Class AbstractPairwiseSubMapper
- java.lang.Object
-
- org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
-
- org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper
-
- All Implemented Interfaces:
OIDCAccessTokenMapper,OIDCIDTokenMapper,UserInfoTokenMapper,org.keycloak.protocol.ProtocolMapper,org.keycloak.provider.ConfiguredProvider,org.keycloak.provider.Provider,org.keycloak.provider.ProviderFactory<org.keycloak.protocol.ProtocolMapper>
- Direct Known Subclasses:
SHA256PairwiseSubMapper
public abstract class AbstractPairwiseSubMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper
Set the 'sub' claim to pairwise .- Author:
- Martin Hardselius
-
-
Field Summary
Fields Modifier and Type Field Description static StringPROVIDER_ID_SUFFIX-
Fields inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
TOKEN_MAPPER_CATEGORY
-
-
Constructor Summary
Constructors Constructor Description AbstractPairwiseSubMapper()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description abstract StringgenerateSub(org.keycloak.models.ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub)Generates a pairwise subject identifier.List<org.keycloak.provider.ProviderConfigProperty>getAdditionalConfigProperties()Override to add additional provider configuration properties.List<org.keycloak.provider.ProviderConfigProperty>getConfigProperties()StringgetDisplayCategory()StringgetId()abstract StringgetIdPrefix()protected voidsetAccessTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)protected voidsetIDTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)protected voidsetUserInfoTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)org.keycloak.representations.AccessTokentransformAccessToken(org.keycloak.representations.AccessToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)org.keycloak.representations.IDTokentransformIDToken(org.keycloak.representations.IDToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)org.keycloak.representations.AccessTokentransformUserInfoToken(org.keycloak.representations.AccessToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)voidvalidateAdditionalConfig(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ProtocolMapperContainerModel mapperContainer, org.keycloak.models.ProtocolMapperModel mapperModel)Override to add additional configuration validation.voidvalidateConfig(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ProtocolMapperContainerModel mapperContainer, org.keycloak.models.ProtocolMapperModel mapperModel)-
Methods inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
close, create, getProtocol, init, postInit, setClaim, setClaim, setClaim, transformAccessTokenResponse
-
-
-
-
Field Detail
-
PROVIDER_ID_SUFFIX
public static final String PROVIDER_ID_SUFFIX
- See Also:
- Constant Field Values
-
-
Method Detail
-
getIdPrefix
public abstract String getIdPrefix()
-
generateSub
public abstract String generateSub(org.keycloak.models.ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub)
Generates a pairwise subject identifier.- Parameters:
mappingModel-sectorIdentifier- client sector identifierlocalSub- local subject identifier (user id)- Returns:
- A pairwise subject identifier
-
getAdditionalConfigProperties
public List<org.keycloak.provider.ProviderConfigProperty> getAdditionalConfigProperties()
Override to add additional provider configuration properties. By default, a pairwise sub mapper will only contain configuration for a sector identifier URI.- Returns:
- A list of provider configuration properties.
-
validateAdditionalConfig
public void validateAdditionalConfig(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ProtocolMapperContainerModel mapperContainer, org.keycloak.models.ProtocolMapperModel mapperModel) throws org.keycloak.protocol.ProtocolMapperConfigExceptionOverride to add additional configuration validation. Called when instance of mapperModel is created/updated for this protocolMapper through admin endpoint.- Parameters:
session-realm-mapperContainer- client or clientScopemapperModel-- Throws:
org.keycloak.protocol.ProtocolMapperConfigException- if configuration provided in mapperModel is not valid
-
getDisplayCategory
public final String getDisplayCategory()
- Specified by:
getDisplayCategoryin interfaceorg.keycloak.protocol.ProtocolMapper
-
transformIDToken
public org.keycloak.representations.IDToken transformIDToken(org.keycloak.representations.IDToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)- Specified by:
transformIDTokenin interfaceOIDCIDTokenMapper- Overrides:
transformIDTokenin classAbstractOIDCProtocolMapper
-
transformAccessToken
public org.keycloak.representations.AccessToken transformAccessToken(org.keycloak.representations.AccessToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)- Specified by:
transformAccessTokenin interfaceOIDCAccessTokenMapper- Overrides:
transformAccessTokenin classAbstractOIDCProtocolMapper
-
transformUserInfoToken
public org.keycloak.representations.AccessToken transformUserInfoToken(org.keycloak.representations.AccessToken token, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.ClientSessionContext clientSessionCtx)- Specified by:
transformUserInfoTokenin interfaceUserInfoTokenMapper- Overrides:
transformUserInfoTokenin classAbstractOIDCProtocolMapper
-
setIDTokenSubject
protected void setIDTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)
-
setAccessTokenSubject
protected void setAccessTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)
-
setUserInfoTokenSubject
protected void setUserInfoTokenSubject(org.keycloak.representations.IDToken token, String pairwiseSub)
-
getConfigProperties
public final List<org.keycloak.provider.ProviderConfigProperty> getConfigProperties()
- Specified by:
getConfigPropertiesin interfaceorg.keycloak.provider.ConfiguredProvider
-
validateConfig
public final void validateConfig(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ProtocolMapperContainerModel mapperContainer, org.keycloak.models.ProtocolMapperModel mapperModel) throws org.keycloak.protocol.ProtocolMapperConfigException- Specified by:
validateConfigin interfaceorg.keycloak.protocol.ProtocolMapper- Throws:
org.keycloak.protocol.ProtocolMapperConfigException
-
getId
public final String getId()
- Specified by:
getIdin interfaceorg.keycloak.provider.ProviderFactory<org.keycloak.protocol.ProtocolMapper>
-
-