Java Code Examples for org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper#mapClaim()

@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession session, ClientSessionContext clientSessionCtx) {

    RealmModel realm = userSession.getRealm();
    UserModel user = userSession.getUser();

    List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
    Set<FederatedIdentityModel> identities = session.users().getFederatedIdentities(user, realm);

    if (identityProviders == null || identityProviders.isEmpty()) {
        return;
    }

    for (IdentityProviderModel provider : identityProviders) {
        if (!provider.isEnabled()) {
            continue;
        }

        String providerId = provider.getAlias();
        FederatedIdentityModel identity = getIdentity(identities, providerId);

        if (identity != null) {
            String userId = identity.getUserId();
            OIDCAttributeMapperHelper.mapClaim(token, mappingModel, userId);
        }
    }
}
 

@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession, ClientSessionContext clientSessionCtx) {

    Object claimValue = mappingModel.getConfig().getOrDefault(CONFIG_PROPERTY, "defaultProperty");
    LOGGER.infof("setClaim %s=%s", mappingModel.getName(), claimValue);

    OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
}
 

@Override
protected void setClaim(final IDToken token, final ProtocolMapperModel mappingModel, final UserSessionModel userSession, final KeycloakSession keycloakSession) {
    // adds our data to the token. Uses the parameters like the claim name which were set by the user
    // when this protocol mapper was configured in keycloak. Note that the parameters which can
    // be configured in keycloak for this protocol mapper were set in the static intializer of this class.
    //
    // Sets a static "Hello world" string, but we could write a dynamic value like a group attribute here too.
    OIDCAttributeMapperHelper.mapClaim(token, mappingModel, "hello world");
}
 

@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession, ClientSessionContext clientSessionCtx) {

    HttpRequest httpRequest = keycloakSession.getContext().getContextObject(HttpRequest.class);
    MultivaluedMap<String, String> formParams = httpRequest.getDecodedFormParameters();
    String targetUserId = formParams.getFirst("targetUserId");
    String clients = formParams.getFirst("targetClients");

    if (targetUserId == null || clients == null) {
        return;
    }

    Map<String, String> config = mappingModel.getConfig();

    String originalUserSubKey = DEFAULT_ORIGINAL_USER_SUB_KEY;
    String pairwiseSubMapperName = DEFAULT_PAIRWISE_SUB_MAPPER_NAME;
    if (config != null) {
        originalUserSubKey = config.getOrDefault(ORIGINAL_USER_SUB_KEY, originalUserSubKey);
        pairwiseSubMapperName = config.getOrDefault(PAIRWISE_SUB_MAPPER_NAME, pairwiseSubMapperName);
    }

    Map<String, Object> data = new HashMap<>();

    SHA256PairwiseSubMapper subMapper = new SHA256PairwiseSubMapper();

    data.put(originalUserSubKey, targetUserId);

    for (String clientId : clients.split(" ")) {
        ClientModel client = keycloakSession.getContext().getRealm().getClientByClientId(clientId);
        if (client == null) {
            continue;
        }
        ProtocolMapperModel mapperModel = client.getProtocolMapperByName("openid-connect", pairwiseSubMapperName);
        if (mapperModel == null) {
            continue;
        }
        String clientSub = subMapper.generateSub(mapperModel, mapperModel.getConfig().get(PairwiseSubMapperHelper.SECTOR_IDENTIFIER_URI), targetUserId);
        data.put(clientId, clientSub);
    }


    JsonNode claimValue;
    try {
        claimValue = JsonSerialization.createObjectNode(data);
    } catch (IOException ioe) {
        log.warnf("Could not convert object to jsonNode.", ioe);
        return;
    }

    OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
}
 

@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession, ClientSessionContext clientSessionCtx) {

    Object claimValue = "42";

    fetchCrossRealmData(keycloakSession);

    LOGGER.infof("setClaim %s=%s", mappingModel.getName(), claimValue);

    OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
}
 

@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession, ClientSessionContext clientSessionCtx) {

    Object claimValue = fetchLdapClaims(mappingModel, userSession, keycloakSession);

    LOGGER.infof("setClaim %s=%s", mappingModel.getName(), claimValue);

    OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
}
 

@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession, ClientSessionContext clientSessionCtx) {

    Object claimValue = fetchRemoteClaims(mappingModel, userSession, keycloakSession);

    LOGGER.infof("setClaim %s=%s", mappingModel.getName(), claimValue);

    OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
}