public static Object getClaimValue(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String claim = mapperModel.getConfig().get(CLAIM); return getClaimValue(context, claim); }
@Override public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String attribute = mapperModel.getConfig().get(USER_ATTRIBUTE); Object value = getClaimValue(mapperModel, context); if (value != null) { context.setUserAttribute(attribute, value.toString()); } }
protected boolean hasClaimValue(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { Object value = getClaimValue(mapperModel, context); String desiredValue = mapperModel.getConfig().get(CLAIM_VALUE); return valueEquals(desiredValue, value); }
@Override public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String attribute = mapperModel.getConfig().get(USER_ATTRIBUTE); Object value = getClaimValue(mapperModel, context); String current = user.getFirstAttribute(attribute); if (value != null && !value.equals(current)) { user.setSingleAttribute(attribute, value.toString()); } else if (value == null) { user.removeAttribute(attribute); } }
@Override public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String attribute = mapperModel.getConfig().get(CONF_USER_ATTRIBUTE); if (attribute == null || attribute.trim().isEmpty()) { logger.warnf("Attribute is not configured for mapper %s", mapperModel.getName()); return; } attribute = attribute.trim(); String value = getJsonValue(mapperModel, context); if (value != null) { context.setUserAttribute(attribute, value); } }
@Override public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String template = mapperModel.getConfig().get(TEMPLATE); Matcher m = substitution.matcher(template); StringBuffer sb = new StringBuffer(); while (m.find()) { String variable = m.group(1); if (variable.equals("ALIAS")) { m.appendReplacement(sb, context.getIdpConfig().getAlias()); } else if (variable.equals("UUID")) { m.appendReplacement(sb, KeycloakModelUtils.generateId()); } else if (variable.startsWith("CLAIM.")) { String name = variable.substring("CLAIM.".length()); Object value = AbstractClaimMapper.getClaimValue(context, name); if (value == null) value = ""; m.appendReplacement(sb, value.toString()); } else { m.appendReplacement(sb, m.group(1)); } } m.appendTail(sb); String username = sb.toString(); context.setModelUsername(username); }
protected static String getJsonValue(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String jsonField = mapperModel.getConfig().get(CONF_JSON_FIELD); if (jsonField == null || jsonField.trim().isEmpty()) { logger.warnf("JSON field path is not configured for mapper %s", mapperModel.getName()); return null; } jsonField = jsonField.trim(); if (jsonField.startsWith(JSON_PATH_DELIMITER) || jsonField.endsWith(JSON_PATH_DELIMITER) || jsonField.startsWith("[")) { logger.warnf("JSON field path is invalid %s", jsonField); return null; } JsonNode profileJsonNode = (JsonNode) context.getContextData().get(CONTEXT_JSON_NODE); String value = getJsonValue(profileJsonNode, jsonField); if (value == null) { logger.debugf("User profile JSON value '%s' is not available.", jsonField); } return value; }
@Override public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String roleName = mapperModel.getConfig().get(HardcodedRoleMapper.ROLE); if (hasClaimValue(mapperModel, context)) { RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName); if (role == null) throw new IdentityBrokerException("Unable to find role: " + roleName); user.grantRole(role); } }
@Override public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String roleName = mapperModel.getConfig().get(HardcodedRoleMapper.ROLE); if (!hasClaimValue(mapperModel, context)) { RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName); if (role == null) throw new IdentityBrokerException("Unable to find role: " + roleName); user.deleteRoleMapping(role); } }
private RoleModel hasRole(RealmModel realm,IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { JsonWebToken token = (JsonWebToken)context.getContextData().get(KeycloakOIDCIdentityProvider.VALIDATED_ACCESS_TOKEN); //if (token == null) return; String roleName = mapperModel.getConfig().get(HardcodedRoleMapper.ROLE); String[] parseRole = KeycloakModelUtils.parseRole(mapperModel.getConfig().get(EXTERNAL_ROLE)); String externalRoleName = parseRole[1]; String claimName = null; if (parseRole[0] == null) { claimName = "realm_access.roles"; } else { claimName = "resource_access." + parseRole[0] + ".roles"; } Object claim = getClaimValue(token, claimName); if (valueEquals(externalRoleName, claim)) { RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName); if (role == null) throw new IdentityBrokerException("Unable to find role: " + roleName); return role; } return null; }
@Override public void updateIdentityProviderMapper(IdentityProviderMapperModel mapping) { IdentityProviderMapperEntity entity = getIdentityProviderMapperEntity(mapping.getId()); entity.setIdentityProviderAlias(mapping.getIdentityProviderAlias()); entity.setIdentityProviderMapper(mapping.getIdentityProviderMapper()); if (entity.getConfig() == null) { entity.setConfig(mapping.getConfig()); } else { entity.getConfig().clear(); entity.getConfig().putAll(mapping.getConfig()); } em.flush(); }
@Override public void updateIdentityProviderMapper(IdentityProviderMapperModel mapping) { IdentityProviderMapperEntity entity = getIdentityProviderMapperEntity(mapping.getId()); entity.setIdentityProviderAlias(mapping.getIdentityProviderAlias()); entity.setIdentityProviderMapper(mapping.getIdentityProviderMapper()); if (entity.getConfig() == null) { entity.setConfig(mapping.getConfig()); } else { entity.getConfig().clear(); entity.getConfig().putAll(mapping.getConfig()); } updateMongoEntity(); }
public static IdentityProviderMapperRepresentation toRepresentation(IdentityProviderMapperModel model) { IdentityProviderMapperRepresentation rep = new IdentityProviderMapperRepresentation(); rep.setId(model.getId()); rep.setIdentityProviderMapper(model.getIdentityProviderMapper()); rep.setIdentityProviderAlias(model.getIdentityProviderAlias()); Map<String, String> config = new HashMap<String, String>(); config.putAll(model.getConfig()); rep.setConfig(config); rep.setName(model.getName()); return rep; }
@Override public IdentityProviderMapperModel addIdentityProviderMapper(IdentityProviderMapperModel model) { if (getIdentityProviderMapperByName(model.getIdentityProviderAlias(), model.getName()) != null) { throw new RuntimeException("identity provider mapper name must be unique per identity provider"); } String id = KeycloakModelUtils.generateId(); IdentityProviderMapperEntity entity = new IdentityProviderMapperEntity(); entity.setId(id); entity.setName(model.getName()); entity.setIdentityProviderAlias(model.getIdentityProviderAlias()); entity.setIdentityProviderMapper(model.getIdentityProviderMapper()); entity.setRealm(this.realm); entity.setConfig(model.getConfig()); em.persist(entity); this.realm.getIdentityProviderMappers().add(entity); return entityToModel(entity); }
@Override public IdentityProviderMapperModel addIdentityProviderMapper(IdentityProviderMapperModel model) { if (getIdentityProviderMapperByName(model.getIdentityProviderAlias(), model.getIdentityProviderMapper()) != null) { throw new RuntimeException("identity provider mapper name must be unique per identity provider"); } String id = KeycloakModelUtils.generateId(); IdentityProviderMapperEntity entity = new IdentityProviderMapperEntity(); entity.setId(id); entity.setName(model.getName()); entity.setIdentityProviderAlias(model.getIdentityProviderAlias()); entity.setIdentityProviderMapper(model.getIdentityProviderMapper()); entity.setConfig(model.getConfig()); getMongoEntity().getIdentityProviderMappers().add(entity); updateMongoEntity(); return entityToModel(entity); }