Package org.keycloak.protocol.saml.mappers

Class ScriptBasedMapper

java.lang.Object

org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper

org.keycloak.protocol.saml.mappers.ScriptBasedMapper

All Implemented Interfaces:

ProtocolMapper, SAMLAttributeStatementMapper, ConfiguredProvider, EnvironmentDependentProviderFactory, Provider, ProviderFactory<ProtocolMapper>

Direct Known Subclasses:

DeployedScriptSAMLProtocolMapper

public class ScriptBasedMapper
extends AbstractSAMLProtocolMapper
implements SAMLAttributeStatementMapper, EnvironmentDependentProviderFactory

This class provides a mapper that uses javascript to attach a value to an attribute for SAML tokens. The mapper can handle both a result that is a single value, or multiple values (an array or a list for example). For the latter case, it can return the result as a single attribute with multiple values, or as multiple attributes However, in all cases, the returned values must be castable to String values.

Author:

Alistair Doswald

Field Summary

Fields

Modifier and Type	Field	Description
static String	PROVIDER_ID

Constructor Summary

Constructors

Constructor	Description
ScriptBasedMapper()

Method Summary

Modifier and Type	Method	Description
static ProtocolMapperModel	create(String name, String samlAttributeName, String nameFormat, String friendlyName, String script, boolean singleAttribute)	Creates an protocol mapper model for the this script based mapper.
List<ProviderConfigProperty>	getConfigProperties()
String	getDisplayCategory()
String	getDisplayType()
String	getHelpText()
String	getId()
protected String	getScriptCode(ProtocolMapperModel mappingModel)
boolean	isSupported()
void	transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)	This method attaches one or many attributes to the passed attribute statement.
void	validateConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel client, ProtocolMapperModel mapperModel)	Called when instance of mapperModel is created/updated for this protocolMapper through admin endpoint

Methods inherited from class org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper

close, create, getProtocol, init, postInit

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.ConfiguredProvider

getConfig

Methods inherited from interface org.keycloak.provider.EnvironmentDependentProviderFactory

isSupported

Methods inherited from interface org.keycloak.protocol.ProtocolMapper

getPriority

Methods inherited from interface org.keycloak.provider.ProviderFactory

getConfigMetadata, order

Field Detail

PROVIDER_ID

public static final String PROVIDER_ID

See Also:

Constant Field Values

Constructor Detail

ScriptBasedMapper

public ScriptBasedMapper()

Method Detail

getConfigProperties

public List<ProviderConfigProperty> getConfigProperties()

Specified by:

getConfigProperties in interface ConfiguredProvider

getId

public String getId()

Specified by:

getId in interface ProviderFactory<ProtocolMapper>

getDisplayType

public String getDisplayType()

Specified by:

getDisplayType in interface ProtocolMapper

getDisplayCategory

public String getDisplayCategory()

Specified by:

getDisplayCategory in interface ProtocolMapper

getHelpText

public String getHelpText()

Specified by:

getHelpText in interface ConfiguredProvider

isSupported

public boolean isSupported()

Specified by:

isSupported in interface EnvironmentDependentProviderFactory

Returns:

true if the provider is supported and should be available, false otherwise

transformAttributeStatement

public void transformAttributeStatement(AttributeStatementType attributeStatement,
                                        ProtocolMapperModel mappingModel,
                                        KeycloakSession session,
                                        UserSessionModel userSession,
                                        AuthenticatedClientSessionModel clientSession)

This method attaches one or many attributes to the passed attribute statement. To obtain the attribute values, it executes the mapper's script and returns attaches the returned value to the attribute. If the returned attribute is an Array or is iterable, the mapper will either return multiple attributes, or an attribute with multiple values. The variant chosen depends on the configuration of the mapper

Specified by:

transformAttributeStatement in interface SAMLAttributeStatementMapper

Parameters:

attributeStatement - The attribute statements to be added to a token

mappingModel - The mapping model reflects the values that are actually input in the GUI

session - The current session

userSession - The current user session

clientSession - The current client session

validateConfig

public void validateConfig(KeycloakSession session,
                           RealmModel realm,
                           ProtocolMapperContainerModel client,
                           ProtocolMapperModel mapperModel)
                    throws ProtocolMapperConfigException

Description copied from interface: ProtocolMapper

Called when instance of mapperModel is created/updated for this protocolMapper through admin endpoint

Specified by:

validateConfig in interface ProtocolMapper

client - client or clientTemplate

Throws:

ProtocolMapperConfigException - if configuration provided in mapperModel is not valid

getScriptCode

protected String getScriptCode(ProtocolMapperModel mappingModel)

create

public static ProtocolMapperModel create(String name,
                                         String samlAttributeName,
                                         String nameFormat,
                                         String friendlyName,
                                         String script,
                                         boolean singleAttribute)

Creates an protocol mapper model for the this script based mapper. This mapper model is meant to be used for testing, as normally such objects are created in a different manner through the keycloak GUI.

Parameters:

name - The name of the mapper (this has no functional use)

samlAttributeName - The name of the attribute in the SAML attribute

nameFormat - can be "basic", "URI reference" or "unspecified"

friendlyName - a display name, only useful for the keycloak GUI

script - the javascript to be executed by the mapper

singleAttribute - If true, all groups will be stored under one attribute with multiple attribute values

Returns:

a Protocol Mapper for a group mapping