Class ScriptBasedMapper
- java.lang.Object
-
- org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper
-
- org.keycloak.protocol.saml.mappers.ScriptBasedMapper
-
- All Implemented Interfaces:
org.keycloak.protocol.ProtocolMapper
,SAMLAttributeStatementMapper
,org.keycloak.provider.ConfiguredProvider
,org.keycloak.provider.EnvironmentDependentProviderFactory
,org.keycloak.provider.Provider
,org.keycloak.provider.ProviderFactory<org.keycloak.protocol.ProtocolMapper>
- Direct Known Subclasses:
DeployedScriptSAMLProtocolMapper
public class ScriptBasedMapper extends AbstractSAMLProtocolMapper implements SAMLAttributeStatementMapper, org.keycloak.provider.EnvironmentDependentProviderFactory
This class provides a mapper that uses javascript to attach a value to an attribute for SAML tokens. The mapper can handle both a result that is a single value, or multiple values (an array or a list for example). For the latter case, it can return the result as a single attribute with multiple values, or as multiple attributes However, in all cases, the returned values must be castable to String values.- Author:
- Alistair Doswald
-
-
Field Summary
Fields Modifier and Type Field Description static String
PROVIDER_ID
-
Constructor Summary
Constructors Constructor Description ScriptBasedMapper()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static org.keycloak.models.ProtocolMapperModel
create(String name, String samlAttributeName, String nameFormat, String friendlyName, String script, boolean singleAttribute)
Creates an protocol mapper model for the this script based mapper.List<org.keycloak.provider.ProviderConfigProperty>
getConfigProperties()
String
getDisplayCategory()
String
getDisplayType()
String
getHelpText()
String
getId()
protected String
getScriptCode(org.keycloak.models.ProtocolMapperModel mappingModel)
boolean
isSupported()
void
transformAttributeStatement(org.keycloak.dom.saml.v2.assertion.AttributeStatementType attributeStatement, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.AuthenticatedClientSessionModel clientSession)
This method attaches one or many attributes to the passed attribute statement.void
validateConfig(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ProtocolMapperContainerModel client, org.keycloak.models.ProtocolMapperModel mapperModel)
-
Methods inherited from class org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper
close, create, getProtocol, init, postInit
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
-
-
-
Field Detail
-
PROVIDER_ID
public static final String PROVIDER_ID
- See Also:
- Constant Field Values
-
-
Method Detail
-
getConfigProperties
public List<org.keycloak.provider.ProviderConfigProperty> getConfigProperties()
- Specified by:
getConfigProperties
in interfaceorg.keycloak.provider.ConfiguredProvider
-
getId
public String getId()
- Specified by:
getId
in interfaceorg.keycloak.provider.ProviderFactory<org.keycloak.protocol.ProtocolMapper>
-
getDisplayType
public String getDisplayType()
- Specified by:
getDisplayType
in interfaceorg.keycloak.protocol.ProtocolMapper
-
getDisplayCategory
public String getDisplayCategory()
- Specified by:
getDisplayCategory
in interfaceorg.keycloak.protocol.ProtocolMapper
-
getHelpText
public String getHelpText()
- Specified by:
getHelpText
in interfaceorg.keycloak.provider.ConfiguredProvider
-
isSupported
public boolean isSupported()
- Specified by:
isSupported
in interfaceorg.keycloak.provider.EnvironmentDependentProviderFactory
-
transformAttributeStatement
public void transformAttributeStatement(org.keycloak.dom.saml.v2.assertion.AttributeStatementType attributeStatement, org.keycloak.models.ProtocolMapperModel mappingModel, org.keycloak.models.KeycloakSession session, org.keycloak.models.UserSessionModel userSession, org.keycloak.models.AuthenticatedClientSessionModel clientSession)
This method attaches one or many attributes to the passed attribute statement. To obtain the attribute values, it executes the mapper's script and returns attaches the returned value to the attribute. If the returned attribute is an Array or is iterable, the mapper will either return multiple attributes, or an attribute with multiple values. The variant chosen depends on the configuration of the mapper- Specified by:
transformAttributeStatement
in interfaceSAMLAttributeStatementMapper
- Parameters:
attributeStatement
- The attribute statements to be added to a tokenmappingModel
- The mapping model reflects the values that are actually input in the GUIsession
- The current sessionuserSession
- The current user sessionclientSession
- The current client session
-
validateConfig
public void validateConfig(org.keycloak.models.KeycloakSession session, org.keycloak.models.RealmModel realm, org.keycloak.models.ProtocolMapperContainerModel client, org.keycloak.models.ProtocolMapperModel mapperModel) throws org.keycloak.protocol.ProtocolMapperConfigException
- Specified by:
validateConfig
in interfaceorg.keycloak.protocol.ProtocolMapper
- Throws:
org.keycloak.protocol.ProtocolMapperConfigException
-
getScriptCode
protected String getScriptCode(org.keycloak.models.ProtocolMapperModel mappingModel)
-
create
public static org.keycloak.models.ProtocolMapperModel create(String name, String samlAttributeName, String nameFormat, String friendlyName, String script, boolean singleAttribute)
Creates an protocol mapper model for the this script based mapper. This mapper model is meant to be used for testing, as normally such objects are created in a different manner through the keycloak GUI.- Parameters:
name
- The name of the mapper (this has no functional use)samlAttributeName
- The name of the attribute in the SAML attributenameFormat
- can be "basic", "URI reference" or "unspecified"friendlyName
- a display name, only useful for the keycloak GUIscript
- the javascript to be executed by the mappersingleAttribute
- If true, all groups will be stored under one attribute with multiple attribute values- Returns:
- a Protocol Mapper for a group mapping
-
-