModel> currentMappers = clientScope.getProtocolMappers();
        for (ProtocolMapperModel currentMapper : currentMappers) {
            if (protocol.equals(currentMapper.getProtocol()) && ProtocolMapperUtils.isEnabled(session, currentMapper)) {
                protocolMappers.add(currentMapper);
            }
        }
    }

    return protocolMappers;
}
 
Example #2
Source File: UserSessionNoteMapper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static ProtocolMapperModel createClaimMapper(String name,
                                                    String userSessionNote,
                                                    String tokenClaimName, String jsonType,
                                                    boolean accessToken, boolean idToken) {
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(PROVIDER_ID);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<>();
    config.put(ProtocolMapperUtils.USER_SESSION_NOTE, userSessionNote);
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, tokenClaimName);
    config.put(OIDCAttributeMapperHelper.JSON_TYPE, jsonType);
    if (accessToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    if (idToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    mapper.setConfig(config);
    return mapper;
}
 
Example #3
Source File: UserAttributeMapper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static ProtocolMapperModel createClaimMapper(String name,
                                                    String userAttribute,
                                                    String tokenClaimName, String claimType,
                                                    boolean accessToken, boolean idToken,
                                                    boolean multivalued, boolean aggregateAttrs) {
    ProtocolMapperModel mapper = OIDCAttributeMapperHelper.createClaimMapper(name, userAttribute,
            tokenClaimName, claimType,
            accessToken, idToken,
            PROVIDER_ID);

    if (multivalued) {
        mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, "true");
    }
    if (aggregateAttrs) {
        mapper.getConfig().put(ProtocolMapperUtils.AGGREGATE_ATTRS, "true");
    }

    return mapper;
}
 
Example #4
Source File: AbstractUserRoleMappingMapper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieves all roles of the current user based on direct roles set to the user, its groups and their parent groups.
 * Then it recursively expands all composite roles, and restricts according to the given predicate {@code restriction}.
 * If the current client sessions is restricted (i.e. no client found in active user session has full scope allowed),
 * the final list of roles is also restricted by the client scope. Finally, the list is mapped to the token into
 * a claim.
 *
 * @param token
 * @param mappingModel
 * @param rolesToAdd
 * @param clientId
 * @param prefix
 */
protected static void setClaim(IDToken token, ProtocolMapperModel mappingModel, Set<String> rolesToAdd,
                               String clientId, String prefix) {

    Set<String> realmRoleNames;
    if (prefix != null && !prefix.isEmpty()) {
        realmRoleNames = rolesToAdd.stream()
                .map(roleName -> prefix + roleName)
                .collect(Collectors.toSet());
    } else {
        realmRoleNames = rolesToAdd;
    }

    Object claimValue = realmRoleNames;

    boolean multiValued = "true".equals(mappingModel.getConfig().get(ProtocolMapperUtils.MULTIVALUED));
    if (!multiValued) {
        claimValue = realmRoleNames.toString();
    }

    //OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
    mapClaim(token, mappingModel, claimValue, clientId);
}
 
Example #5
Source File: OIDCAttributeMapperHelper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static ProtocolMapperModel createClaimMapper(String name,
                              String userAttribute,
                              String tokenClaimName, String claimType,
                              boolean accessToken, boolean idToken, boolean userinfo,
                              String mapperId) {
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(mapperId);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<String, String>();
    config.put(ProtocolMapperUtils.USER_ATTRIBUTE, userAttribute);
    config.put(TOKEN_CLAIM_NAME, tokenClaimName);
    config.put(JSON_TYPE, claimType);
    if (accessToken) config.put(INCLUDE_IN_ACCESS_TOKEN, "true");
    if (idToken) config.put(INCLUDE_IN_ID_TOKEN, "true");
    if (userinfo) config.put(INCLUDE_IN_USERINFO, "true");
    mapper.setConfig(config);
    return mapper;
}
 
Example #6
Source File: AttributeStatementHelper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static ProtocolMapperModel createAttributeMapper(String name, String userAttribute, String samlAttributeName, String nameFormat,  String friendlyName, String mapperId) {
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(mapperId);
    mapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<>();
    if (userAttribute != null) config.put(ProtocolMapperUtils.USER_ATTRIBUTE, userAttribute);
    config.put(SAML_ATTRIBUTE_NAME, samlAttributeName);
    if (friendlyName != null) {
        config.put(FRIENDLY_NAME, friendlyName);
    }
    if (nameFormat != null) {
        config.put(SAML_ATTRIBUTE_NAMEFORMAT, nameFormat);
    }
    mapper.setConfig(config);
    return mapper;
}
 
Example #7
Source File: UserClientRoleMappingMapper.java    From keycloak-protocol-cas with Apache License 2.0 6 votes vote down vote up
@Override
public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession,
                         KeycloakSession session, ClientSessionContext clientSessionCtx) {
    String clientId = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID);
    String rolePrefix = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX);

    if (clientId != null && !clientId.isEmpty()) {
        AccessToken.Access access = RoleResolveUtil.getResolvedClientRoles(session, clientSessionCtx, clientId, false);
        if (access == null) {
            return;
        }
        setAttribute(attributes, mappingModel, access.getRoles(), rolePrefix);
    } else {
        // If clientId is not specified, we consider all clients
        Map<String, AccessToken.Access> allAccess = RoleResolveUtil.getAllResolvedClientRoles(session, clientSessionCtx);
        Set<String> allRoles = allAccess.values().stream().filter(Objects::nonNull)
                .flatMap(access -> access.getRoles().stream())
                .collect(Collectors.toSet());
        setAttribute(attributes, mappingModel, allRoles, rolePrefix);
    }
}
 
Example #8
Source File: UserRealmRoleMappingMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel create(String realmRolePrefix,
                                         String name,
                                         String tokenClaimName, boolean accessToken, boolean idToken, boolean multiValued) {
    ProtocolMapperModel mapper = OIDCAttributeMapperHelper.createClaimMapper(name, "foo",
      tokenClaimName, "String",
      accessToken, idToken, false,
      PROVIDER_ID);

    mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, String.valueOf(multiValued));
    mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX, realmRolePrefix);
    return mapper;
}
 
Example #9
Source File: UserRealmRoleMappingMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession session, ClientSessionContext clientSessionCtx) {
    String rolePrefix = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX);

    AccessToken.Access access = RoleResolveUtil.getResolvedRealmRoles(session, clientSessionCtx, false);
    if (access == null) {
        return;
    }

    AbstractUserRoleMappingMapper.setClaim(token, mappingModel, access.getRoles(),null, rolePrefix);
}
 
Example #10
Source File: UserAttributeStatementMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
    UserModel user = userSession.getUser();
    String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
    boolean aggregateAttrs = Boolean.valueOf(mappingModel.getConfig().get(ProtocolMapperUtils.AGGREGATE_ATTRS));
    Collection<String> attributeValues = KeycloakModelUtils.resolveAttribute(user, attributeName, aggregateAttrs);
    if (attributeValues.isEmpty()) return;
    AttributeStatementHelper.addAttributes(attributeStatement, mappingModel, attributeValues);
}
 
Example #11
Source File: UserPropertyMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
    UserModel user = userSession.getUser();
    String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);

    if (propertyName == null || propertyName.trim().isEmpty()) return;

    String propertyValue = ProtocolMapperUtils.getUserModelValue(user, propertyName);
    OIDCAttributeMapperHelper.mapClaim(token, mappingModel, propertyValue);
}
 
Example #12
Source File: RealmManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void setupAdminConsoleLocaleMapper(RealmModel realm) {
    ClientModel adminConsole = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
    ProtocolMapperModel localeMapper = adminConsole.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, OIDCLoginProtocolFactory.LOCALE);

    if (localeMapper == null) {
        localeMapper = ProtocolMapperUtils.findLocaleMapper(session);
        if (localeMapper != null) {
            adminConsole.addProtocolMapper(localeMapper);
        }
    }
}
 
Example #13
Source File: UserAttributeMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {

        UserModel user = userSession.getUser();
        String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
        boolean aggregateAttrs = Boolean.valueOf(mappingModel.getConfig().get(ProtocolMapperUtils.AGGREGATE_ATTRS));
        Collection<String> attributeValue = KeycloakModelUtils.resolveAttribute(user, attributeName, aggregateAttrs);
        if (attributeValue == null) return;
        OIDCAttributeMapperHelper.mapClaim(token, mappingModel, attributeValue);
    }
 
Example #14
Source File: ScriptBasedOIDCProtocolMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel create(String name,
                                         String userAttribute,
                                         String tokenClaimName, String claimType,
                                         boolean accessToken, boolean idToken, String script, boolean multiValued) {
  ProtocolMapperModel mapper = OIDCAttributeMapperHelper.createClaimMapper(name, userAttribute,
    tokenClaimName, claimType,
    accessToken, idToken,
    PROVIDER_ID);

  mapper.getConfig().put(SCRIPT, script);
  mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, String.valueOf(multiValued));

  return mapper;
}
 
Example #15
Source File: UserSessionNoteMapper.java    From keycloak-protocol-cas with Apache License 2.0 5 votes vote down vote up
@Override
public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession,
                         KeycloakSession session, ClientSessionContext clientSessionCt) {
    String noteName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_SESSION_NOTE);
    String noteValue = userSession.getNote(noteName);
    if (noteValue == null) return;
    setMappedAttribute(attributes, mappingModel, noteValue);
}
 
Example #16
Source File: UserClientRoleMappingMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel create(String clientId, String clientRolePrefix,
                                         String name,
                                         String tokenClaimName,
                                         boolean accessToken, boolean idToken, boolean multiValued) {
    ProtocolMapperModel mapper = OIDCAttributeMapperHelper.createClaimMapper(name, "foo",
            tokenClaimName, "String",
            accessToken, idToken, false,
            PROVIDER_ID);

    mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, String.valueOf(multiValued));
    mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, clientId);
    mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX, clientRolePrefix);
    return mapper;
}
 
Example #17
Source File: UserSessionNoteMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {

        String noteName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_SESSION_NOTE);
        String noteValue = userSession.getNote(noteName);
        if (noteValue == null) return;
        OIDCAttributeMapperHelper.mapClaim(token, mappingModel, noteValue);
    }
 
Example #18
Source File: AbstractBasePhotozExampleAdapterTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void setManageAlbumScopeRequired() {
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();

    clientScope.setName("manage-albums");
    clientScope.setProtocol("openid-connect");

    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();

    mapper.setName("manage-albums");
    mapper.setProtocol("openid-connect");
    mapper.setProtocolMapper(UserClientRoleMappingMapper.PROVIDER_ID);

    Map<String, String> config = new HashMap<>();
    config.put("access.token.claim", "true");
    config.put("id.token.claim", "true");
    config.put("userinfo.token.claim", "true");
    config.put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, "photoz-restful-api");

    mapper.setConfig(config);

    clientScope.setProtocolMappers(Arrays.asList(mapper));

    RealmResource realmResource = realmsResouce().realm(REALM_NAME);
    ClientScopesResource clientScopes = realmResource.clientScopes();
    Response resp = clientScopes.create(clientScope);
    Assert.assertEquals(201, resp.getStatus());
    resp.close();
    String clientScopeId = ApiUtil.getCreatedId(resp);
    ClientResource resourceServer = getClientResource(RESOURCE_SERVER_ID);
    clientScopes.get(clientScopeId).getScopeMappings().clientLevel(resourceServer.toRepresentation().getId()).add(Arrays.asList(resourceServer.roles().get("manage-albums").toRepresentation()));
    ClientResource html5ClientApp = getClientResource("photoz-html5-client");
    html5ClientApp.addOptionalClientScope(clientScopeId);
    html5ClientApp.getScopeMappings().realmLevel().add(Arrays.asList(realmResource.roles().get("user").toRepresentation(), realmResource.roles().get("admin").toRepresentation()));
    ClientRepresentation clientRep = html5ClientApp.toRepresentation();
    clientRep.setFullScopeAllowed(false);
    html5ClientApp.update(clientRep);
}
 
Example #19
Source File: UserSessionNoteMapper.java    From keycloak-protocol-cas with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel create(String name,
                                         String userSessionNote,
                                         String tokenClaimName, String jsonType) {
    ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName,
            jsonType, PROVIDER_ID);
    mapper.getConfig().put(ProtocolMapperUtils.USER_SESSION_NOTE, userSessionNote);
    return mapper;
}
 
Example #20
Source File: UserClientRoleMappingMapper.java    From keycloak-protocol-cas with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel create(String clientId, String clientRolePrefix,
                                         String name, String tokenClaimName) {
    ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName,
            "String", PROVIDER_ID);
    mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, clientId);
    mapper.getConfig().put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_ROLE_PREFIX, clientRolePrefix);
    return mapper;
}
 
Example #21
Source File: UserAttributeMapper.java    From keycloak-protocol-cas with Apache License 2.0 5 votes vote down vote up
@Override
public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession,
                         KeycloakSession session, ClientSessionContext clientSessionCt) {
    UserModel user = userSession.getUser();
    String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
    boolean aggregateAttrs = Boolean.valueOf(mappingModel.getConfig().get(ProtocolMapperUtils.AGGREGATE_ATTRS));
    Collection<String> attributeValue = KeycloakModelUtils.resolveAttribute(user, attributeName, aggregateAttrs);
    setMappedAttribute(attributes, mappingModel, attributeValue);
}
 
Example #22
Source File: UserAttributeMapper.java    From keycloak-protocol-cas with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel create(String name, String userAttribute,
                                         String tokenClaimName, String claimType,
                                         boolean multivalued, boolean aggregateAttrs) {
    ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName,
            claimType, PROVIDER_ID);
    mapper.getConfig().put(ProtocolMapperUtils.USER_ATTRIBUTE, userAttribute);
    if (multivalued) {
        mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, "true");
    }
    if (aggregateAttrs) {
        mapper.getConfig().put(ProtocolMapperUtils.AGGREGATE_ATTRS, "true");
    }
    return mapper;
}
 
Example #23
Source File: UserPropertyMapper.java    From keycloak-protocol-cas with Apache License 2.0 5 votes vote down vote up
@Override
public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession,
                         KeycloakSession session, ClientSessionContext clientSessionCt) {
    UserModel user = userSession.getUser();
    String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
    String propertyValue = ProtocolMapperUtils.getUserModelValue(user, propertyName);
    setMappedAttribute(attributes, mappingModel, propertyValue);
}
 
Example #24
Source File: UserPropertyMapper.java    From keycloak-protocol-cas with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperModel create(String name, String userAttribute,
                                         String tokenClaimName, String claimType) {
    ProtocolMapperModel mapper = CASAttributeMapperHelper.createClaimMapper(name, tokenClaimName,
            claimType, PROVIDER_ID);
    mapper.getConfig().put(ProtocolMapperUtils.USER_ATTRIBUTE, userAttribute);
    return mapper;
}
 
Example #25
Source File: UserRealmRoleMappingMapper.java    From keycloak-protocol-cas with Apache License 2.0 5 votes vote down vote up
@Override
public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession,
                         KeycloakSession session, ClientSessionContext clientSessionCtx) {
    String rolePrefix = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_REALM_ROLE_MAPPING_ROLE_PREFIX);

    AccessToken.Access access = RoleResolveUtil.getResolvedRealmRoles(session, clientSessionCtx, false);
    if (access == null) {
        return;
    }

    setAttribute(attributes, mappingModel, access.getRoles(), rolePrefix);
}
 
Example #26
Source File: TokenManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public void transformIDToken(KeycloakSession session, IDToken token,
                                  UserSessionModel userSession, ClientSessionContext clientSessionCtx) {

    for (Map.Entry<ProtocolMapperModel, ProtocolMapper> entry : ProtocolMapperUtils.getSortedProtocolMappers(session, clientSessionCtx)) {
        ProtocolMapperModel mapping = entry.getKey();
        ProtocolMapper mapper = entry.getValue();

        if (mapper instanceof OIDCIDTokenMapper) {
            token = ((OIDCIDTokenMapper) mapper).transformIDToken(token, mapping, session, userSession, clientSessionCtx);
        }
    }
}
 
Example #27
Source File: TokenManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public AccessToken transformAccessToken(KeycloakSession session, AccessToken token,
                                        UserSessionModel userSession, ClientSessionContext clientSessionCtx) {

    for (Map.Entry<ProtocolMapperModel, ProtocolMapper> entry : ProtocolMapperUtils.getSortedProtocolMappers(session, clientSessionCtx)) {
        ProtocolMapperModel mapping = entry.getKey();
        ProtocolMapper mapper = entry.getValue();
        if (mapper instanceof OIDCAccessTokenMapper) {
            token = ((OIDCAccessTokenMapper) mapper).transformAccessToken(token, mapping, session, userSession, clientSessionCtx);
        }
    }

    return token;
}
 
Example #28
Source File: TokenManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public AccessToken transformUserInfoAccessToken(KeycloakSession session, AccessToken token,
                                        UserSessionModel userSession, ClientSessionContext clientSessionCtx) {

    for (Map.Entry<ProtocolMapperModel, ProtocolMapper> entry : ProtocolMapperUtils.getSortedProtocolMappers(session, clientSessionCtx)) {
        ProtocolMapperModel mapping = entry.getKey();
        ProtocolMapper mapper = entry.getValue();

        if (mapper instanceof UserInfoTokenMapper) {
            token = ((UserInfoTokenMapper) mapper).transformUserInfoToken(token, mapping, session, userSession, clientSessionCtx);
        }
    }

    return token;
}
 
Example #29
Source File: KcOidcBrokerConfiguration.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
public List<ClientRepresentation> createProviderClients() {
    ClientRepresentation client = new ClientRepresentation();
    client.setId(CLIENT_ID);
    client.setClientId(getIDPClientIdInProviderRealm());
    client.setName(CLIENT_ID);
    client.setSecret(CLIENT_SECRET);
    client.setEnabled(true);

    client.setRedirectUris(Collections.singletonList(getConsumerRoot() +
            "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"));

    client.setAdminUrl(getConsumerRoot() +
            "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint");

    ProtocolMapperRepresentation emailMapper = new ProtocolMapperRepresentation();
    emailMapper.setName("email");
    emailMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    emailMapper.setProtocolMapper(UserPropertyMapper.PROVIDER_ID);

    Map<String, String> emailMapperConfig = emailMapper.getConfig();
    emailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "email");
    emailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "email");
    emailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");

    ProtocolMapperRepresentation nestedAttrMapper = new ProtocolMapperRepresentation();
    nestedAttrMapper.setName("attribute - nested claim");
    nestedAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    nestedAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> nestedEmailMapperConfig = nestedAttrMapper.getConfig();
    nestedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "nested.email");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "nested.email");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");

    ProtocolMapperRepresentation dottedAttrMapper = new ProtocolMapperRepresentation();
    dottedAttrMapper.setName("attribute - claim with dot in name");
    dottedAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    dottedAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> dottedEmailMapperConfig = dottedAttrMapper.getConfig();
    dottedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "dotted.email");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "dotted\\.email");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");

    ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
    userAttrMapper.setName("attribute - name");
    userAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    userAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
    userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    userAttrMapperConfig.put(ProtocolMapperUtils.MULTIVALUED, "true");

    ProtocolMapperRepresentation userAttrMapper2 = new ProtocolMapperRepresentation();
    userAttrMapper2.setName("attribute - name - 2");
    userAttrMapper2.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    userAttrMapper2.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> userAttrMapperConfig2 = userAttrMapper2.getConfig();
    userAttrMapperConfig2.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_NAME_2);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_NAME_2);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    userAttrMapperConfig2.put(ProtocolMapperUtils.MULTIVALUED, "true");

    ProtocolMapperRepresentation hardcodedJsonClaim = new ProtocolMapperRepresentation();
    hardcodedJsonClaim.setName("json-mapper");
    hardcodedJsonClaim.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    hardcodedJsonClaim.setProtocolMapper(HardcodedClaim.PROVIDER_ID);

    Map<String, String> hardcodedJsonClaimMapperConfig = hardcodedJsonClaim.getConfig();
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, KcOidcBrokerConfiguration.USER_INFO_CLAIM);
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, "JSON");
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    hardcodedJsonClaimMapperConfig.put(HardcodedClaim.CLAIM_VALUE, "{\"" + HARDOCDED_CLAIM + "\": \"" + HARDOCDED_VALUE + "\"}");

    client.setProtocolMappers(Arrays.asList(emailMapper, userAttrMapper, userAttrMapper2, nestedAttrMapper, dottedAttrMapper, hardcodedJsonClaim));

    return Collections.singletonList(client);
}
 
Example #30
Source File: AbstractUserRoleMappingMapper.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
public int getPriority() {
    return ProtocolMapperUtils.PRIORITY_ROLE_MAPPER;
}