Merge pull request #976 from patriot1burke/master

client to protocol mapping model

connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.Beta1.xml

@@ -63,6 +63,14 @@
                 <constraints nullable="false"/>
             </column>
         </createTable>
+        <createTable tableName="CLIENT_PROTOCOL_CLAIM_MAPPING">
+            <column name="CLIENT_ID" type="VARCHAR(36)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="MAPPING_ID" type="VARCHAR(36)">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
         <addColumn tableName="CLIENT">
             <column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false"/>
         </addColumn>
@@ -78,6 +86,8 @@
         <addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="IDENTITY_PROVIDER_CONFIG" constraintName="FKDC4897CF864C4E43" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER"/>
         <addForeignKeyConstraint baseColumnNames="INTERNAL_ID" baseTableName="CLIENT_ALLOWED_IDENTITY_PROVIDER" constraintName="FK_7CELWNIBJI49AVXSRTUF6XJ12" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER"/>
         <addUniqueConstraint columnNames="INTERNAL_ID,CLIENT_ID" constraintName="UK_7CAELWNIBJI49AVXSRTUF6XJ12" tableName="CLIENT_ALLOWED_IDENTITY_PROVIDER"/>
+        <addForeignKeyConstraint baseColumnNames="MAPPING_ID" baseTableName="CLIENT_PROTOCOL_CLAIM_MAPPING" constraintName="FK_CPCM" referencedColumnNames="ID" referencedTableName="PROTOCOL_CLAIM_MAPPING"/>
+        <addUniqueConstraint columnNames="CLIENT_ID,MAPPING_ID" constraintName="UK_CPCM" tableName="CLIENT_PROTOCOL_CLAIM_MAPPING"/>
         <addUniqueConstraint columnNames="PROVIDER_NONIMAL_ID" constraintName="UK_2DAELWNIBJI49AVXSRTUF6XJ33" tableName="IDENTITY_PROVIDER"/>
     </changeSet>
 </databaseChangeLog>

core/src/main/java/org/keycloak/representations/idm/ApplicationRepresentation.java

@@ -2,6 +2,7 @@ package org.keycloak.representations.idm;
 
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -29,6 +30,7 @@ public class ApplicationRepresentation {
     protected Integer nodeReRegistrationTimeout;
     protected Map<String, Integer> registeredNodes;
     protected List<String> allowedIdentityProviders;
+    protected Set<String> protocolClaimMappings;
 
     public String getId() {
         return id;
@@ -197,4 +199,12 @@ public class ApplicationRepresentation {
     public void setAllowedIdentityProviders(List<String> allowedIdentityProviders) {
         this.allowedIdentityProviders = allowedIdentityProviders;
     }
+
+    public Set<String> getProtocolClaimMappings() {
+        return protocolClaimMappings;
+    }
+
+    public void setProtocolClaimMappings(Set<String> protocolClaimMappings) {
+        this.protocolClaimMappings = protocolClaimMappings;
+    }
 }

core/src/main/java/org/keycloak/representations/idm/OAuthClientRepresentation.java

@@ -2,6 +2,7 @@ package org.keycloak.representations.idm;
 
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -23,6 +24,7 @@ public class OAuthClientRepresentation {
     protected Boolean fullScopeAllowed;
     protected Boolean frontchannelLogout;
     protected List<String> allowedIdentityProviders;
+    protected Set<String> protocolClaimMappings;
 
 
     public String getId() {
@@ -144,4 +146,12 @@ public class OAuthClientRepresentation {
     public void setAllowedIdentityProviders(List<String> allowedIdentityProviders) {
         this.allowedIdentityProviders = allowedIdentityProviders;
     }
+
+    public Set<String> getProtocolClaimMappings() {
+        return protocolClaimMappings;
+    }
+
+    public void setProtocolClaimMappings(Set<String> protocolClaimMappings) {
+        this.protocolClaimMappings = protocolClaimMappings;
+    }
 }

core/src/main/java/org/keycloak/representations/idm/ProtocolClaimMappingRepresentation.java

@@ -0,0 +1,64 @@
+package org.keycloak.representations.idm;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class ProtocolClaimMappingRepresentation {
+    protected String id;
+    protected String protocolClaim;
+    protected String protocol;
+    protected String source;
+    protected String sourceAttribute;
+    protected boolean appliedByDefault;
+
+
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    public String getProtocolClaim() {
+        return protocolClaim;
+    }
+
+    public void setProtocolClaim(String protocolClaim) {
+        this.protocolClaim = protocolClaim;
+    }
+
+    public String getProtocol() {
+        return protocol;
+    }
+
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    public String getSourceAttribute() {
+        return sourceAttribute;
+    }
+
+    public void setSourceAttribute(String sourceAttribute) {
+        this.sourceAttribute = sourceAttribute;
+    }
+
+    public boolean isAppliedByDefault() {
+        return appliedByDefault;
+    }
+
+    public void setAppliedByDefault(boolean appliedByDefault) {
+        this.appliedByDefault = appliedByDefault;
+    }
+
+    public String getSource() {
+        return source;
+    }
+
+    public void setSource(String source) {
+        this.source = source;
+    }
+
+}

core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java

@@ -64,6 +64,7 @@ public class RealmRepresentation {
     protected List<String> eventsListeners;
     private List<IdentityProviderRepresentation> identityProviders;
     private List<ClaimTypeRepresentation> claimTypes;
+    private List<ProtocolClaimMappingRepresentation> protocolClaimMappings;
     private Boolean identityFederationEnabled;
 
     public String getId() {
@@ -490,4 +491,12 @@ public class RealmRepresentation {
     public void setClaimTypes(List<ClaimTypeRepresentation> claimTypes) {
         this.claimTypes = claimTypes;
     }
+
+    public List<ProtocolClaimMappingRepresentation> getProtocolClaimMappings() {
+        return protocolClaimMappings;
+    }
+
+    public void setProtocolClaimMappings(List<ProtocolClaimMappingRepresentation> protocolClaimMappings) {
+        this.protocolClaimMappings = protocolClaimMappings;
+    }
 }

model/api/src/main/java/org/keycloak/models/ClaimTypeModel.java

@@ -12,10 +12,10 @@ public class ClaimTypeModel {
         STRING
     }
 
-    private final String id;
+    private String id;
-    private final String name;
+    private String name;
-    private final boolean builtIn;
+    private boolean builtIn;
-    private final ValueType type;
+    private ValueType type;
 
     public ClaimTypeModel(ClaimTypeModel copy) {
         this(copy.getId(), copy.getName(), copy.isBuiltIn(), copy.getType());
@@ -28,6 +28,9 @@ public class ClaimTypeModel {
         this.type = type;
     }
 
+    public ClaimTypeModel() {
+    }
+
     public String getId() {
         return id;
     }
@@ -44,6 +47,22 @@ public class ClaimTypeModel {
         return type;
     }
 
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public void setBuiltIn(boolean builtIn) {
+        this.builtIn = builtIn;
+    }
+
+    public void setType(ValueType type) {
+        this.type = type;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;

model/api/src/main/java/org/keycloak/models/ClientModel.java

@@ -104,10 +104,7 @@ public interface ClientModel {
 
     boolean hasIdentityProvider(String providerId);
 
-    /*
+    Set<ProtocolClaimMappingModel> getProtocolClaimMappings();
-    Set<ProtocolClaimMapping> getClaimMappings();
+    void addProtocolClaimMappings(Set<String> mappingIds);
-    ProtocolClaimMapping getClaimMapping(String protocolClaim);
+    void removeProtocolClaimMappings(Set<String> mappingIds);
-    ProtocolClaimMapping addClaimMapping(String assertion, String protocol, ClaimTypeModel claimType);
-    void removeClaimMapping(ProtocolClaimMapping mapping);
-    */
 }

model/api/src/main/java/org/keycloak/models/RealmModel.java

@@ -225,14 +225,13 @@ public interface RealmModel extends RoleContainerModel {
     boolean isIdentityFederationEnabled();
 
     Set<ClaimTypeModel> getClaimTypes();
-    ClaimTypeModel addClaimType(String name, ClaimTypeModel.ValueType type, boolean builtIn);
+    ClaimTypeModel addClaimType(ClaimTypeModel model);
     void removeClaimType(ClaimTypeModel claimType);
     ClaimTypeModel getClaimType(String name);
     void updateClaimType(ClaimTypeModel claimType);
 
     Set<ProtocolClaimMappingModel> getProtocolClaimMappings();
-    ProtocolClaimMappingModel addProtocolClaimMapping(String protocolClaim, String protocol, String sourceAttribute,
+    ProtocolClaimMappingModel addProtocolClaimMapping(ProtocolClaimMappingModel model);
-                                                      ProtocolClaimMappingModel.Source source, boolean appliedByDefault);
     void removeProtocolClaimMapping(ProtocolClaimMappingModel mapping);
     void updateProtocolClaimMapping(ProtocolClaimMappingModel mapping);
     public ProtocolClaimMappingModel getProtocolClaimMappingById(String id);

model/api/src/main/java/org/keycloak/models/entities/ClientEntity.java

@@ -2,8 +2,10 @@ package org.keycloak.models.entities;
 
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -28,6 +30,7 @@ public class ClientEntity extends AbstractIdentifiableEntity {
     private List<String> redirectUris = new ArrayList<String>();
     private List<String> scopeIds = new ArrayList<String>();
     private List<String> allowedIdentityProviders = new ArrayList<String>();
+    private Set<String> protocolClaimMappings = new HashSet<String>();
 
     public String getName() {
         return name;
@@ -148,4 +151,12 @@ public class ClientEntity extends AbstractIdentifiableEntity {
     public void setAllowedIdentityProviders(List<String> allowedIdentityProviders) {
         this.allowedIdentityProviders = allowedIdentityProviders;
     }
+
+    public Set<String> getProtocolClaimMappings() {
+        return protocolClaimMappings;
+    }
+
+    public void setProtocolClaimMappings(Set<String> protocolClaimMappings) {
+        this.protocolClaimMappings = protocolClaimMappings;
+    }
 }

model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java

@@ -8,6 +8,7 @@ import org.keycloak.models.ClientSessionModel;
 import org.keycloak.models.FederatedIdentityModel;
 import org.keycloak.models.IdentityProviderModel;
 import org.keycloak.models.OAuthClientModel;
+import org.keycloak.models.ProtocolClaimMappingModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RequiredCredentialModel;
 import org.keycloak.models.RoleModel;
@@ -22,6 +23,7 @@ import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.representations.idm.FederatedIdentityRepresentation;
 import org.keycloak.representations.idm.IdentityProviderRepresentation;
 import org.keycloak.representations.idm.OAuthClientRepresentation;
+import org.keycloak.representations.idm.ProtocolClaimMappingRepresentation;
 import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
@@ -155,6 +157,10 @@ public class ModelToRepresentation {
             rep.getClaimTypes().add(toRepresentation(claimType));
         }
 
+        for (ProtocolClaimMappingModel mapping : realm.getProtocolClaimMappings()) {
+            rep.getProtocolClaimMappings().add(toRepresentation(mapping));
+        }
+
         return rep;
     }
 
@@ -259,6 +265,12 @@ public class ModelToRepresentation {
             rep.setAllowedIdentityProviders(applicationModel.getAllowedIdentityProviders());
         }
 
+        if (!applicationModel.getProtocolClaimMappings().isEmpty()) {
+            Set<String> mappings = new HashSet<String>();
+            for (ProtocolClaimMappingModel model : applicationModel.getProtocolClaimMappings()) mappings.add(model.getId());
+            rep.setProtocolClaimMappings(mappings);
+        }
+
         return rep;
     }
 
@@ -288,6 +300,11 @@ public class ModelToRepresentation {
             rep.setAllowedIdentityProviders(model.getAllowedIdentityProviders());
         }
 
+        if (!model.getProtocolClaimMappings().isEmpty()) {
+            Set<String> mappings = new HashSet<String>();
+            for (ProtocolClaimMappingModel mappingMoel : model.getProtocolClaimMappings()) mappings.add(mappingMoel.getId());
+            rep.setProtocolClaimMappings(mappings);
+        }
         return rep;
     }
 
@@ -320,6 +337,17 @@ public class ModelToRepresentation {
         return providerRep;
     }
 
+    public static ProtocolClaimMappingRepresentation toRepresentation(ProtocolClaimMappingModel model) {
+        ProtocolClaimMappingRepresentation rep = new ProtocolClaimMappingRepresentation();
+        rep.setId(model.getId());
+        rep.setProtocol(model.getProtocol());
+        rep.setProtocolClaim(model.getProtocolClaim());
+        rep.setSourceAttribute(model.getSourceAttribute());
+        rep.setSource(model.getSource().name());
+        rep.setAppliedByDefault(model.isAppliedByDefault());
+        return rep;
+    }
+
     public static ClaimTypeRepresentation toRepresentation(ClaimTypeModel claimType) {
         ClaimTypeRepresentation rep = new ClaimTypeRepresentation();
         rep.setId(claimType.getId());

model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java

@@ -6,12 +6,14 @@ import org.keycloak.enums.SslRequired;
 import org.keycloak.models.ApplicationModel;
 import org.keycloak.models.BrowserSecurityHeaders;
 import org.keycloak.models.ClaimMask;
+import org.keycloak.models.ClaimTypeModel;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.FederatedIdentityModel;
 import org.keycloak.models.IdentityProviderModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.OAuthClientModel;
 import org.keycloak.models.PasswordPolicy;
+import org.keycloak.models.ProtocolClaimMappingModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserCredentialModel;
@@ -20,10 +22,12 @@ import org.keycloak.models.UserFederationProviderModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.representations.idm.ApplicationRepresentation;
 import org.keycloak.representations.idm.ClaimRepresentation;
+import org.keycloak.representations.idm.ClaimTypeRepresentation;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.representations.idm.FederatedIdentityRepresentation;
 import org.keycloak.representations.idm.IdentityProviderRepresentation;
 import org.keycloak.representations.idm.OAuthClientRepresentation;
+import org.keycloak.representations.idm.ProtocolClaimMappingRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.ScopeMappingRepresentation;
@@ -113,6 +117,8 @@ public class RepresentationToModel {
         if (rep.getPasswordPolicy() != null) newRealm.setPasswordPolicy(new PasswordPolicy(rep.getPasswordPolicy()));
 
         importIdentityProviders(rep, newRealm);
+        importClaimTypes(rep, newRealm);
+        importProtocolClaimMappings(rep, newRealm);
 
         if (rep.getApplications() != null) {
             Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
@@ -454,6 +460,10 @@ public class RepresentationToModel {
             applicationModel.setAllowedClaimsMask(ClaimMask.ALL);
         }
 
+        if (resourceRep.getProtocolClaimMappings() != null) {
+            applicationModel.addProtocolClaimMappings(resourceRep.getProtocolClaimMappings());
+        }
+
         return applicationModel;
     }
 
@@ -626,6 +636,11 @@ public class RepresentationToModel {
         if (rep.getAllowedIdentityProviders() != null) {
             model.updateAllowedIdentityProviders(rep.getAllowedIdentityProviders());
         }
+
+        if (rep.getProtocolClaimMappings() != null) {
+            model.addProtocolClaimMappings(rep.getProtocolClaimMappings());
+        }
+
     }
 
     // Scope mappings
@@ -749,6 +764,21 @@ public class RepresentationToModel {
             }
         }
     }
+    private static void importClaimTypes(RealmRepresentation rep, RealmModel newRealm) {
+        if (rep.getClaimTypes() != null) {
+            for (ClaimTypeRepresentation representation : rep.getClaimTypes()) {
+                newRealm.addClaimType(toModel(representation));
+            }
+        }
+    }
+
+    private static void importProtocolClaimMappings(RealmRepresentation rep, RealmModel newRealm) {
+        if (rep.getProtocolClaimMappings() != null) {
+            for (ProtocolClaimMappingRepresentation representation : rep.getProtocolClaimMappings()) {
+                newRealm.addProtocolClaimMapping(toModel(representation));
+            }
+        }
+    }
 
     public static IdentityProviderModel toModel(IdentityProviderRepresentation representation) {
         IdentityProviderModel identityProviderModel = new IdentityProviderModel();
@@ -765,4 +795,24 @@ public class RepresentationToModel {
 
         return identityProviderModel;
     }
+
+    public static ClaimTypeModel toModel(ClaimTypeRepresentation rep) {
+        ClaimTypeModel model = new ClaimTypeModel();
+        model.setId(rep.getId());
+        model.setType(ClaimTypeModel.ValueType.valueOf(rep.getType()));
+        model.setBuiltIn(rep.isBuiltIn());
+        model.setName(rep.getName());
+        return model;
+    }
+
+    public static ProtocolClaimMappingModel toModel(ProtocolClaimMappingRepresentation rep) {
+        ProtocolClaimMappingModel model = new ProtocolClaimMappingModel();
+        model.setId(rep.getId());
+        model.setAppliedByDefault(rep.isAppliedByDefault());
+        model.setSource(ProtocolClaimMappingModel.Source.valueOf(rep.getSource()));
+        model.setSourceAttribute(rep.getSourceAttribute());
+        model.setProtocol(rep.getProtocol());
+        model.setProtocolClaim(rep.getProtocolClaim());
+        return model;
+    }
 }

model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ClientAdapter.java

@@ -1,6 +1,7 @@
 package org.keycloak.models.cache;
 
 import org.keycloak.models.ClientModel;
+import org.keycloak.models.ProtocolClaimMappingModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleContainerModel;
 import org.keycloak.models.RoleModel;
@@ -278,4 +279,23 @@ public abstract class ClientAdapter implements ClientModel {
         if (updatedClient != null) return updatedClient.hasIdentityProvider(providerId);
         return cachedClient.hasIdentityProvider(providerId);
     }
+
+    @Override
+    public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
+        if (updatedClient != null) return updatedClient.getProtocolClaimMappings();
+        return cachedClient.getProtocolClaimMappings();    }
+
+    @Override
+    public void addProtocolClaimMappings(Set<String> mappingIds) {
+        getDelegateForUpdate();
+        updatedClient.addProtocolClaimMappings(mappingIds);
+
+    }
+
+    @Override
+    public void removeProtocolClaimMappings(Set<String> mappingIds) {
+        getDelegateForUpdate();
+        updatedClient.removeProtocolClaimMappings(mappingIds);
+
+    }
 }

model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java

@@ -857,9 +857,9 @@ public class RealmAdapter implements RealmModel {
     }
 
     @Override
-    public ClaimTypeModel addClaimType(String name, ClaimTypeModel.ValueType type, boolean builtIn) {
+    public ClaimTypeModel addClaimType(ClaimTypeModel claimType) {
         getDelegateForUpdate();
-        return updated.addClaimType(name, type, builtIn);
+        return updated.addClaimType(claimType);
     }
 
     @Override
@@ -892,9 +892,9 @@ public class RealmAdapter implements RealmModel {
      }
 
     @Override
-    public ProtocolClaimMappingModel addProtocolClaimMapping(String protocolClaim, String protocol, String sourceAttribute, ProtocolClaimMappingModel.Source source, boolean appliedByDefault) {
+    public ProtocolClaimMappingModel addProtocolClaimMapping(ProtocolClaimMappingModel model) {
         getDelegateForUpdate();
-        return updated.addProtocolClaimMapping(protocolClaim, protocol, sourceAttribute, source, appliedByDefault);
+        return updated.addProtocolClaimMapping(model);
     }
 
     @Override

model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedClient.java

@@ -1,6 +1,7 @@
 package org.keycloak.models.cache.entities;
 
 import org.keycloak.models.ClientModel;
+import org.keycloak.models.ProtocolClaimMappingModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RealmProvider;
 import org.keycloak.models.RoleModel;
@@ -35,6 +36,7 @@ public class CachedClient {
     protected Set<String> scope = new HashSet<String>();
     protected Set<String> webOrigins = new HashSet<String>();
     private List<String> allowedIdentityProviders = new ArrayList<String>();
+    private Set<ProtocolClaimMappingModel> protocolClaimMappings = new HashSet<ProtocolClaimMappingModel>();
 
     public CachedClient(RealmCache cache, RealmProvider delegate, RealmModel realm, ClientModel model) {
         id = model.getId();
@@ -56,6 +58,7 @@ public class CachedClient {
             scope.add(role.getId());
         }
         this.allowedIdentityProviders = model.getAllowedIdentityProviders();
+        protocolClaimMappings.addAll(model.getProtocolClaimMappings());
     }
 
     public String getId() {
@@ -122,10 +125,6 @@ public class CachedClient {
         return frontchannelLogout;
     }
 
-    public void setFrontchannelLogout(boolean frontchannelLogout) {
-        this.frontchannelLogout = frontchannelLogout;
-    }
-
     public List<String> getAllowedIdentityProviders() {
         return this.allowedIdentityProviders;
     }
@@ -137,4 +136,8 @@ public class CachedClient {
 
         return this.allowedIdentityProviders.contains(providerId);
     }
+
+    public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
+        return protocolClaimMappings;
+    }
 }

model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java

@@ -1,11 +1,13 @@
 package org.keycloak.models.jpa;
 
 import org.keycloak.models.ClientModel;
+import org.keycloak.models.ProtocolClaimMappingModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleContainerModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.jpa.entities.ClientEntity;
 import org.keycloak.models.jpa.entities.IdentityProviderEntity;
+import org.keycloak.models.jpa.entities.ProtocolClaimMappingEntity;
 import org.keycloak.models.jpa.entities.RoleEntity;
 import org.keycloak.models.jpa.entities.ScopeMappingEntity;
 
@@ -15,6 +17,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -352,4 +355,53 @@ public abstract class ClientAdapter implements ClientModel {
         }
         return false;
     }
+
+    @Override
+    public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
+        Set<ProtocolClaimMappingModel> mappings = new HashSet<ProtocolClaimMappingModel>();
+        for (ProtocolClaimMappingEntity entity : this.entity.getProtocolClaimMappings()) {
+            ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();
+            mapping.setId(entity.getId());
+            mapping.setProtocol(entity.getProtocol());
+            mapping.setProtocolClaim(entity.getProtocolClaim());
+            mapping.setAppliedByDefault(entity.isAppliedByDefault());
+            mapping.setSource(ProtocolClaimMappingModel.Source.valueOf(entity.getSource()));
+            mapping.setSourceAttribute(entity.getSourceAttribute());
+            mappings.add(mapping);
+        }
+        return mappings;
+    }
+
+    @Override
+    public void addProtocolClaimMappings(Set<String> mappings) {
+        Collection<ProtocolClaimMappingEntity> entities = entity.getProtocolClaimMappings();
+        Set<String> already = new HashSet<String>();
+        for (ProtocolClaimMappingEntity rel : entities) {
+            already.add(rel.getId());
+        }
+        for (String providerId : mappings) {
+            if (!already.contains(providerId)) {
+                ProtocolClaimMappingEntity mapping = em.find(ProtocolClaimMappingEntity.class, providerId);
+                if (mapping != null) {
+                    entities.add(mapping);
+                }
+            }
+        }
+        em.flush();
+    }
+
+    @Override
+    public void removeProtocolClaimMappings(Set<String> mappings) {
+        Collection<ProtocolClaimMappingEntity> entities = entity.getProtocolClaimMappings();
+        List<ProtocolClaimMappingEntity> remove = new LinkedList<ProtocolClaimMappingEntity>();
+        for (ProtocolClaimMappingEntity rel : entities) {
+            if (mappings.contains(rel.getId())) remove.add(rel);
+        }
+        for (ProtocolClaimMappingEntity entity : remove) {
+            entities.remove(entity);
+        }
+        em.flush();
+    }
+
+
 }

model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java

@@ -93,7 +93,7 @@ public class JpaRealmProvider implements RealmProvider {
             adapter.removeOAuthClient(oauth.getId());
         }
 
-       em.remove(realm);
+        em.remove(realm);
         return true;
     }
 

model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java

@@ -1206,15 +1206,16 @@ public class RealmAdapter implements RealmModel {
     }
 
     @Override
-    public ClaimTypeModel addClaimType(String name, ClaimTypeModel.ValueType type, boolean builtIn) {
+    public ClaimTypeModel addClaimType(ClaimTypeModel model) {
+        String id = model.getId() == null ? KeycloakModelUtils.generateId() : model.getId();
         ClaimTypeEntity claimEntity = new ClaimTypeEntity();
-        claimEntity.setId(KeycloakModelUtils.generateId());
+        claimEntity.setId(id);
-        claimEntity.setType(type.name());
+        claimEntity.setType(model.getType().name());
-        claimEntity.setBuiltIn(builtIn);
+        claimEntity.setBuiltIn(model.isBuiltIn());
         claimEntity.setRealm(realm);
         em.persist(claimEntity);
         realm.getClaimTypes().add(claimEntity);
-        return new ClaimTypeModel(claimEntity.getId(), name, builtIn, type);
+        return new ClaimTypeModel(claimEntity.getId(), model.getName(), model.isBuiltIn(), model.getType());
     }
 
     protected ClaimTypeEntity getClaimTypeEntity(ClaimTypeModel claim) {
@@ -1272,14 +1273,15 @@ public class RealmAdapter implements RealmModel {
     }
 
     @Override
-    public ProtocolClaimMappingModel addProtocolClaimMapping(String protocolClaim, String protocol, String sourceAttribute, ProtocolClaimMappingModel.Source source, boolean appliedByDefault) {
+    public ProtocolClaimMappingModel addProtocolClaimMapping(ProtocolClaimMappingModel model) {
+        String id = model.getId() == null ? KeycloakModelUtils.generateId() : model.getId();
         ProtocolClaimMappingEntity entity = new ProtocolClaimMappingEntity();
-        entity.setId(KeycloakModelUtils.generateId());
+        entity.setId(id);
-        entity.setSourceAttribute(sourceAttribute);
+        entity.setSourceAttribute(model.getSourceAttribute());
-        entity.setProtocol(protocol);
+        entity.setProtocol(model.getProtocol());
-        entity.setProtocolClaim(protocolClaim);
+        entity.setProtocolClaim(model.getProtocolClaim());
-        entity.setSource(source.name());
+        entity.setSource(model.getSource().name());
-        entity.setAppliedByDefault(appliedByDefault);
+        entity.setAppliedByDefault(model.isAppliedByDefault());
         entity.setRealm(realm);
         em.persist(entity);
         ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();

model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java

@@ -1,5 +1,6 @@
 package org.keycloak.models.jpa.entities;
 
+import javax.persistence.CascadeType;
 import javax.persistence.CollectionTable;
 import javax.persistence.Column;
 import javax.persistence.ElementCollection;
@@ -76,6 +77,10 @@ public abstract class ClientEntity {
     @JoinTable(name="CLIENT_ALLOWED_IDENTITY_PROVIDER", joinColumns = { @JoinColumn(name="CLIENT_ID")}, inverseJoinColumns = { @JoinColumn(name="INTERNAL_ID")})
     Collection<IdentityProviderEntity> allowedIdentityProviders = new ArrayList<IdentityProviderEntity>();
 
+    @OneToMany(cascade ={CascadeType.REMOVE})
+    @JoinTable(name="CLIENT_PROTOCOL_CLAIM_MAPPING", joinColumns = { @JoinColumn(name="CLIENT_ID")}, inverseJoinColumns = { @JoinColumn(name="MAPPING_ID")})
+    Collection<ProtocolClaimMappingEntity> protocolClaimMappings = new ArrayList<ProtocolClaimMappingEntity>();
+
     public RealmEntity getRealm() {
         return realm;
     }
@@ -195,4 +200,12 @@ public abstract class ClientEntity {
     public void setAllowedIdentityProviders(Collection<IdentityProviderEntity> allowedIdentityProviders) {
         this.allowedIdentityProviders = allowedIdentityProviders;
     }
+
+    public Collection<ProtocolClaimMappingEntity> getProtocolClaimMappings() {
+        return protocolClaimMappings;
+    }
+
+    public void setProtocolClaimMappings(Collection<ProtocolClaimMappingEntity> protocolClaimMappings) {
+        this.protocolClaimMappings = protocolClaimMappings;
+    }
 }

model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java

@@ -138,4 +138,6 @@ public class IdentityProviderEntity {
     public void setConfig(Map<String, String> config) {
         this.config = config;
     }
+
+
 }

model/jpa/src/main/java/org/keycloak/models/jpa/entities/ProtocolClaimMappingEntity.java

@@ -95,4 +95,21 @@ public class ProtocolClaimMappingEntity {
     public void setRealm(RealmEntity realm) {
         this.realm = realm;
     }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+
+        ProtocolClaimMappingEntity that = (ProtocolClaimMappingEntity) o;
+
+        if (!id.equals(that.id)) return false;
+
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        return id.hashCode();
+    }
 }

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java

@@ -4,6 +4,7 @@ import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
 import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.ProtocolClaimMappingModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RealmProvider;
 import org.keycloak.models.RoleModel;
@@ -291,6 +292,29 @@ public abstract class ClientAdapter<T extends MongoIdentifiableEntity> extends A
         return copy;
     }
 
+    @Override
+    public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
+        Set<ProtocolClaimMappingModel> result = new HashSet<ProtocolClaimMappingModel>();
+        for (String id : getMongoEntityAsClient().getProtocolClaimMappings()) {
+            ProtocolClaimMappingModel model = getRealm().getProtocolClaimMappingById(id);
+            if (model != null) result.add(model);
+        }
+        return result;
+    }
+
+    @Override
+    public void addProtocolClaimMappings(Set<String> mappingIds) {
+        getMongoEntityAsClient().getProtocolClaimMappings().addAll(mappingIds);
+        updateMongoEntity();
+
+    }
+
+    @Override
+    public void removeProtocolClaimMappings(Set<String> mappingIds) {
+        getMongoEntityAsClient().getProtocolClaimMappings().removeAll(mappingIds);
+        updateMongoEntity();
+    }
+
     @Override
     public void updateAllowedIdentityProviders(List<String> identityProviders) {
         List<String> providerIds = new ArrayList<String>();

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java

@@ -802,14 +802,15 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
     }
 
     @Override
-    public ProtocolClaimMappingModel addProtocolClaimMapping(String protocolClaim, String protocol, String sourceAttribute, ProtocolClaimMappingModel.Source source, boolean appliedByDefault) {
+    public ProtocolClaimMappingModel addProtocolClaimMapping(ProtocolClaimMappingModel model) {
         ProtocolClaimMappingEntity entity = new ProtocolClaimMappingEntity();
-        entity.setId(KeycloakModelUtils.generateId());
+        if (model.getId() != null) entity.setId(model.getId());
-        entity.setSourceAttribute(sourceAttribute);
+        else entity.setId(KeycloakModelUtils.generateId());
-        entity.setProtocol(protocol);
+        entity.setSourceAttribute(model.getSourceAttribute());
-        entity.setProtocolClaim(protocolClaim);
+        entity.setProtocol(model.getProtocol());
-        entity.setSource(source);
+        entity.setProtocolClaim(model.getProtocolClaim());
-        entity.setAppliedByDefault(appliedByDefault);
+        entity.setSource(model.getSource());
+        entity.setAppliedByDefault(model.isAppliedByDefault());
         realm.getClaimMappings().add(entity);
         updateRealm();
         ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();
@@ -881,13 +882,14 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
     }
 
     @Override
-    public ClaimTypeModel addClaimType(String name, ClaimTypeModel.ValueType type, boolean builtIn) {
+    public ClaimTypeModel addClaimType(ClaimTypeModel model) {
-        ClaimTypeModel claim = new ClaimTypeModel(KeycloakModelUtils.generateId(), name, builtIn, type);
+        String id = model.getId() == null ? KeycloakModelUtils.generateId() : model.getId();
+        ClaimTypeModel claim = new ClaimTypeModel(id, model.getName(), model.isBuiltIn(), model.getType());
         ClaimTypeEntity entity = new ClaimTypeEntity();
         entity.setId(claim.getId());
-        entity.setType(type);
+        entity.setType(model.getType());
-        entity.setBuiltIn(builtIn);
+        entity.setBuiltIn(model.isBuiltIn());
-        entity.setName(name);
+        entity.setName(model.getName());
         realm.getClaimTypes().add(entity);
         updateRealm();
         return claim;