Class UserRealmRoleMappingMapper
- java.lang.Object
-
- org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
-
- org.keycloak.protocol.oidc.mappers.UserRealmRoleMappingMapper
-
- All Implemented Interfaces:
OIDCAccessTokenMapper
,OIDCIDTokenMapper
,UserInfoTokenMapper
,ProtocolMapper
,ConfiguredProvider
,Provider
,ProviderFactory<ProtocolMapper>
public class UserRealmRoleMappingMapper extends AbstractOIDCProtocolMapper
Allows mapping of user realm role mappings to an ID and Access Token claim.- Author:
- Thomas Darimont
-
-
Field Summary
Fields Modifier and Type Field Description static String
PROVIDER_ID
-
Fields inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
TOKEN_MAPPER_CATEGORY
-
-
Constructor Summary
Constructors Constructor Description UserRealmRoleMappingMapper()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static ProtocolMapperModel
create(String realmRolePrefix, String name, String tokenClaimName, boolean accessToken, boolean idToken)
static ProtocolMapperModel
create(String realmRolePrefix, String name, String tokenClaimName, boolean accessToken, boolean idToken, boolean multiValued)
List<ProviderConfigProperty>
getConfigProperties()
String
getDisplayCategory()
String
getDisplayType()
String
getHelpText()
String
getId()
int
getPriority()
Priority of this protocolMapper implementation.protected static void
setClaim(IDToken token, ProtocolMapperModel mappingModel, Set<String> rolesToAdd, String clientId, String prefix)
Retrieves all roles of the current user based on direct roles set to the user, its groups and their parent groups.protected void
setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession session, ClientSessionContext clientSessionCtx)
Intended to be overridden inProtocolMapper
implementations to add claims to an token.-
Methods inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
close, create, getProtocol, init, postInit, setClaim, setClaim, transformAccessToken, transformAccessTokenResponse, transformIDToken, transformUserInfoToken
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.provider.ConfiguredProvider
getConfig
-
Methods inherited from interface org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper
transformAccessToken
-
Methods inherited from interface org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper
transformIDToken
-
Methods inherited from interface org.keycloak.protocol.ProtocolMapper
validateConfig
-
Methods inherited from interface org.keycloak.provider.ProviderFactory
getConfigMetadata, order
-
Methods inherited from interface org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper
transformUserInfoToken
-
-
-
-
Field Detail
-
PROVIDER_ID
public static final String PROVIDER_ID
- See Also:
- Constant Field Values
-
-
Method Detail
-
getConfigProperties
public List<ProviderConfigProperty> getConfigProperties()
-
getId
public String getId()
-
getDisplayType
public String getDisplayType()
-
getDisplayCategory
public String getDisplayCategory()
-
getHelpText
public String getHelpText()
-
setClaim
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession session, ClientSessionContext clientSessionCtx)
Description copied from class:AbstractOIDCProtocolMapper
Intended to be overridden inProtocolMapper
implementations to add claims to an token.- Overrides:
setClaim
in classAbstractOIDCProtocolMapper
-
create
public static ProtocolMapperModel create(String realmRolePrefix, String name, String tokenClaimName, boolean accessToken, boolean idToken)
-
create
public static ProtocolMapperModel create(String realmRolePrefix, String name, String tokenClaimName, boolean accessToken, boolean idToken, boolean multiValued)
-
getPriority
public int getPriority()
Description copied from interface:ProtocolMapper
Priority of this protocolMapper implementation. Lower goes first.- Specified by:
getPriority
in interfaceProtocolMapper
- Returns:
-
setClaim
protected static void setClaim(IDToken token, ProtocolMapperModel mappingModel, Set<String> rolesToAdd, String clientId, String prefix)
Retrieves all roles of the current user based on direct roles set to the user, its groups and their parent groups. Then it recursively expands all composite roles, and restricts according to the given predicaterestriction
. If the current client sessions is restricted (i.e. no client found in active user session has full scope allowed), the final list of roles is also restricted by the client scope. Finally, the list is mapped to the token into a claim.- Parameters:
token
-mappingModel
-rolesToAdd
-clientId
-prefix
-
-
-