Package org.keycloak.protocol.saml.mappers

Class ScriptBasedMapper

  • All Implemented Interfaces:
    org.keycloak.protocol.ProtocolMapper, SAMLAttributeStatementMapper, org.keycloak.provider.ConfiguredProvider, org.keycloak.provider.EnvironmentDependentProviderFactory, org.keycloak.provider.Provider, org.keycloak.provider.ProviderFactory<org.keycloak.protocol.ProtocolMapper>
    Direct Known Subclasses:
    DeployedScriptSAMLProtocolMapper
    public class ScriptBasedMapper
extends AbstractSAMLProtocolMapper
implements SAMLAttributeStatementMapper, org.keycloak.provider.EnvironmentDependentProviderFactory
    This class provides a mapper that uses javascript to attach a value to an attribute for SAML tokens. The mapper can handle both a result that is a single value, or multiple values (an array or a list for example). For the latter case, it can return the result as a single attribute with multiple values, or as multiple attributes However, in all cases, the returned values must be castable to String values.
    Author:
    Alistair Doswald

    • Constructor Detail

      • ScriptBasedMapper

        public ScriptBasedMapper()

    • Method Detail

      • getConfigProperties

        public List<org.keycloak.provider.ProviderConfigProperty> getConfigProperties()
        Specified by:
        getConfigProperties in interface org.keycloak.provider.ConfiguredProvider

      • getId

        public String getId()
        Specified by:
        getId in interface org.keycloak.provider.ProviderFactory<org.keycloak.protocol.ProtocolMapper>

      • getDisplayType

        public String getDisplayType()
        Specified by:
        getDisplayType in interface org.keycloak.protocol.ProtocolMapper

      • getDisplayCategory

        public String getDisplayCategory()
        Specified by:
        getDisplayCategory in interface org.keycloak.protocol.ProtocolMapper

      • getHelpText

        public String getHelpText()
        Specified by:
        getHelpText in interface org.keycloak.provider.ConfiguredProvider

      • isSupported

        public boolean isSupported()
        Specified by:
        isSupported in interface org.keycloak.provider.EnvironmentDependentProviderFactory

      • transformAttributeStatement

        public void transformAttributeStatement​(org.keycloak.dom.saml.v2.assertion.AttributeStatementType attributeStatement,
                                        org.keycloak.models.ProtocolMapperModel mappingModel,
                                        org.keycloak.models.KeycloakSession session,
                                        org.keycloak.models.UserSessionModel userSession,
                                        org.keycloak.models.AuthenticatedClientSessionModel clientSession)
        This method attaches one or many attributes to the passed attribute statement. To obtain the attribute values, it executes the mapper's script and returns attaches the returned value to the attribute. If the returned attribute is an Array or is iterable, the mapper will either return multiple attributes, or an attribute with multiple values. The variant chosen depends on the configuration of the mapper
        Specified by:
        transformAttributeStatement in interface SAMLAttributeStatementMapper
        Parameters:
        attributeStatement - The attribute statements to be added to a token
        mappingModel - The mapping model reflects the values that are actually input in the GUI
        session - The current session
        userSession - The current user session
        clientSession - The current client session

      • validateConfig

        public void validateConfig​(org.keycloak.models.KeycloakSession session,
                           org.keycloak.models.RealmModel realm,
                           org.keycloak.models.ProtocolMapperContainerModel client,
                           org.keycloak.models.ProtocolMapperModel mapperModel)
                    throws org.keycloak.protocol.ProtocolMapperConfigException
        Specified by:
        validateConfig in interface org.keycloak.protocol.ProtocolMapper
        Throws:
        org.keycloak.protocol.ProtocolMapperConfigException

      • getScriptCode

        protected String getScriptCode​(org.keycloak.models.ProtocolMapperModel mappingModel)

      • create

        public static org.keycloak.models.ProtocolMapperModel create​(String name,
                                                             String samlAttributeName,
                                                             String nameFormat,
                                                             String friendlyName,
                                                             String script,
                                                             boolean singleAttribute)
        Creates an protocol mapper model for the this script based mapper. This mapper model is meant to be used for testing, as normally such objects are created in a different manner through the keycloak GUI.
        Parameters:
        name - The name of the mapper (this has no functional use)
        samlAttributeName - The name of the attribute in the SAML attribute
        nameFormat - can be "basic", "URI reference" or "unspecified"
        friendlyName - a display name, only useful for the keycloak GUI
        script - the javascript to be executed by the mapper
        singleAttribute - If true, all groups will be stored under one attribute with multiple attribute values
        Returns:
        a Protocol Mapper for a group mapping