libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

refactor for broker mappers

Browse source
This commit is contained in:
Bill Burke 2015-04-13 09:45:23 -04:00
parent a42a750ebb
commit d2a5403527
35 changed files with 690 additions and 370 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
broker/core/src/main/java/org/keycloak/broker/provider/AbstractIdentityProvider.java
View file

@ -18,8 +18,10 @@
package org.keycloak.broker.provider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import javax.ws.rs.core.Response;
@ -59,4 +61,19 @@ public abstract class AbstractIdentityProvider<C extends IdentityProviderModel>
public Response keycloakInitiatedBrowserLogout(UserSessionModel userSession, UriInfo uriInfo, RealmModel realm) {
return null;
}
@Override
public void attachUserSession(UserSessionModel userSession, ClientSessionModel clientSession, BrokeredIdentityContext context) {
}
@Override
public void importNewUser(UserModel user, BrokeredIdentityContext context) {
}
@Override
public void updateBrokeredUser(UserModel user, BrokeredIdentityContext context) {
}
}

171
broker/core/src/main/java/org/keycloak/broker/provider/BrokeredIdentityContext.java Executable file
View file

@ -0,0 +1,171 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.broker.provider;
import org.keycloak.models.IdentityProviderModel;
import java.util.HashMap;
import java.util.Map;
/**
* <p>Represents all identity information obtained from an {@link org.keycloak.broker.provider.IdentityProvider} after a
* successful authentication.</p>
*
* @author Pedro Igor
*/
public class BrokeredIdentityContext {
private String id;
private String username;
private String email;
private String firstName;
private String lastName;
private String brokerSessionId;
private String brokerUserId;
private String code;
private String token;
private IdentityProviderModel idpConfig;
private IdentityProvider idp;
private Map<String, Object> contextData = new HashMap<>();
public BrokeredIdentityContext(String id) {
if (id == null) {
throw new RuntimeException("No identifier provider for identity.");
}
this.id = id;
}
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getBrokerSessionId() {
return brokerSessionId;
}
public void setBrokerSessionId(String brokerSessionId) {
this.brokerSessionId = brokerSessionId;
}
public String getBrokerUserId() {
return brokerUserId;
}
public void setBrokerUserId(String brokerUserId) {
this.brokerUserId = brokerUserId;
}
public String getToken() {
return token;
}
public void setToken(String token) {
this.token = token;
}
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public IdentityProviderModel getIdpConfig() {
return idpConfig;
}
public void setIdpConfig(IdentityProviderModel idpConfig) {
this.idpConfig = idpConfig;
}
public IdentityProvider getIdp() {
return idp;
}
public void setIdp(IdentityProvider idp) {
this.idp = idp;
}
public Map<String, Object> getContextData() {
return contextData;
}
public void setContextData(Map<String, Object> contextData) {
this.contextData = contextData;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public void setName(String name) {
if (name != null) {
int i = name.lastIndexOf(' ');
if (i != -1) {
firstName = name.substring(0, i);
lastName = name.substring(i + 1);
} else {
firstName = name;
}
}
}
@Override
public String toString() {
return "{" +
"id='" + id + '\'' +
", username='" + username + '\'' +
", email='" + email + '\'' +
'}';
}
}

21
broker/core/src/main/java/org/keycloak/broker/provider/IdentityProvider.java
View file

@ -18,9 +18,11 @@
package org.keycloak.broker.provider;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.provider.Provider;
@ -38,15 +40,22 @@ public interface IdentityProvider<C extends IdentityProviderModel> extends Provi
* This method should be called by provider after the JAXRS callback endpoint has finished authentication
* with the remote IDP
*
* @param userNotes notes to add to the UserSessionModel
* @param identityProviderConfig provider config
* @param federatedIdentity federated identity
* @param code relayState or state parameter used to identity the client session
* @param context
* @return
*/
public Response authenticated(Map<String, String> userNotes, IdentityProviderModel identityProviderConfig, FederatedIdentity federatedIdentity, String code);
public Response authenticated(BrokeredIdentityContext context);
}
/**
*
* @param userSession
* @param clientSession
* @param context
*/
void attachUserSession(UserSessionModel userSession, ClientSessionModel clientSession, BrokeredIdentityContext context);
void importNewUser(UserModel user, BrokeredIdentityContext context);
void updateBrokeredUser(UserModel user, BrokeredIdentityContext context);
/**
* JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.
*
@ -68,7 +77,7 @@ public interface IdentityProvider<C extends IdentityProviderModel> extends Provi
* identity provider.
* @return
*/
Response handleRequest(AuthenticationRequest request);
Response performLogin(AuthenticationRequest request);
/**
* <p>Returns a {@link javax.ws.rs.core.Response} containing the token previously stored during the authentication process for a

19
broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
View file

@ -25,14 +25,18 @@ import org.keycloak.OAuth2Constants;
import org.keycloak.broker.oidc.util.SimpleHttp;
import org.keycloak.broker.provider.AbstractIdentityProvider;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.FederatedIdentity;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.events.Errors;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.flows.Flows;
@ -87,7 +91,7 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
}
@Override
public Response handleRequest(AuthenticationRequest request) {
public Response performLogin(AuthenticationRequest request) {
try {
URI authorizationUrl = createAuthorizationUrl(request).build();
@ -125,7 +129,7 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
return null;
}
protected FederatedIdentity getFederatedIdentity(Map<String, String> notes, String response) {
protected BrokeredIdentityContext getFederatedIdentity(String response) {
String accessToken = extractTokenFromResponse(response, OAUTH2_PARAMETER_ACCESS_TOKEN);
if (accessToken == null) {
@ -136,7 +140,7 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
}
protected FederatedIdentity doGetFederatedIdentity(String accessToken) {
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
return null;
}
@ -204,14 +208,17 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
if (authorizationCode != null) {
String response = generateTokenRequest(authorizationCode).asString();
HashMap<String, String> userNotes = new HashMap<String, String>();
FederatedIdentity federatedIdentity = getFederatedIdentity(userNotes, response);
BrokeredIdentityContext federatedIdentity = getFederatedIdentity(response);
if (getConfig().isStoreToken()) {
federatedIdentity.setToken(response);
}
return callback.authenticated(userNotes, getConfig(), federatedIdentity, state);
federatedIdentity.setCode(state);
federatedIdentity.setIdpConfig(getConfig());
federatedIdentity.setIdp(AbstractOAuth2IdentityProvider.this);
return callback.authenticated(federatedIdentity);
}
} catch (Exception e) {
logger.error("Failed to make identity provider oauth callback", e);

37
broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
View file

@ -22,6 +22,7 @@ import org.jboss.logging.Logger;
import org.keycloak.RSATokenVerifier;
import org.keycloak.broker.oidc.util.SimpleHttp;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.FederatedIdentity;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.events.Errors;
@ -29,7 +30,9 @@ import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.IDToken;
@ -61,6 +64,9 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
public static final String OAUTH2_PARAMETER_PROMPT = "prompt";
public static final String SCOPE_OPENID = "openid";
public static final String FEDERATED_ID_TOKEN = "FEDERATED_ID_TOKEN";
public static final String USER_INFO = "UserInfo";
public static final String FEDERATED_ACCESS_TOKEN_RESPONSE = "FEDERATED_ACCESS_TOKEN_RESPONSE";
public static final String VALIDATED_ID_TOKEN = "VALIDATED_ID_TOKEN";
public OIDCIdentityProvider(OIDCIdentityProviderConfig config) {
super(config);
@ -158,7 +164,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
}
@Override
protected FederatedIdentity getFederatedIdentity(Map<String, String> notes, String response) {
protected BrokeredIdentityContext getFederatedIdentity(String response) {
AccessTokenResponse tokenResponse = null;
try {
tokenResponse = JsonSerialization.readValue(response, AccessTokenResponse.class);
@ -170,21 +176,18 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
String encodedIdToken = tokenResponse.getIdToken();
notes.put(FEDERATED_ACCESS_TOKEN, accessToken);
notes.put(FEDERATED_ID_TOKEN, encodedIdToken);
notes.put(FEDERATED_REFRESH_TOKEN, tokenResponse.getRefreshToken());
notes.put(FEDERATED_TOKEN_EXPIRATION, Long.toString(tokenResponse.getExpiresIn()));
IDToken idToken = validateIdToken(key, encodedIdToken);
try {
String id = idToken.getSubject();
BrokeredIdentityContext identity = new BrokeredIdentityContext(id);
String name = idToken.getName();
String preferredUsername = idToken.getPreferredUsername();
String email = idToken.getEmail();
if (id == null || name == null || preferredUsername == null || email == null && getConfig().getUserInfoUrl() != null) {
if (getConfig().getUserInfoUrl() != null && (id == null || name == null || preferredUsername == null || email == null) ) {
JsonNode userInfo = SimpleHttp.doGet(getConfig().getUserInfoUrl())
.header("Authorization", "Bearer " + accessToken)
.asJson();
@ -193,9 +196,10 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
name = getJsonProperty(userInfo, "name");
preferredUsername = getJsonProperty(userInfo, "preferred_username");
email = getJsonProperty(userInfo, "email");
identity.getContextData().put(USER_INFO, userInfo);
}
FederatedIdentity identity = new FederatedIdentity(id);
identity.getContextData().put(FEDERATED_ACCESS_TOKEN_RESPONSE, tokenResponse);
identity.getContextData().put(VALIDATED_ID_TOKEN, idToken);
identity.setId(id);
identity.setName(name);
@ -273,6 +277,23 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
}
}
@Override
public void attachUserSession(UserSessionModel userSession, ClientSessionModel clientSession, BrokeredIdentityContext context) {
AccessTokenResponse tokenResponse = (AccessTokenResponse)context.getContextData().get(FEDERATED_ACCESS_TOKEN_RESPONSE);
userSession.setNote(FEDERATED_ACCESS_TOKEN, tokenResponse.getToken());
userSession.setNote(FEDERATED_ID_TOKEN, tokenResponse.getIdToken());
}
@Override
public void importNewUser(UserModel user, BrokeredIdentityContext context) {
}
@Override
public void updateBrokeredUser(UserModel user, BrokeredIdentityContext context) {
}
@Override
protected String getDefaultScopes() {
return "openid";

29
broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
View file

@ -3,6 +3,7 @@ package org.keycloak.broker.saml;
import org.jboss.logging.Logger;
import org.keycloak.ClientConnection;
import org.keycloak.VerificationException;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.FederatedIdentity;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityProvider;
@ -75,10 +76,14 @@ public class SAMLEndpoint {
public static final String SAML_FEDERATED_SESSION_INDEX = "SAML_FEDERATED_SESSION_INDEX";
public static final String SAML_FEDERATED_SUBJECT = "SAML_FEDERATED_SUBJECT";
public static final String SAML_FEDERATED_SUBJECT_NAMEFORMAT = "SAML_FEDERATED_SUBJECT_NAMEFORMAT";
public static final String SAML_LOGIN_RESPONSE = "SAML_LOGIN_RESPONSE";
public static final String SAML_ASSERTION = "SAML_ASSERTION";
public static final String SAML_AUTHN_STATEMENT = "SAML_AUTHN_STATEMENT";
protected RealmModel realm;
protected EventBuilder event;
protected SAMLIdentityProviderConfig config;
protected IdentityProvider.AuthenticationCallback callback;
protected SAMLIdentityProvider provider;
@Context
private UriInfo uriInfo;
@ -93,10 +98,11 @@ public class SAMLEndpoint {
private HttpHeaders headers;
public SAMLEndpoint(RealmModel realm, SAMLIdentityProviderConfig config, IdentityProvider.AuthenticationCallback callback) {
public SAMLEndpoint(RealmModel realm, SAMLIdentityProvider provider, SAMLIdentityProviderConfig config, IdentityProvider.AuthenticationCallback callback) {
this.realm = realm;
this.config = config;
this.callback = callback;
this.provider = provider;
}
@GET
@ -265,10 +271,11 @@ public class SAMLEndpoint {
SubjectType subject = assertion.getSubject();
SubjectType.STSubType subType = subject.getSubType();
NameIDType subjectNameID = (NameIDType) subType.getBaseID();
Map<String, String> notes = new HashMap<>();
notes.put(SAML_FEDERATED_SUBJECT, subjectNameID.getValue());
if (subjectNameID.getFormat() != null) notes.put(SAML_FEDERATED_SUBJECT_NAMEFORMAT, subjectNameID.getFormat().toString());
FederatedIdentity identity = new FederatedIdentity(subjectNameID.getValue());
//Map<String, String> notes = new HashMap<>();
BrokeredIdentityContext identity = new BrokeredIdentityContext(subjectNameID.getValue());
identity.setCode(relayState);
identity.getContextData().put(SAML_LOGIN_RESPONSE, responseType);
identity.getContextData().put(SAML_ASSERTION, assertion);
identity.setUsername(subjectNameID.getValue());
@ -284,24 +291,28 @@ public class SAMLEndpoint {
for (Object statement : assertion.getStatements()) {
if (statement instanceof AuthnStatementType) {
authn = (AuthnStatementType)statement;
identity.getContextData().put(SAML_AUTHN_STATEMENT, authn);
break;
}
}
String brokerUserId = config.getAlias() + "." + subjectNameID.getValue();
identity.setBrokerUserId(brokerUserId);
identity.setIdpConfig(config);
identity.setIdp(provider);
if (authn != null && authn.getSessionIndex() != null) {
identity.setBrokerSessionId(identity.getBrokerUserId() + "." + authn.getSessionIndex());
notes.put(SAML_FEDERATED_SESSION_INDEX, authn.getSessionIndex());
}
return callback.authenticated(notes, config, identity, relayState);
return callback.authenticated(identity);
} catch (Exception e) {
throw new IdentityBrokerException("Could not process response from SAML identity provider.", e);
}
}
private AssertionType getAssertion(ResponseType responseType) throws ProcessingException {
List<ResponseType.RTChoiceType> assertions = responseType.getAssertions();

38
broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
View file

@ -19,10 +19,18 @@ package org.keycloak.broker.saml;
import org.keycloak.broker.provider.AbstractIdentityProvider;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.assertion.SubjectType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.saml.SAML2AuthnRequestBuilder;
import org.keycloak.protocol.saml.SAML2LogoutRequestBuilder;
@ -47,11 +55,11 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
@Override
public Object callback(RealmModel realm, AuthenticationCallback callback, EventBuilder event) {
return new SAMLEndpoint(realm, getConfig(), callback);
return new SAMLEndpoint(realm, this, getConfig(), callback);
}
@Override
public Response handleRequest(AuthenticationRequest request) {
public Response performLogin(AuthenticationRequest request) {
try {
UriInfo uriInfo = request.getUriInfo();
RealmModel realm = request.getRealm();
@ -112,6 +120,32 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
return UriBuilder.fromUri(uriInfo.getBaseUri()).path("realms").path(realm.getName()).build().toString();
}
@Override
public void attachUserSession(UserSessionModel userSession, ClientSessionModel clientSession, BrokeredIdentityContext context) {
ResponseType responseType = (ResponseType)context.getContextData().get(SAMLEndpoint.SAML_LOGIN_RESPONSE);
AssertionType assertion = (AssertionType)context.getContextData().get(SAMLEndpoint.SAML_ASSERTION);
SubjectType subject = assertion.getSubject();
SubjectType.STSubType subType = subject.getSubType();
NameIDType subjectNameID = (NameIDType) subType.getBaseID();
userSession.setNote(SAMLEndpoint.SAML_FEDERATED_SUBJECT, subjectNameID.getValue());
if (subjectNameID.getFormat() != null) userSession.setNote(SAMLEndpoint.SAML_FEDERATED_SUBJECT_NAMEFORMAT, subjectNameID.getFormat().toString());
AuthnStatementType authn = (AuthnStatementType)context.getContextData().get(SAMLEndpoint.SAML_AUTHN_STATEMENT);
if (authn != null && authn.getSessionIndex() != null) {
userSession.setNote(SAMLEndpoint.SAML_FEDERATED_SESSION_INDEX, authn.getSessionIndex());
}
}
@Override
public void importNewUser(UserModel user, BrokeredIdentityContext context) {
}
@Override
public void updateBrokeredUser(UserModel user, BrokeredIdentityContext context) {
}
@Override
public Response retrieveToken(FederatedIdentityModel identity) {
return Response.ok(identity.getToken()).build();

15
model/api/src/main/java/org/keycloak/provider/ConfiguredProvider.java Executable file
View file

@ -0,0 +1,15 @@
package org.keycloak.provider;
import org.keycloak.provider.ProviderConfigProperty;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ConfiguredProvider {
String getHelpText();
List<ProviderConfigProperty> getConfigProperties();
}

57
model/api/src/main/java/org/keycloak/provider/ProviderConfigProperty.java Executable file
View file

@ -0,0 +1,57 @@
package org.keycloak.provider;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ProviderConfigProperty {
public static final String BOOLEAN_TYPE="boolean";
public static final String STRING_TYPE="String";
public static final String LIST_TYPE="List";
protected String name;
protected String label;
protected String helpText;
protected String type;
protected Object defaultValue;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getLabel() {
return label;
}
public void setLabel(String label) {
this.label = label;
}
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
public Object getDefaultValue() {
return defaultValue;
}
public void setDefaultValue(Object defaultValue) {
this.defaultValue = defaultValue;
}
public String getHelpText() {
return helpText;
}
public void setHelpText(String helpText) {
this.helpText = helpText;
}
}

12
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/mappers/AttributeStatementHelper.java
View file

@ -1,8 +1,8 @@
package org.keycloak.protocol.saml.mappers;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
@ -48,18 +48,18 @@ public class AttributeStatementHelper {
return attribute;
}
public static void setConfigProperties(List<ProtocolMapper.ConfigProperty> configProperties) {
ProtocolMapper.ConfigProperty property = new ProtocolMapper.ConfigProperty();
public static void setConfigProperties(List<ProviderConfigProperty> configProperties) {
ProviderConfigProperty property = new ProviderConfigProperty();
property.setName(AttributeStatementHelper.FRIENDLY_NAME);
property.setLabel(AttributeStatementHelper.FRIENDLY_NAME_LABEL);
property.setHelpText(AttributeStatementHelper.FRIENDLY_NAME_HELP_TEXT);
configProperties.add(property);
property = new ProtocolMapper.ConfigProperty();
property = new ProviderConfigProperty();
property.setName(AttributeStatementHelper.SAML_ATTRIBUTE_NAME);
property.setLabel("SAML Attribute Name");
property.setHelpText("SAML Attribute Name");
configProperties.add(property);
property = new ProtocolMapper.ConfigProperty();
property = new ProviderConfigProperty();
property.setName(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT);
property.setLabel("SAML Attribute NameFormat");
property.setHelpText("SAML Attribute NameFormat. Can be basic, URI reference, or unspecified.");
@ -67,7 +67,7 @@ public class AttributeStatementHelper {
types.add(AttributeStatementHelper.BASIC);
types.add(AttributeStatementHelper.URI_REFERENCE);
types.add(AttributeStatementHelper.UNSPECIFIED);
property.setType(ProtocolMapper.ConfigProperty.LIST_TYPE);
property.setType(ProviderConfigProperty.LIST_TYPE);
property.setDefaultValue(types);
configProperties.add(property);

11
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/mappers/HardcodedAttributeMapper.java
View file

@ -5,6 +5,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
import org.keycloak.provider.ProviderConfigProperty;
import java.util.ArrayList;
import java.util.List;
@ -18,15 +19,15 @@ import java.util.List;
public class HardcodedAttributeMapper extends AbstractSAMLProtocolMapper implements SAMLAttributeStatementMapper {
public static final String PROVIDER_ID = "saml-hardcode-attribute-mapper";
public static final String ATTRIBUTE_VALUE = "attribute.value";
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ConfigProperty property;
ProviderConfigProperty property;
AttributeStatementHelper.setConfigProperties(configProperties);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(ATTRIBUTE_VALUE);
property.setLabel("Attribute value");
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
property.setHelpText("Value of the attribute you want to hard code.");
configProperties.add(property);
@ -34,7 +35,7 @@ public class HardcodedAttributeMapper extends AbstractSAMLProtocolMapper impleme
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}
@Override

11
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/mappers/HardcodedRole.java
View file

@ -1,6 +1,7 @@
package org.keycloak.protocol.saml.mappers;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.protocol.saml.SamlProtocol;
import java.util.ArrayList;
@ -17,21 +18,21 @@ import java.util.Map;
public class HardcodedRole extends AbstractSAMLProtocolMapper {
public static final String PROVIDER_ID = "saml-hardcode-role-mapper";
public static final String ATTRIBUTE_VALUE = "attribute.value";
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName("role");
property.setLabel("Role");
property.setHelpText("Role name you want to hardcode.");
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
configProperties.add(property);
}
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}
@Override

19
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/mappers/RoleListMapper.java
View file

@ -7,6 +7,7 @@ import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
import org.keycloak.dom.saml.v2.assertion.AttributeType;
@ -25,22 +26,22 @@ public class RoleListMapper extends AbstractSAMLProtocolMapper implements SAMLRo
public static final String PROVIDER_ID = "saml-role-list-mapper";
public static final String SINGLE_ROLE_ATTRIBUTE = "single";
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(AttributeStatementHelper.SAML_ATTRIBUTE_NAME);
property.setLabel("Role attribute name");
property.setDefaultValue("Role");
property.setHelpText("Name of the SAML attribute you want to put your roles into. i.e. 'Role', 'memberOf'.");
configProperties.add(property);
property = new ProtocolMapper.ConfigProperty();
property = new ProviderConfigProperty();
property.setName(AttributeStatementHelper.FRIENDLY_NAME);
property.setLabel(AttributeStatementHelper.FRIENDLY_NAME_LABEL);
property.setHelpText(AttributeStatementHelper.FRIENDLY_NAME_HELP_TEXT);
configProperties.add(property);
property = new ProtocolMapper.ConfigProperty();
property = new ProviderConfigProperty();
property.setName(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT);
property.setLabel("SAML Attribute NameFormat");
property.setHelpText("SAML Attribute NameFormat. Can be basic, URI reference, or unspecified.");
@ -48,13 +49,13 @@ public class RoleListMapper extends AbstractSAMLProtocolMapper implements SAMLRo
types.add(AttributeStatementHelper.BASIC);
types.add(AttributeStatementHelper.URI_REFERENCE);
types.add(AttributeStatementHelper.UNSPECIFIED);
property.setType(ProtocolMapper.ConfigProperty.LIST_TYPE);
property.setType(ProviderConfigProperty.LIST_TYPE);
property.setDefaultValue(types);
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(SINGLE_ROLE_ATTRIBUTE);
property.setLabel("Single Role Attribute");
property.setType(ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText("If true, all roles will be stored under one attribute with multiple attribute values.");
configProperties.add(property);
@ -78,7 +79,7 @@ public class RoleListMapper extends AbstractSAMLProtocolMapper implements SAMLRo
}
@Override
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

15
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/mappers/RoleNameMapper.java
View file

@ -4,6 +4,7 @@ import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
import org.keycloak.protocol.saml.SamlProtocol;
@ -20,31 +21,31 @@ import java.util.Map;
*/
public class RoleNameMapper extends AbstractOIDCProtocolMapper implements SAMLRoleNameMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
public static final String ROLE_CONFIG = "role";
public static String NEW_ROLE_NAME = "new.role.name";
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(ROLE_CONFIG);
property.setLabel("Role");
property.setHelpText("Role name you want changed. To reference an application role the syntax is appname.approle, i.e. myapp.myrole");
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(NEW_ROLE_NAME);
property.setLabel("New Role Name");
property.setHelpText("The new role name.");
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
configProperties.add(property);
}
public static final String PROVIDER_ID = "saml-role-name-mapper";
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

9
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/mappers/UserAttributeStatementMapper.java
View file

@ -7,6 +7,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
import org.keycloak.provider.ProviderConfigProperty;
import java.util.ArrayList;
import java.util.List;
@ -18,11 +19,11 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class UserAttributeStatementMapper extends AbstractSAMLProtocolMapper implements SAMLAttributeStatementMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
property.setLabel(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_LABEL);
property.setHelpText(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_HELP_TEXT);
@ -34,7 +35,7 @@ public class UserAttributeStatementMapper extends AbstractSAMLProtocolMapper imp
public static final String PROVIDER_ID = "saml-user-attribute-mapper";
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}
@Override

9
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/mappers/UserPropertyAttributeStatementMapper.java
View file

@ -7,6 +7,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
import org.keycloak.provider.ProviderConfigProperty;
import java.util.ArrayList;
import java.util.List;
@ -18,11 +19,11 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class UserPropertyAttributeStatementMapper extends AbstractSAMLProtocolMapper implements SAMLAttributeStatementMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
property.setLabel(ProtocolMapperUtils.USER_MODEL_PROPERTY_LABEL);
property.setHelpText(ProtocolMapperUtils.USER_MODEL_PROPERTY_HELP_TEXT);
@ -34,7 +35,7 @@ public class UserPropertyAttributeStatementMapper extends AbstractSAMLProtocolMa
public static final String PROVIDER_ID = "saml-user-property-mapper";
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}
@Override

59
services/src/main/java/org/keycloak/protocol/ProtocolMapper.java
View file

@ -1,71 +1,16 @@
package org.keycloak.protocol;
import org.keycloak.provider.ConfiguredProvider;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ProtocolMapper extends Provider, ProviderFactory<ProtocolMapper> {
public interface ProtocolMapper extends Provider, ProviderFactory<ProtocolMapper>,ConfiguredProvider {
String getProtocol();
String getDisplayCategory();
String getDisplayType();
String getHelpText();
public static class ConfigProperty {
public static final String BOOLEAN_TYPE="boolean";
public static final String STRING_TYPE="String";
public static final String LIST_TYPE="List";
protected String name;
protected String label;
protected String helpText;
protected String type;
protected Object defaultValue;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getLabel() {
return label;
}
public void setLabel(String label) {
this.label = label;
}
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
public Object getDefaultValue() {
return defaultValue;
}
public void setDefaultValue(Object defaultValue) {
this.defaultValue = defaultValue;
}
public String getHelpText() {
return helpText;
}
public void setHelpText(String helpText) {
this.helpText = helpText;
}
}
List<ConfigProperty> getConfigProperties();
}

15
services/src/main/java/org/keycloak/protocol/oidc/mappers/AddressMapper.java
View file

@ -6,6 +6,7 @@ import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AddressClaimSet;
import org.keycloak.representations.IDToken;
@ -23,21 +24,21 @@ import java.util.Map;
*/
public class AddressMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN);
property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_LABEL);
property.setType(ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_HELP_TEXT);
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_LABEL);
property.setType(ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT);
configProperties.add(property);
@ -75,7 +76,7 @@ public class AddressMapper extends AbstractOIDCProtocolMapper implements OIDCAcc
}
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

15
services/src/main/java/org/keycloak/protocol/oidc/mappers/FullNameMapper.java
View file

@ -7,6 +7,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
@ -23,21 +24,21 @@ import java.util.Map;
*/
public class FullNameMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN);
property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_LABEL);
property.setType(ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_HELP_TEXT);
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_LABEL);
property.setType(ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT);
configProperties.add(property);
@ -47,7 +48,7 @@ public class FullNameMapper extends AbstractOIDCProtocolMapper implements OIDCAc
public static final String PROVIDER_ID = "oidc-full-name-mapper";
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

27
services/src/main/java/org/keycloak/protocol/oidc/mappers/HardcodedClaim.java
View file

@ -8,6 +8,7 @@ import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
@ -24,25 +25,25 @@ import java.util.Map;
*/
public class HardcodedClaim extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
public static final String CLAIM_VALUE = "claim.value";
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME);
property.setLabel(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME_LABEL);
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
property.setHelpText("Claim name you want to hard code into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created.");
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(CLAIM_VALUE);
property.setLabel("Claim value");
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
property.setHelpText("Value of the claim you want to hard code. 'true' and 'false can be used for boolean values.");
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.JSON_TYPE);
property.setLabel(OIDCAttributeMapperHelper.JSON_TYPE);
List<String> types = new ArrayList(3);
@ -50,21 +51,21 @@ public class HardcodedClaim extends AbstractOIDCProtocolMapper implements OIDCAc
types.add("long");
types.add("int");
types.add("boolean");
property.setType(ProtocolMapper.ConfigProperty.LIST_TYPE);
property.setType(ProviderConfigProperty.LIST_TYPE);
property.setDefaultValue(types);
property.setHelpText("JSON type that should be used for the value of the claim. long, int, boolean, and String are valid values.");
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN);
property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_LABEL);
property.setType(ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_HELP_TEXT);
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_LABEL);
property.setType(ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT);
configProperties.add(property);
@ -74,7 +75,7 @@ public class HardcodedClaim extends AbstractOIDCProtocolMapper implements OIDCAc
public static final String PROVIDER_ID = "oidc-hardcoded-claim-mapper";
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

11
services/src/main/java/org/keycloak/protocol/oidc/mappers/HardcodedRole.java
View file

@ -6,6 +6,7 @@ import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import java.util.ArrayList;
@ -21,24 +22,24 @@ import java.util.Map;
*/
public class HardcodedRole extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
public static final String ROLE_CONFIG = "role";
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(ROLE_CONFIG);
property.setLabel("Role");
property.setHelpText("Role you want added to the token. To specify an application role the syntax is appname.approle, i.e. myapp.myrole");
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
configProperties.add(property);
}
public static final String PROVIDER_ID = "oidc-hardcoded-role-mapper";
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

21
services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java
View file

@ -5,6 +5,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
@ -101,15 +102,15 @@ public class OIDCAttributeMapperHelper {
return "true".equals(mappingModel.getConfig().get(INCLUDE_IN_ACCESS_TOKEN));
}
public static void addAttributeConfig(List<ProtocolMapper.ConfigProperty> configProperties) {
ProtocolMapper.ConfigProperty property;
property = new ProtocolMapper.ConfigProperty();
public static void addAttributeConfig(List<ProviderConfigProperty> configProperties) {
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(TOKEN_CLAIM_NAME);
property.setLabel(TOKEN_CLAIM_NAME_LABEL);
property.setType(ProtocolMapper.ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
property.setHelpText("Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created.");
configProperties.add(property);
property = new ProtocolMapper.ConfigProperty();
property = new ProviderConfigProperty();
property.setName(JSON_TYPE);
property.setLabel(JSON_TYPE);
List<String> types = new ArrayList(3);
@ -117,21 +118,21 @@ public class OIDCAttributeMapperHelper {
types.add("long");
types.add("int");
types.add("boolean");
property.setType(ProtocolMapper.ConfigProperty.LIST_TYPE);
property.setType(ProviderConfigProperty.LIST_TYPE);
property.setDefaultValue(types);
property.setHelpText("JSON type that should be used to populate the json claim in the token. long, int, boolean, and String are valid values.");
configProperties.add(property);
property = new ProtocolMapper.ConfigProperty();
property = new ProviderConfigProperty();
property.setName(INCLUDE_IN_ID_TOKEN);
property.setLabel(INCLUDE_IN_ID_TOKEN_LABEL);
property.setType(ProtocolMapper.ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText(INCLUDE_IN_ID_TOKEN_HELP_TEXT);
configProperties.add(property);
property = new ProtocolMapper.ConfigProperty();
property = new ProviderConfigProperty();
property.setName(INCLUDE_IN_ACCESS_TOKEN);
property.setLabel(INCLUDE_IN_ACCESS_TOKEN_LABEL);
property.setType(ProtocolMapper.ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText(INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT);
configProperties.add(property);

15
services/src/main/java/org/keycloak/protocol/oidc/mappers/RoleNameMapper.java
View file

@ -7,6 +7,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
@ -23,31 +24,31 @@ import java.util.Map;
*/
public class RoleNameMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
public static final String ROLE_CONFIG = "role";
public static String NEW_ROLE_NAME = "new.role.name";
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(ROLE_CONFIG);
property.setLabel("Role");
property.setHelpText("Role name you want changed. To reference an application role the syntax is appname.approle, i.e. myapp.myrole");
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(NEW_ROLE_NAME);
property.setLabel("New Role Name");
property.setHelpText("The new role name. The new name format corresponds to where in the access token the role will be mapped to. So, a new name of 'myapp.newname' will map the role to that position in the access token. A new name of 'newname' will map the role to the realm roles in the token.");
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
configProperties.add(property);
}
public static final String PROVIDER_ID = "oidc-role-name-mapper";
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

11
services/src/main/java/org/keycloak/protocol/oidc/mappers/UserAttributeMapper.java
View file

@ -7,6 +7,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
@ -23,15 +24,15 @@ import java.util.List;
*/
public class UserAttributeMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
property.setLabel(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_LABEL);
property.setHelpText(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_HELP_TEXT);
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
configProperties.add(property);
OIDCAttributeMapperHelper.addAttributeConfig(configProperties);
@ -40,7 +41,7 @@ public class UserAttributeMapper extends AbstractOIDCProtocolMapper implements O
public static final String PROVIDER_ID = "oidc-usermodel-attribute-mapper";
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

11
services/src/main/java/org/keycloak/protocol/oidc/mappers/UserPropertyMapper.java
View file

@ -6,6 +6,7 @@ import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
@ -21,14 +22,14 @@ import java.util.List;
* @version $Revision: 1 $
*/
public class UserPropertyMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
property.setLabel(ProtocolMapperUtils.USER_MODEL_PROPERTY_LABEL);
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
property.setHelpText(ProtocolMapperUtils.USER_MODEL_PROPERTY_HELP_TEXT);
configProperties.add(property);
OIDCAttributeMapperHelper.addAttributeConfig(configProperties);
@ -37,7 +38,7 @@ public class UserPropertyMapper extends AbstractOIDCProtocolMapper implements OI
public static final String PROVIDER_ID = "oidc-usermodel-property-mapper";
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

29
services/src/main/java/org/keycloak/protocol/oidc/mappers/UserSessionNoteMapper.java
View file

@ -11,6 +11,7 @@ import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
@ -21,40 +22,40 @@ import org.keycloak.representations.IDToken;
*/
public class UserSessionNoteMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper {
private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ConfigProperty property;
property = new ConfigProperty();
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName(ProtocolMapperUtils.USER_SESSION_NOTE);
property.setLabel(ProtocolMapperUtils.USER_SESSION_MODEL_NOTE_LABEL);
property.setHelpText(ProtocolMapperUtils.USER_SESSION_MODEL_NOTE_HELP_TEXT);
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME);
property.setLabel(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME_LABEL);
property.setType(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
property.setHelpText("Name of the claim to insert into the token. This can be a fully qualified name like 'address.street'. In this case, a nested json object will be created.");
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.JSON_TYPE);
property.setLabel(OIDCAttributeMapperHelper.JSON_TYPE);
property.setType(ConfigProperty.STRING_TYPE);
property.setDefaultValue(ConfigProperty.STRING_TYPE);
property.setType(ProviderConfigProperty.STRING_TYPE);
property.setDefaultValue(ProviderConfigProperty.STRING_TYPE);
property.setHelpText("JSON type that should be used to populate the json claim in the token. long, int, boolean, and String are valid values.");
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN);
property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_LABEL);
property.setType(ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_HELP_TEXT);
configProperties.add(property);
property = new ConfigProperty();
property = new ProviderConfigProperty();
property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_LABEL);
property.setType(ConfigProperty.BOOLEAN_TYPE);
property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
property.setDefaultValue("true");
property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT);
configProperties.add(property);
@ -64,7 +65,7 @@ public class UserSessionNoteMapper extends AbstractOIDCProtocolMapper implements
public static final String PROVIDER_ID = "oidc-usersessionmodel-note-mapper";
public List<ConfigProperty> getConfigProperties() {
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}

61
services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
View file

@ -22,6 +22,7 @@ import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.ClientConnection;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.FederatedIdentity;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityProvider;
@ -39,7 +40,6 @@ import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.services.managers.AppAuthManager;
@ -131,7 +131,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
try {
ClientSessionCode clientSessionCode = parseClientSessionCode(code);
IdentityProvider identityProvider = getIdentityProvider(session, realmModel, providerId);
Response response = identityProvider.handleRequest(createAuthenticationRequest(providerId, clientSessionCode));
Response response = identityProvider.performLogin(createAuthenticationRequest(providerId, clientSessionCode));
if (response != null) {
this.event.success();
@ -238,10 +238,11 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
return getToken(providerId, true);
}
public Response authenticated(Map<String, String> userNotes, IdentityProviderModel identityProviderConfig, FederatedIdentity federatedIdentity, String code) {
public Response authenticated(BrokeredIdentityContext context) {
ClientSessionCode clientCode = null;
IdentityProviderModel identityProviderConfig = context.getIdpConfig();
try {
clientCode = parseClientSessionCode(code);
clientCode = parseClientSessionCode(context.getCode());
} catch (Exception e) {
return redirectToErrorPage(Messages.IDENTITY_PROVIDER_AUTHENTICATION_FAILED, e, identityProviderConfig.getProviderId());
@ -251,32 +252,27 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
if (isDebugEnabled()) {
LOGGER.debugf("Token will not be stored for identity provider [%s].", providerId);
}
federatedIdentity.setToken(null);
context.setToken(null);
}
federatedIdentity.setIdentityProviderId(providerId);
ClientSessionModel clientSession = clientCode.getClientSession();
FederatedIdentityModel federatedIdentityModel = new FederatedIdentityModel(providerId, federatedIdentity.getId(),
federatedIdentity.getUsername(), federatedIdentity.getToken());
FederatedIdentityModel federatedIdentityModel = new FederatedIdentityModel(providerId, context.getId(),
context.getUsername(), context.getToken());
this.event.event(EventType.IDENTITY_PROVIDER_LOGIN)
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
.detail(Details.IDENTITY_PROVIDER_USERNAME, federatedIdentity.getUsername());
.detail(Details.IDENTITY_PROVIDER_USERNAME, context.getUsername());
UserModel federatedUser = this.session.users().getUserByFederatedIdentity(federatedIdentityModel, this.realmModel);
// Check if federatedUser is already authenticated (this means linking social into existing federatedUser account)
if (clientSession.getUserSession() != null) {
UserSessionModel userSession = clientSession.getUserSession();
for (Map.Entry<String, String> entry : userNotes.entrySet()) {
userSession.setNote(entry.getKey(), entry.getValue());
}
return performAccountLinking(clientSession, providerId, federatedIdentityModel, federatedUser);
return performAccountLinking(clientSession, context, federatedIdentityModel, federatedUser);
}
if (federatedUser == null) {
try {
federatedUser = createUser(federatedIdentity);
federatedUser = createUser(context);
if (identityProviderConfig.isUpdateProfileFirstLogin()) {
if (isDebugEnabled()) {
@ -289,18 +285,16 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
}
}
updateFederatedIdentity(federatedIdentity, federatedUser);
updateFederatedIdentity(context, federatedUser);
UserSessionModel userSession = this.session.sessions()
.createUserSession(this.realmModel, federatedUser, federatedUser.getUsername(), this.clientConnection.getRemoteAddr(), "broker", false, federatedIdentity.getBrokerSessionId(), federatedIdentity.getBrokerUserId());
.createUserSession(this.realmModel, federatedUser, federatedUser.getUsername(), this.clientConnection.getRemoteAddr(), "broker", false, context.getBrokerSessionId(), context.getBrokerUserId());
this.event.user(federatedUser);
this.event.session(userSession);
TokenManager.attachClientSession(userSession, clientSession);
for (Map.Entry<String, String> entry : userNotes.entrySet()) {
userSession.setNote(entry.getKey(), entry.getValue());
}
context.getIdp().attachUserSession(userSession, clientSession, context);
userSession.setNote(BROKER_PROVIDER_ID, providerId);
if (isDebugEnabled()) {
@ -311,17 +305,17 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
this.uriInfo, event);
}
private Response performAccountLinking(ClientSessionModel clientSession, String providerId, FederatedIdentityModel federatedIdentityModel, UserModel federatedUser) {
private Response performAccountLinking(ClientSessionModel clientSession, BrokeredIdentityContext context, FederatedIdentityModel federatedIdentityModel, UserModel federatedUser) {
this.event.event(EventType.IDENTITY_PROVIDER_ACCCOUNT_LINKING);
if (federatedUser != null) {
return redirectToErrorPage(Messages.IDENTITY_PROVIDER_ALREADY_LINKED, providerId);
return redirectToErrorPage(Messages.IDENTITY_PROVIDER_ALREADY_LINKED, context.getIdpConfig().getAlias());
}
UserModel authenticatedUser = clientSession.getUserSession().getUser();
if (isDebugEnabled()) {
LOGGER.debugf("Linking account [%s] from identity provider [%s] to user [%s].", federatedIdentityModel, providerId, authenticatedUser);
LOGGER.debugf("Linking account [%s] from identity provider [%s] to user [%s].", federatedIdentityModel, context.getIdpConfig().getAlias(), authenticatedUser);
}
if (!authenticatedUser.isEnabled()) {
@ -335,14 +329,14 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
}
this.session.users().addFederatedIdentity(this.realmModel, authenticatedUser, federatedIdentityModel);
context.getIdp().attachUserSession(clientSession.getUserSession(), clientSession, context);
this.event.success();
return Response.status(302).location(UriBuilder.fromUri(clientSession.getRedirectUri()).build()).build();
}
private void updateFederatedIdentity(FederatedIdentity updatedIdentity, UserModel federatedUser) {
FederatedIdentityModel federatedIdentityModel = this.session.users().getFederatedIdentity(federatedUser, updatedIdentity.getIdentityProviderId(), this.realmModel);
private void updateFederatedIdentity(BrokeredIdentityContext updatedIdentity, UserModel federatedUser) {
FederatedIdentityModel federatedIdentityModel = this.session.users().getFederatedIdentity(federatedUser, updatedIdentity.getIdpConfig().getAlias(), this.realmModel);
// Skip DB write if tokens are null or equal
if (!ObjectUtil.isEqualOrNull(updatedIdentity.getToken(), federatedIdentityModel.getToken())) {
@ -351,9 +345,10 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
this.session.users().updateFederatedIdentity(this.realmModel, federatedUser, federatedIdentityModel);
if (isDebugEnabled()) {
LOGGER.debugf("Identity [%s] update with response from identity provider [%s].", federatedUser, updatedIdentity.getIdentityProviderId());
LOGGER.debugf("Identity [%s] update with response from identity provider [%s].", federatedUser, updatedIdentity.getIdpConfig().getAlias());
}
}
updatedIdentity.getIdp().updateBrokeredUser(federatedUser, updatedIdentity);
}
private ClientSessionCode parseClientSessionCode(String code) {
@ -475,8 +470,8 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
throw new IdentityBrokerException("Configuration for identity provider [" + providerId + "] not found.");
}
private UserModel createUser(FederatedIdentity updatedIdentity) {
FederatedIdentityModel federatedIdentityModel = new FederatedIdentityModel(updatedIdentity.getIdentityProviderId(), updatedIdentity.getId(),
private UserModel createUser(BrokeredIdentityContext updatedIdentity) {
FederatedIdentityModel federatedIdentityModel = new FederatedIdentityModel(updatedIdentity.getIdpConfig().getAlias(), updatedIdentity.getId(),
updatedIdentity.getUsername(), updatedIdentity.getToken());
// Check if no user already exists with this username or email
UserModel existingUser = null;
@ -494,9 +489,9 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
if (this.realmModel.isRegistrationEmailAsUsername() && !Validation.isEmpty(updatedIdentity.getEmail())) {
username = updatedIdentity.getEmail();
} else if (username == null) {
username = updatedIdentity.getIdentityProviderId() + "." + updatedIdentity.getId();
username = updatedIdentity.getIdpConfig().getAlias() + "." + updatedIdentity.getId();
} else {
username = updatedIdentity.getIdentityProviderId() + "." + updatedIdentity.getUsername();
username = updatedIdentity.getIdpConfig().getAlias() + "." + updatedIdentity.getUsername();
}
if (username != null) {
username = username.trim();
@ -520,12 +515,14 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
}
federatedUser.setEnabled(true);
federatedUser.setEmail(updatedIdentity.getEmail());
federatedUser.setFirstName(updatedIdentity.getFirstName());
federatedUser.setLastName(updatedIdentity.getLastName());
federatedUser.setEmail(updatedIdentity.getEmail());
this.session.users().addFederatedIdentity(this.realmModel, federatedUser, federatedIdentityModel);
updatedIdentity.getIdp().importNewUser(federatedUser, updatedIdentity);
this.event.clone().user(federatedUser).event(EventType.REGISTER)
.detail(Details.IDENTITY_PROVIDER, federatedIdentityModel.getIdentityProvider())
.detail(Details.IDENTITY_PROVIDER_USERNAME, updatedIdentity.getUsername())

3
services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java
View file

@ -15,6 +15,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.LoginProtocolFactory;
import org.keycloak.protocol.ProtocolMapper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.Spi;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
@ -142,7 +143,7 @@ public class ServerInfoAdminResource {
rep.setHelpText(mapper.getHelpText());
rep.setCategory(mapper.getDisplayCategory());
rep.setProperties(new LinkedList<ProtocolMapperTypeRepresentation.ConfigProperty>());
for (ProtocolMapper.ConfigProperty prop : mapper.getConfigProperties()) {
for (ProviderConfigProperty prop : mapper.getConfigProperties()) {
ProtocolMapperTypeRepresentation.ConfigProperty propRep = new ProtocolMapperTypeRepresentation.ConfigProperty();
propRep.setName(prop.getName());
propRep.setLabel(prop.getLabel());

7
social/facebook/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
View file

@ -4,6 +4,7 @@ import org.codehaus.jackson.JsonNode;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.oidc.util.SimpleHttp;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.FederatedIdentity;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.social.SocialIdentityProvider;
@ -25,13 +26,13 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
config.setUserInfoUrl(PROFILE_URL);
}
protected FederatedIdentity doGetFederatedIdentity(String accessToken) {
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
try {
JsonNode profile = SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken).asJson();
String id = getJsonProperty(profile, "id");
FederatedIdentity user = new FederatedIdentity(id);
BrokeredIdentityContext user = new BrokeredIdentityContext(id);
String email = getJsonProperty(profile, "email");
@ -59,6 +60,8 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
}
user.setName(firstName + lastName);
user.setIdpConfig(getConfig());
user.setIdp(this);
return user;
} catch (Exception e) {

7
social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
View file

@ -4,6 +4,7 @@ import org.codehaus.jackson.JsonNode;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.oidc.util.SimpleHttp;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.FederatedIdentity;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.social.SocialIdentityProvider;
@ -26,15 +27,17 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
}
@Override
protected FederatedIdentity doGetFederatedIdentity(String accessToken) {
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
try {
JsonNode profile = SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken).asJson();
FederatedIdentity user = new FederatedIdentity(getJsonProperty(profile, "id"));
BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"));
user.setUsername(getJsonProperty(profile, "login"));
user.setName(getJsonProperty(profile, "name"));
user.setEmail(getJsonProperty(profile, "email"));
user.setIdpConfig(getConfig());
user.setIdp(this);
return user;
} catch (Exception e) {

7
social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java
View file

@ -26,6 +26,7 @@ import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.oidc.util.SimpleHttp;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.FederatedIdentity;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.social.SocialIdentityProvider;
@ -52,16 +53,18 @@ public class LinkedInIdentityProvider extends AbstractOAuth2IdentityProvider imp
}
@Override
protected FederatedIdentity doGetFederatedIdentity(String accessToken) {
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
log.debug("doGetFederatedIdentity()");
try {
JsonNode profile = SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken).asJson();
FederatedIdentity user = new FederatedIdentity(getJsonProperty(profile, "id"));
BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"));
user.setUsername(extractUsernameFromProfileURL(getJsonProperty(profile, "publicProfileUrl")));
user.setName(getJsonProperty(profile, "formattedName"));
user.setEmail(getJsonProperty(profile, "emailAddress"));
user.setIdpConfig(getConfig());
user.setIdp(this);
return user;
} catch (Exception e) {

10
social/stackoverflow/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java
View file

@ -27,6 +27,7 @@ import org.codehaus.jackson.JsonNode;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.broker.oidc.util.SimpleHttp;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.FederatedIdentity;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.social.SocialIdentityProvider;
@ -53,8 +54,10 @@ public class StackoverflowIdentityProvider extends AbstractOAuth2IdentityProvide
config.setUserInfoUrl(PROFILE_URL);
}
@Override
protected FederatedIdentity doGetFederatedIdentity(String accessToken) {
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
log.debug("doGetFederatedIdentity()");
try {
@ -64,12 +67,15 @@ public class StackoverflowIdentityProvider extends AbstractOAuth2IdentityProvide
}
JsonNode profile = SimpleHttp.doGet(URL).asJson().get("items").get(0);
FederatedIdentity user = new FederatedIdentity(getJsonProperty(profile, "user_id"));
BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "user_id"));
user.setUsername(extractUsernameFromProfileURL(getJsonProperty(profile, "link")));
user.setName(unescapeHtml3(getJsonProperty(profile, "display_name")));
// email is not provided
// user.setEmail(getJsonProperty(profile, "email"));
user.setIdpConfig(getConfig());
user.setIdp(this);
return user;
} catch (Exception e) {

11
social/twitter/src/main/java/org/keycloak/social/twitter/TwitterIdentityProvider.java
View file

@ -26,6 +26,7 @@ import org.keycloak.ClientConnection;
import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
import org.keycloak.broker.provider.AbstractIdentityProvider;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.FederatedIdentity;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.events.EventBuilder;
@ -35,6 +36,8 @@ import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.flows.Flows;
@ -73,7 +76,7 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2Iden
}
@Override
public Response handleRequest(AuthenticationRequest request) {
public Response performLogin(AuthenticationRequest request) {
try {
Twitter twitter = new TwitterFactory().getInstance();
twitter.setOAuthConsumer(getConfig().getClientId(), getConfig().getClientSecret());
@ -135,7 +138,7 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2Iden
AccessToken oAuthAccessToken = twitter.getOAuthAccessToken(requestToken, verifier);
twitter4j.User twitterUser = twitter.verifyCredentials();
FederatedIdentity identity = new FederatedIdentity(Long.toString(twitterUser.getId()));
BrokeredIdentityContext identity = new BrokeredIdentityContext(Long.toString(twitterUser.getId()));
identity.setUsername(twitterUser.getScreenName());
identity.setName(twitterUser.getName());
@ -150,8 +153,10 @@ public class TwitterIdentityProvider extends AbstractIdentityProvider<OAuth2Iden
tokenBuilder.append("}");
identity.setToken(tokenBuilder.toString());
identity.setCode(state);
identity.setIdpConfig(getConfig());
return callback.authenticated(new HashMap<String, String>(), getConfig(), identity, state);
return callback.authenticated(identity);
} catch (Exception e) {
logger.error("Could get user profile from twitter.", e);
}

2
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/provider/CustomIdentityProvider.java
View file

@ -34,7 +34,7 @@ public class CustomIdentityProvider extends AbstractIdentityProvider<IdentityPro
}
@Override
public Response handleRequest(AuthenticationRequest request) {
public Response performLogin(AuthenticationRequest request) {
return null;
}

2
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/provider/social/CustomSocialProvider.java
View file

@ -35,7 +35,7 @@ public class CustomSocialProvider extends AbstractIdentityProvider<IdentityProvi
}
@Override
public Response handleRequest(AuthenticationRequest request) {
public Response performLogin(AuthenticationRequest request) {
return null;
}