Organizations SPI

Closes #27829

Signed-off-by: vramik <vramik@redhat.com>

common/src/main/java/org/keycloak/common/Profile.java

@@ -116,6 +116,7 @@ public class Profile {
         OID4VC_VCI("Support for the OID4VCI protocol as part of OID4VC.", Type.EXPERIMENTAL),
 
         DECLARATIVE_UI("declarative ui spi", Type.EXPERIMENTAL),
+        ORGANIZATION("Organization support within realms", Type.EXPERIMENTAL),
         ;
 
         private final Type type;

server-spi-private/src/main/java/org/keycloak/organization/OrganizationSpi.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2024 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.organization;
+
+import org.keycloak.common.Profile;
+import org.keycloak.provider.Provider;
+import org.keycloak.provider.ProviderFactory;
+import org.keycloak.provider.Spi;
+
+public class OrganizationSpi implements Spi {
+
+    public static final String NAME = "organization";
+
+    @Override
+    public boolean isInternal() {
+        return true;
+    }
+
+    @Override
+    public String getName() {
+        return NAME;
+    }
+
+    @Override
+    public Class<? extends Provider> getProviderClass() {
+        return OrganizationProvider.class;
+    }
+
+    @Override
+    public Class<? extends ProviderFactory> getProviderFactoryClass() {
+        return OrganizationProviderFactory.class;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION);
+    }
+
+}

server-spi-private/src/main/resources/META-INF/services/org.keycloak.provider.Spi

@@ -97,4 +97,5 @@ org.keycloak.services.cors.CorsSpi
 org.keycloak.userprofile.UserProfileSpi
 org.keycloak.device.DeviceRepresentationSpi
 org.keycloak.health.LoadBalancerCheckSpi
-org.keycloak.cookie.CookieSpi
+org.keycloak.cookie.CookieSpi
+org.keycloak.organization.OrganizationSpi

server-spi/src/main/java/org/keycloak/models/OrganizationModel.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2024 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.models;
+
+public interface OrganizationModel {
+
+    String getId();
+
+    void setName(String name);
+
+    String getName();
+
+    void setDomainName(String domainName);
+
+    String getDomainName();
+}

server-spi/src/main/java/org/keycloak/organization/OrganizationProvider.java

@@ -0,0 +1,104 @@
+/*
+ * Copyright 2024 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.organization;
+
+import java.util.stream.Stream;
+import org.keycloak.models.ModelDuplicateException;
+import org.keycloak.models.OrganizationModel;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.provider.Provider;
+
+public interface OrganizationProvider extends Provider {
+
+    /**
+     * Creates a new organization with given {@code name} to the given realm.
+     * The internal ID of the organization will be created automatically.
+     * @param realm Realm owning this organization.
+     * @param name String name of the organization.
+     * @throws ModelDuplicateException If there is already an organization with the given name 
+     * @return Model of the created organization.
+     */
+    default OrganizationModel createOrganization(RealmModel realm, String name) {
+        return createOrganization(realm, null, name);
+    }
+
+    /**
+     * Creates a new organization with given {@code id} and {@code name} to the given realm.
+     * @param realm Realm owning this organization.
+     * @param id Id of the organization.
+     * @param name String name of the organization.
+     * @throws ModelDuplicateException If there is already an organization with the given id or name
+     * @return Model of the created organization.
+     */
+    OrganizationModel createOrganization(RealmModel realm, String id, String name);
+
+    /**
+     * Removes the given organization from the given realm.
+     *
+     * @param realm Realm.
+     * @param organization Organization to be removed.
+     * @return true if the organization was removed, false if group doesn't exist or doesn't belong to the given realm
+     */
+    boolean removeOrganization(RealmModel realm, OrganizationModel organization);
+
+    /**
+     * Removes all organizations from the given realm.
+     * @param realm Realm.
+     */
+    void removeOrganizations(RealmModel realm);
+
+    /**
+     * Returns the organizations of the given realm as a stream.
+     * @param realm Realm.
+     * @return Stream of the organizations. Never returns {@code null}.
+     */
+    default Stream<OrganizationModel> getOrganizationsStream(RealmModel realm) {
+        return getOrganizationsStream(realm, null, null);
+    }
+
+    /**
+     * Returns the organizations of the given realm as a stream.
+     * @param realm Realm.
+     * @param first First result to return. Ignored if negative or {@code null}.
+     * @param max Maximum number of results to return. Ignored if negative or {@code null}.
+     * @return Stream of the roles. Never returns {@code null}.
+     */
+    Stream<OrganizationModel> getOrganizationsStream(RealmModel realm, Integer first, Integer max);
+
+    /**
+     * Obtains users that belong to the given organization.
+     *
+     * @param realm a reference to the realm.
+     * @param organization a reference to the organization.
+     * @return a non-null {@link Stream} of users that belong to the organization.
+     */
+    default Stream<UserModel> getMembersStream(RealmModel realm, OrganizationModel organization) {
+        return getMembersStream(realm, organization, null, null);
+    }
+
+    /**
+     * Obtains users that belong to the given organization.
+     *
+     * @param realm a reference to the realm.
+     * @param organization a reference to the organization.
+     * @param first first result to return. Ignored if negative, zero, or {@code null}.
+     * @param max  maximum number of results to return. Ignored if negative or {@code null}.
+     * @return a non-null {@link Stream} of users that belong to the organization.
+     */
+    Stream<UserModel> getMembersStream(RealmModel realm, OrganizationModel group, Integer first, Integer max);
+}

server-spi/src/main/java/org/keycloak/organization/OrganizationProviderFactory.java

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2024 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.organization;
+
+import org.keycloak.provider.ProviderFactory;
+
+public interface OrganizationProviderFactory extends ProviderFactory<OrganizationProvider> {
+}