mapper refactoring
This commit is contained in:
Bill Burke
parent
f54da90d71
commit
4361ce1d42
12 changed files with 263 additions and 129 deletions
|
|
@ -4,17 +4,29 @@ import org.keycloak.Config;
|
|||
import org.keycloak.events.EventBuilder;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.protocol.AbstractLoginProtocolFactory;
|
||||
import org.keycloak.protocol.LoginProtocol;
|
||||
import org.keycloak.protocol.LoginProtocolFactory;
|
||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
|
||||
import org.keycloak.protocol.oidc.mappers.OIDCUserModelMapper;
|
||||
import org.keycloak.protocol.saml.mappers.AttributeStatementHelper;
|
||||
import org.keycloak.protocol.saml.mappers.UserAttributeBasicAttributeStatementMapper;
|
||||
import org.keycloak.protocol.saml.mappers.UserModelUriReferenceAttributeStatementMapper;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.picketlink.identity.federation.core.saml.v2.constants.X500SAMLProfileConstants;
|
||||
import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class SamlProtocolFactory implements LoginProtocolFactory {
|
||||
public class SamlProtocolFactory extends AbstractLoginProtocolFactory {
|
||||
|
||||
@Override
|
||||
public Object createProtocolEndpoint(RealmModel realm, EventBuilder event, AuthenticationManager authManager) {
|
||||
|
|
@ -32,17 +44,29 @@ public class SamlProtocolFactory implements LoginProtocolFactory {
|
|||
sts.installDefaultConfiguration();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postInit(KeycloakSessionFactory factory) {
|
||||
|
||||
}
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "saml";
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void addDefaults(RealmModel realm) {
|
||||
UserModelUriReferenceAttributeStatementMapper.addAttributeMapper(realm, "X500 email",
|
||||
"email",
|
||||
X500SAMLProfileConstants.EMAIL.get(), X500SAMLProfileConstants.EMAIL.getFriendlyName(),
|
||||
true, "email",
|
||||
false);
|
||||
UserModelUriReferenceAttributeStatementMapper.addAttributeMapper(realm, "X500 givenName",
|
||||
"firstName",
|
||||
X500SAMLProfileConstants.GIVEN_NAME.get(), X500SAMLProfileConstants.GIVEN_NAME.getFriendlyName(),
|
||||
true, "given name",
|
||||
false);
|
||||
UserModelUriReferenceAttributeStatementMapper.addAttributeMapper(realm, "X500 surname",
|
||||
"lastName",
|
||||
X500SAMLProfileConstants.SURNAME.get(), X500SAMLProfileConstants.SURNAME.getFriendlyName(),
|
||||
true, "family name",
|
||||
false);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,46 +1,50 @@
|
|||
package org.keycloak.protocol.saml.mappers;
|
||||
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.protocol.ProtocolMapper;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
import org.keycloak.protocol.saml.SamlProtocol;
|
||||
import org.picketlink.common.constants.JBossSAMLURIConstants;
|
||||
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
|
||||
import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class AttributeStatementHelper {
|
||||
public static final String SAML_ATTRIBUTE_NAME = "SAML Attribute Name";
|
||||
public static final String ATTRIBUTE_STATEMENT_CATEGORY = "AttributeStatement Mapper";
|
||||
public static final String URI_REFERENCE = "URI Reference";
|
||||
public static final String URI_REFERENCE_LABEL = "URI Reference";
|
||||
public static final String URI_REFERENCE_HELP_TEXT = "Attribute name for the SAML URI Reference attribute name format";
|
||||
public static final String BASIC = "Basic name";
|
||||
public static final String BASIC_LABEL = "Basic name";
|
||||
public static final String BASIC_HELP_TEXT = "Attribute name for the SAML Basic attribute name format";
|
||||
public static final String FRIENDLY_NAME = "Friendly Name";
|
||||
public static final String FRIENDLY_NAME_HELP_TEXT = "Standard SAML attribute setting. An optional, more human-readable form of the attribute's name that can be provided if the actual attribute name is cryptic.";
|
||||
|
||||
public static void addUriReferenceAttribute(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, String attributeValue) {
|
||||
String attributeName = mappingModel.getConfig().get(URI_REFERENCE);
|
||||
public static void addAttribute(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel,
|
||||
String attributeNameFormat, String attributeValue) {
|
||||
String attributeName = mappingModel.getConfig().get(SAML_ATTRIBUTE_NAME);
|
||||
AttributeType attribute = new AttributeType(attributeName);
|
||||
attribute.setNameFormat(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get());
|
||||
attribute.setNameFormat(attributeNameFormat);
|
||||
String friendlyName = mappingModel.getConfig().get(FRIENDLY_NAME);
|
||||
if (friendlyName != null && friendlyName.trim().equals("")) friendlyName = null;
|
||||
if (friendlyName != null) attribute.setFriendlyName(friendlyName);
|
||||
if (friendlyName != null && !friendlyName.trim().equals("")) attribute.setFriendlyName(friendlyName);
|
||||
attribute.addAttributeValue(attributeValue);
|
||||
attributeStatement.addAttribute(new AttributeStatementType.ASTChoiceType(attribute));
|
||||
}
|
||||
|
||||
public static void addUriReferenceAttribute(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, String attributeValue) {
|
||||
String attributeNameFormat = JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get();
|
||||
addAttribute(attributeStatement, mappingModel, attributeNameFormat, attributeValue);
|
||||
}
|
||||
|
||||
public static void addBasicAttribute(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, String attributeValue) {
|
||||
String attributeName = mappingModel.getConfig().get(BASIC);
|
||||
AttributeType attribute = new AttributeType(attributeName);
|
||||
attribute.setNameFormat(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get());
|
||||
String friendlyName = mappingModel.getConfig().get(FRIENDLY_NAME);
|
||||
if (friendlyName != null && friendlyName.trim().equals("")) friendlyName = null;
|
||||
if (friendlyName != null) attribute.setFriendlyName(friendlyName);
|
||||
attribute.addAttributeValue(attributeValue);
|
||||
attributeStatement.addAttribute(new AttributeStatementType.ASTChoiceType(attribute));
|
||||
addAttribute(attributeStatement, mappingModel, JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get(), attributeValue);
|
||||
}
|
||||
|
||||
protected static void addUriReferenceProperties(List<ProtocolMapper.ConfigProperty> configProperties) {
|
||||
|
|
@ -51,8 +55,8 @@ public class AttributeStatementHelper {
|
|||
property.setHelpText(FRIENDLY_NAME_HELP_TEXT);
|
||||
configProperties.add(property);
|
||||
property = new ProtocolMapper.ConfigProperty();
|
||||
property.setName(URI_REFERENCE);
|
||||
property.setLabel(URI_REFERENCE);
|
||||
property.setName(SAML_ATTRIBUTE_NAME);
|
||||
property.setLabel(URI_REFERENCE_LABEL);
|
||||
property.setHelpText(URI_REFERENCE_HELP_TEXT);
|
||||
configProperties.add(property);
|
||||
}
|
||||
|
|
@ -64,9 +68,29 @@ public class AttributeStatementHelper {
|
|||
property.setHelpText(FRIENDLY_NAME_HELP_TEXT);
|
||||
configProperties.add(property);
|
||||
property = new ProtocolMapper.ConfigProperty();
|
||||
property.setName(BASIC);
|
||||
property.setLabel(BASIC);
|
||||
property.setName(SAML_ATTRIBUTE_NAME);
|
||||
property.setLabel(BASIC_LABEL);
|
||||
property.setHelpText(BASIC_HELP_TEXT);
|
||||
configProperties.add(property);
|
||||
}
|
||||
|
||||
public static void addAttributeMapper(RealmModel realm, String name, String userAttribute, String samlAttributeName, String friendlyName, boolean consentRequired, String consentText, boolean appliedByDefault, String mapperId) {
|
||||
ProtocolMapperModel mapper = realm.getProtocolMapperByName(SamlProtocol.LOGIN_PROTOCOL, name);
|
||||
if (mapper != null) return;
|
||||
mapper = new ProtocolMapperModel();
|
||||
mapper.setName(name);
|
||||
mapper.setProtocolMapper(mapperId);
|
||||
mapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
|
||||
mapper.setConsentRequired(consentRequired);
|
||||
mapper.setConsentText(consentText);
|
||||
mapper.setAppliedByDefault(appliedByDefault);
|
||||
Map<String, String> config = new HashMap<String, String>();
|
||||
config.put(ProtocolMapperUtils.USER_ATTRIBUTE, userAttribute);
|
||||
config.put(SAML_ATTRIBUTE_NAME, samlAttributeName);
|
||||
if (friendlyName != null) {
|
||||
config.put(FRIENDLY_NAME, friendlyName);
|
||||
}
|
||||
mapper.setConfig(config);
|
||||
realm.addProtocolMapper(mapper);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package org.keycloak.protocol.saml.mappers;
|
|||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
|
|
@ -23,8 +24,8 @@ public class UserAttributeBasicAttributeStatementMapper extends AbstractSAMLProt
|
|||
static {
|
||||
ConfigProperty property;
|
||||
property = new ConfigProperty();
|
||||
property.setName(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_NAME);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_NAME);
|
||||
property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_LABEL);
|
||||
property.setHelpText(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_HELP_TEXT);
|
||||
configProperties.add(property);
|
||||
AttributeStatementHelper.addBasicProperties(configProperties);
|
||||
|
|
@ -60,10 +61,21 @@ public class UserAttributeBasicAttributeStatementMapper extends AbstractSAMLProt
|
|||
@Override
|
||||
public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession) {
|
||||
UserModel user = userSession.getUser();
|
||||
String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_NAME);
|
||||
String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
|
||||
String attributeValue = user.getAttribute(attributeName);
|
||||
AttributeStatementHelper.addBasicAttribute(attributeStatement, mappingModel, attributeValue);
|
||||
|
||||
}
|
||||
|
||||
public static void addAttributeMapper(RealmModel realm, String name,
|
||||
String userAttribute,
|
||||
String samlAttributeName,
|
||||
String friendlyName,
|
||||
boolean consentRequired, String consentText,
|
||||
boolean appliedByDefault) {
|
||||
String mapperId = PROVIDER_ID;
|
||||
AttributeStatementHelper.addAttributeMapper(realm, name, userAttribute, samlAttributeName, friendlyName, consentRequired, consentText, appliedByDefault, mapperId);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package org.keycloak.protocol.saml.mappers;
|
|||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
|
|
@ -23,8 +24,8 @@ public class UserAttributeUriReferenceAttributeStatementMapper extends AbstractS
|
|||
static {
|
||||
ConfigProperty property;
|
||||
property = new ConfigProperty();
|
||||
property.setName(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_NAME);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_NAME);
|
||||
property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_LABEL);
|
||||
property.setHelpText(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_HELP_TEXT);
|
||||
configProperties.add(property);
|
||||
AttributeStatementHelper.addUriReferenceProperties(configProperties);
|
||||
|
|
@ -60,10 +61,20 @@ public class UserAttributeUriReferenceAttributeStatementMapper extends AbstractS
|
|||
@Override
|
||||
public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession) {
|
||||
UserModel user = userSession.getUser();
|
||||
String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_NAME);
|
||||
String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_LABEL);
|
||||
String attributeValue = user.getAttribute(attributeName);
|
||||
AttributeStatementHelper.addUriReferenceAttribute(attributeStatement, mappingModel, attributeValue);
|
||||
|
||||
}
|
||||
public static void addAttributeMapper(RealmModel realm, String name,
|
||||
String userAttribute,
|
||||
String samlAttributeName,
|
||||
String friendlyName,
|
||||
boolean consentRequired, String consentText,
|
||||
boolean appliedByDefault) {
|
||||
String mapperId = PROVIDER_ID;
|
||||
AttributeStatementHelper.addAttributeMapper(realm, name, userAttribute, samlAttributeName, friendlyName, consentRequired, consentText, appliedByDefault, mapperId);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package org.keycloak.protocol.saml.mappers;
|
|||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
|
|
@ -23,8 +24,8 @@ public class UserModelBasicAttributeStatementMapper extends AbstractSAMLProtocol
|
|||
static {
|
||||
ConfigProperty property;
|
||||
property = new ConfigProperty();
|
||||
property.setName(ProtocolMapperUtils.USER_MODEL_PROPERTY);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_PROPERTY);
|
||||
property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_PROPERTY_LABEL);
|
||||
property.setHelpText(ProtocolMapperUtils.USER_MODEL_PROPERTY_HELP_TEXT);
|
||||
configProperties.add(property);
|
||||
AttributeStatementHelper.addBasicProperties(configProperties);
|
||||
|
|
@ -60,10 +61,20 @@ public class UserModelBasicAttributeStatementMapper extends AbstractSAMLProtocol
|
|||
@Override
|
||||
public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession) {
|
||||
UserModel user = userSession.getUser();
|
||||
String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_PROPERTY);
|
||||
String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_PROPERTY_LABEL);
|
||||
String propertyValue = ProtocolMapperUtils.getUserModelValue(user, propertyName);
|
||||
AttributeStatementHelper.addBasicAttribute(attributeStatement, mappingModel, propertyValue);
|
||||
|
||||
}
|
||||
|
||||
public static void addAttributeMapper(RealmModel realm, String name,
|
||||
String userAttribute,
|
||||
String samlAttributeName,
|
||||
String friendlyName,
|
||||
boolean consentRequired, String consentText,
|
||||
boolean appliedByDefault) {
|
||||
String mapperId = PROVIDER_ID;
|
||||
AttributeStatementHelper.addAttributeMapper(realm, name, userAttribute, samlAttributeName, friendlyName, consentRequired, consentText, appliedByDefault, mapperId);
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package org.keycloak.protocol.saml.mappers;
|
|||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
|
|
@ -23,8 +24,8 @@ public class UserModelUriReferenceAttributeStatementMapper extends AbstractSAMLP
|
|||
static {
|
||||
ConfigProperty property;
|
||||
property = new ConfigProperty();
|
||||
property.setName(ProtocolMapperUtils.USER_MODEL_PROPERTY);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_PROPERTY);
|
||||
property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_PROPERTY_LABEL);
|
||||
property.setHelpText(ProtocolMapperUtils.USER_MODEL_PROPERTY_HELP_TEXT);
|
||||
configProperties.add(property);
|
||||
AttributeStatementHelper.addUriReferenceProperties(configProperties);
|
||||
|
|
@ -60,10 +61,20 @@ public class UserModelUriReferenceAttributeStatementMapper extends AbstractSAMLP
|
|||
@Override
|
||||
public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession) {
|
||||
UserModel user = userSession.getUser();
|
||||
String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_PROPERTY);
|
||||
String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_PROPERTY_LABEL);
|
||||
String propertyValue = ProtocolMapperUtils.getUserModelValue(user, propertyName);
|
||||
AttributeStatementHelper.addUriReferenceAttribute(attributeStatement, mappingModel, propertyValue);
|
||||
|
||||
}
|
||||
|
||||
public static void addAttributeMapper(RealmModel realm, String name,
|
||||
String userAttribute,
|
||||
String samlAttributeName,
|
||||
String friendlyName,
|
||||
boolean consentRequired, String consentText,
|
||||
boolean appliedByDefault) {
|
||||
String mapperId = PROVIDER_ID;
|
||||
AttributeStatementHelper.addAttributeMapper(realm, name, userAttribute, samlAttributeName, friendlyName, consentRequired, consentText, appliedByDefault, mapperId);
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,54 @@
|
|||
package org.keycloak.protocol;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.provider.ProviderEvent;
|
||||
import org.keycloak.provider.ProviderEventListener;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public abstract class AbstractLoginProtocolFactory implements LoginProtocolFactory {
|
||||
@Override
|
||||
public void init(Config.Scope config) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postInit(KeycloakSessionFactory factory) {
|
||||
KeycloakSession session = factory.create();
|
||||
session.getTransaction().begin();
|
||||
try {
|
||||
List<RealmModel> realms = session.realms().getRealms();
|
||||
for (RealmModel realm : realms) addDefaults(realm);
|
||||
session.getTransaction().commit();
|
||||
} catch (Exception e) {
|
||||
session.getTransaction().rollback();
|
||||
} finally {
|
||||
session.close();
|
||||
}
|
||||
|
||||
factory.register(new ProviderEventListener() {
|
||||
@Override
|
||||
public void onEvent(ProviderEvent event) {
|
||||
if (event instanceof RealmModel.RealmCreationEvent) {
|
||||
RealmModel realm = ((RealmModel.RealmCreationEvent)event).getCreatedRealm();
|
||||
addDefaults(realm);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
}
|
||||
|
||||
protected abstract void addDefaults(RealmModel realm);
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
}
|
||||
}
|
||||
|
|
@ -9,9 +9,10 @@ import java.lang.reflect.Method;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ProtocolMapperUtils {
|
||||
public static final String USER_MODEL_PROPERTY = "User Property";
|
||||
public static final String USER_ATTRIBUTE = "user.attribute";
|
||||
public static final String USER_MODEL_PROPERTY_LABEL = "User Property";
|
||||
public static final String USER_MODEL_PROPERTY_HELP_TEXT = "Name of the property method in the UserModel interface. For example, a value of 'email' would reference the UserModel.getEmail() method.";
|
||||
public static final String USER_MODEL_ATTRIBUTE_NAME = "User Attribute";
|
||||
public static final String USER_MODEL_ATTRIBUTE_LABEL = "User Attribute";
|
||||
public static final String USER_MODEL_ATTRIBUTE_HELP_TEXT = "Name of stored user attribute which is the name of an attribute within the UserModel.attribute map.";
|
||||
|
||||
public static String getUserModelValue(UserModel user, String propertyName) {
|
||||
|
|
|
|||
|
|
@ -1,92 +1,52 @@
|
|||
package org.keycloak.protocol.oidc;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.events.EventBuilder;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.protocol.AbstractLoginProtocolFactory;
|
||||
import org.keycloak.protocol.LoginProtocol;
|
||||
import org.keycloak.protocol.LoginProtocolFactory;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
|
||||
import org.keycloak.protocol.oidc.mappers.OIDCAddressMapper;
|
||||
import org.keycloak.protocol.oidc.mappers.OIDCFullNameMapper;
|
||||
import org.keycloak.protocol.oidc.mappers.OIDCUserModelMapper;
|
||||
import org.keycloak.provider.ProviderEvent;
|
||||
import org.keycloak.provider.ProviderEventListener;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class OIDCLoginProtocolFactory implements LoginProtocolFactory {
|
||||
public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
|
||||
@Override
|
||||
public LoginProtocol create(KeycloakSession session) {
|
||||
return new OIDCLoginProtocol().setSession(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(Config.Scope config) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postInit(KeycloakSessionFactory factory) {
|
||||
KeycloakSession session = factory.create();
|
||||
session.getTransaction().begin();
|
||||
try {
|
||||
List<RealmModel> realms = session.realms().getRealms();
|
||||
for (RealmModel realm : realms) addMappers(realm);
|
||||
session.getTransaction().commit();
|
||||
} catch (Exception e) {
|
||||
session.getTransaction().rollback();
|
||||
} finally {
|
||||
session.close();
|
||||
}
|
||||
|
||||
factory.register(new ProviderEventListener() {
|
||||
@Override
|
||||
public void onEvent(ProviderEvent event) {
|
||||
if (event instanceof RealmModel.RealmCreationEvent) {
|
||||
RealmModel realm = ((RealmModel.RealmCreationEvent)event).getCreatedRealm();
|
||||
addMappers(realm);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
}
|
||||
|
||||
protected void addMappers(RealmModel realm) {
|
||||
protected void addDefaults(RealmModel realm) {
|
||||
int counter = 0;
|
||||
// the ids must never change!!!! So if you add more default mappers, then add to end with higher counter.
|
||||
addClaimMapper(realm, "username", OIDCUserModelMapper.PROVIDER_ID,
|
||||
ProtocolMapperUtils.USER_MODEL_PROPERTY, "username",
|
||||
OIDCUserModelMapper.addClaimMapper(realm, "username",
|
||||
"username",
|
||||
"preferred_username", "String",
|
||||
true, "username",
|
||||
true);
|
||||
addClaimMapper(realm, "email", OIDCUserModelMapper.PROVIDER_ID,
|
||||
ProtocolMapperUtils.USER_MODEL_PROPERTY, "email",
|
||||
OIDCUserModelMapper.addClaimMapper(realm, "email",
|
||||
"email",
|
||||
"email", "String",
|
||||
true, "email",
|
||||
true);
|
||||
addClaimMapper(realm, "given name", OIDCUserModelMapper.PROVIDER_ID,
|
||||
ProtocolMapperUtils.USER_MODEL_PROPERTY, "firstName",
|
||||
OIDCUserModelMapper.addClaimMapper(realm, "given name",
|
||||
"firstName",
|
||||
"given_name", "String",
|
||||
true, "given name",
|
||||
true);
|
||||
addClaimMapper(realm, "family name", OIDCUserModelMapper.PROVIDER_ID,
|
||||
ProtocolMapperUtils.USER_MODEL_PROPERTY, "lastName",
|
||||
OIDCUserModelMapper.addClaimMapper(realm, "family name",
|
||||
"lastName",
|
||||
"family_name", "String",
|
||||
true, "family name",
|
||||
true);
|
||||
addClaimMapper(realm, "email verified", OIDCUserModelMapper.PROVIDER_ID,
|
||||
ProtocolMapperUtils.USER_MODEL_PROPERTY, "emailVerified",
|
||||
OIDCUserModelMapper.addClaimMapper(realm, "email verified",
|
||||
"emailVerified",
|
||||
"email_verified", "boolean",
|
||||
false, null,
|
||||
false);
|
||||
|
|
@ -116,38 +76,11 @@ public class OIDCLoginProtocolFactory implements LoginProtocolFactory {
|
|||
|
||||
}
|
||||
|
||||
protected void addClaimMapper(RealmModel realm, String name, String mapperRef,
|
||||
String propertyName, String propertyNameValue,
|
||||
String tokenClaimName, String claimType,
|
||||
boolean consentRequired, String consentText,
|
||||
boolean appliedByDefault) {
|
||||
ProtocolMapperModel mapper = realm.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, name);
|
||||
if (mapper != null) return;
|
||||
mapper = new ProtocolMapperModel();
|
||||
mapper.setName(name);
|
||||
mapper.setProtocolMapper(mapperRef);
|
||||
mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
|
||||
mapper.setConsentRequired(consentRequired);
|
||||
mapper.setConsentText(consentText);
|
||||
mapper.setAppliedByDefault(appliedByDefault);
|
||||
Map<String, String> config = new HashMap<String, String>();
|
||||
config.put(propertyName, propertyNameValue);
|
||||
config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, tokenClaimName);
|
||||
config.put(OIDCAttributeMapperHelper.JSON_TYPE, claimType);
|
||||
mapper.setConfig(config);
|
||||
realm.addProtocolMapper(mapper);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object createProtocolEndpoint(RealmModel realm, EventBuilder event, AuthenticationManager authManager) {
|
||||
return new OIDCLoginProtocolService(realm, event, authManager);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "openid-connect";
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
package org.keycloak.protocol.oidc.mappers;
|
||||
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
|
||||
import java.util.HashMap;
|
||||
|
|
@ -56,4 +59,27 @@ public class OIDCAttributeMapperHelper {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static void addClaimMapper(RealmModel realm, String name,
|
||||
String userAttribute,
|
||||
String tokenClaimName, String claimType,
|
||||
boolean consentRequired, String consentText,
|
||||
boolean appliedByDefault,
|
||||
String mapperId) {
|
||||
ProtocolMapperModel mapper = realm.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, name);
|
||||
if (mapper != null) return;
|
||||
mapper = new ProtocolMapperModel();
|
||||
mapper.setName(name);
|
||||
mapper.setProtocolMapper(mapperId);
|
||||
mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
|
||||
mapper.setConsentRequired(consentRequired);
|
||||
mapper.setConsentText(consentText);
|
||||
mapper.setAppliedByDefault(appliedByDefault);
|
||||
Map<String, String> config = new HashMap<String, String>();
|
||||
config.put(ProtocolMapperUtils.USER_ATTRIBUTE, userAttribute);
|
||||
config.put(TOKEN_CLAIM_NAME, tokenClaimName);
|
||||
config.put(JSON_TYPE, claimType);
|
||||
mapper.setConfig(config);
|
||||
realm.addProtocolMapper(mapper);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package org.keycloak.protocol.oidc.mappers;
|
|||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
|
|
@ -26,8 +27,8 @@ public class OIDCUserAttributeMapper extends AbstractOIDCProtocolMapper implemen
|
|||
static {
|
||||
ConfigProperty property;
|
||||
property = new ConfigProperty();
|
||||
property.setName(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_NAME);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_NAME);
|
||||
property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_LABEL);
|
||||
property.setHelpText(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_HELP_TEXT);
|
||||
configProperties.add(property);
|
||||
property = new ConfigProperty();
|
||||
|
|
@ -69,11 +70,23 @@ public class OIDCUserAttributeMapper extends AbstractOIDCProtocolMapper implemen
|
|||
public AccessToken transformToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
|
||||
UserSessionModel userSession, ClientSessionModel clientSession) {
|
||||
UserModel user = userSession.getUser();
|
||||
String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_NAME);
|
||||
String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
|
||||
String attributeValue = user.getAttribute(attributeName);
|
||||
if (attributeValue == null) return token;
|
||||
OIDCAttributeMapperHelper.mapClaim(token, mappingModel, attributeValue);
|
||||
return token;
|
||||
}
|
||||
|
||||
public static void addClaimMapper(RealmModel realm, String name,
|
||||
String userAttribute,
|
||||
String tokenClaimName, String claimType,
|
||||
boolean consentRequired, String consentText,
|
||||
boolean appliedByDefault) {
|
||||
OIDCAttributeMapperHelper.addClaimMapper(realm, name, userAttribute,
|
||||
tokenClaimName, claimType,
|
||||
consentRequired, consentText,
|
||||
appliedByDefault, PROVIDER_ID);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package org.keycloak.protocol.oidc.mappers;
|
|||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ProtocolMapperModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
|
|
@ -25,8 +26,8 @@ public class OIDCUserModelMapper extends AbstractOIDCProtocolMapper implements O
|
|||
static {
|
||||
ConfigProperty property;
|
||||
property = new ConfigProperty();
|
||||
property.setName(ProtocolMapperUtils.USER_MODEL_PROPERTY);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_PROPERTY);
|
||||
property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
|
||||
property.setLabel(ProtocolMapperUtils.USER_MODEL_PROPERTY_LABEL);
|
||||
property.setHelpText(ProtocolMapperUtils.USER_MODEL_PROPERTY_HELP_TEXT);
|
||||
configProperties.add(property);
|
||||
property = new ConfigProperty();
|
||||
|
|
@ -43,6 +44,7 @@ public class OIDCUserModelMapper extends AbstractOIDCProtocolMapper implements O
|
|||
public List<ConfigProperty> getConfigProperties() {
|
||||
return configProperties;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return PROVIDER_ID;
|
||||
|
|
@ -67,11 +69,23 @@ public class OIDCUserModelMapper extends AbstractOIDCProtocolMapper implements O
|
|||
public AccessToken transformToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
|
||||
UserSessionModel userSession, ClientSessionModel clientSession) {
|
||||
UserModel user = userSession.getUser();
|
||||
String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_MODEL_PROPERTY);
|
||||
String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
|
||||
String propertyValue = ProtocolMapperUtils.getUserModelValue(user, propertyName);
|
||||
OIDCAttributeMapperHelper.mapClaim(token, mappingModel, propertyValue);
|
||||
|
||||
return token;
|
||||
}
|
||||
|
||||
public static void addClaimMapper(RealmModel realm, String name,
|
||||
String userAttribute,
|
||||
String tokenClaimName, String claimType,
|
||||
boolean consentRequired, String consentText,
|
||||
boolean appliedByDefault) {
|
||||
OIDCAttributeMapperHelper.addClaimMapper(realm, name, userAttribute,
|
||||
tokenClaimName, claimType,
|
||||
consentRequired, consentText,
|
||||
appliedByDefault, PROVIDER_ID);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue