Class AbstractPairwiseSubMapper
- java.lang.Object
-
- org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
-
- org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper
-
- All Implemented Interfaces:
OIDCAccessTokenMapper
,OIDCIDTokenMapper
,UserInfoTokenMapper
,org.keycloak.protocol.ProtocolMapper
,org.keycloak.provider.ConfiguredProvider
,org.keycloak.provider.Provider
,org.keycloak.provider.ProviderFactory<org.keycloak.protocol.ProtocolMapper>
- Direct Known Subclasses:
SHA256PairwiseSubMapper
public abstract class AbstractPairwiseSubMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper
Set the 'sub' claim to pairwise .- Author:
- Martin Hardselius
-
-
Field Summary
Fields Modifier and Type Field Description static String
PROVIDER_ID_SUFFIX
-
Fields inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
TOKEN_MAPPER_CATEGORY
-
-
Constructor Summary
Constructors Constructor Description AbstractPairwiseSubMapper()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description abstract String
generateSub(org.keycloak.models.ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub)
Generates a pairwise subject identifier.List<org.keycloak.provider.ProviderConfigProperty>
getAdditionalConfigProperties()
Override to add additional provider configuration properties.List<org.keycloak.provider.ProviderConfigProperty>
getConfigProperties()
String
getDisplayCategory()
String
getId()
abstract String
getIdPrefix()
protected void
setAccessTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)
protected void
setIDTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)
protected void
setUserInfoTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)
org.keycloak.representations.AccessToken
transformAccessToken(org.keycloak.representations.AccessToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)
org.keycloak.representations.IDToken
transformIDToken(org.keycloak.representations.IDToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)
org.keycloak.representations.AccessToken
transformUserInfoToken(org.keycloak.representations.AccessToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)
void
validateAdditionalConfig(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ProtocolMapperContainerModel mapperContainer, org.keycloak.models.ProtocolMapperModel mapperModel)
Override to add additional configuration validation.void
validateConfig(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ProtocolMapperContainerModel mapperContainer, org.keycloak.models.ProtocolMapperModel mapperModel)
-
Methods inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
close, create, getProtocol, init, postInit, setClaim, setClaim, setClaim, transformAccessTokenResponse
-
-
-
-
Field Detail
-
PROVIDER_ID_SUFFIX
public static final String PROVIDER_ID_SUFFIX
- See Also:
- Constant Field Values
-
-
Method Detail
-
getIdPrefix
public abstract String getIdPrefix()
-
generateSub
public abstract String generateSub(org.keycloak.models.ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub)
Generates a pairwise subject identifier.- Parameters:
mappingModel
-sectorIdentifier
- client sector identifierlocalSub
- local subject identifier (user id)- Returns:
- A pairwise subject identifier
-
getAdditionalConfigProperties
public List<org.keycloak.provider.ProviderConfigProperty> getAdditionalConfigProperties()
Override to add additional provider configuration properties. By default, a pairwise sub mapper will only contain configuration for a sector identifier URI.- Returns:
- A list of provider configuration properties.
-
validateAdditionalConfig
public void validateAdditionalConfig(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ProtocolMapperContainerModel mapperContainer, org.keycloak.models.ProtocolMapperModel mapperModel) throws org.keycloak.protocol.ProtocolMapperConfigException
Override to add additional configuration validation. Called when instance of mapperModel is created/updated for this protocolMapper through admin endpoint.- Parameters:
session
-realm
-mapperContainer
- client or clientScopemapperModel
-- Throws:
org.keycloak.protocol.ProtocolMapperConfigException
- if configuration provided in mapperModel is not valid
-
getDisplayCategory
public final String getDisplayCategory()
- Specified by:
getDisplayCategory
in interfaceorg.keycloak.protocol.ProtocolMapper
-
transformIDToken
public org.keycloak.representations.IDToken transformIDToken(org.keycloak.representations.IDToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)
- Specified by:
transformIDToken
in interfaceOIDCIDTokenMapper
- Overrides:
transformIDToken
in classAbstractOIDCProtocolMapper
-
transformAccessToken
public org.keycloak.representations.AccessToken transformAccessToken(org.keycloak.representations.AccessToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)
- Specified by:
transformAccessToken
in interfaceOIDCAccessTokenMapper
- Overrides:
transformAccessToken
in classAbstractOIDCProtocolMapper
-
transformUserInfoToken
public org.keycloak.representations.AccessToken transformUserInfoToken(org.keycloak.representations.AccessToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)
- Specified by:
transformUserInfoToken
in interfaceUserInfoTokenMapper
- Overrides:
transformUserInfoToken
in classAbstractOIDCProtocolMapper
-
setIDTokenSubject
protected void setIDTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)
-
setAccessTokenSubject
protected void setAccessTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)
-
setUserInfoTokenSubject
protected void setUserInfoTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)
-
getConfigProperties
public final List<org.keycloak.provider.ProviderConfigProperty> getConfigProperties()
- Specified by:
getConfigProperties
in interfaceorg.keycloak.provider.ConfiguredProvider
-
validateConfig
public final void validateConfig(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ProtocolMapperContainerModel mapperContainer, org.keycloak.models.ProtocolMapperModel mapperModel) throws org.keycloak.protocol.ProtocolMapperConfigException
- Specified by:
validateConfig
in interfaceorg.keycloak.protocol.ProtocolMapper
- Throws:
org.keycloak.protocol.ProtocolMapperConfigException
-
getId
public final String getId()
- Specified by:
getId
in interfaceorg.keycloak.provider.ProviderFactory<org.keycloak.protocol.ProtocolMapper>
-
-