Class ScriptBasedMapper
- java.lang.Object
-
- org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper
-
- org.keycloak.protocol.saml.mappers.ScriptBasedMapper
-
- All Implemented Interfaces:
ProtocolMapper
,SAMLAttributeStatementMapper
,ConfiguredProvider
,EnvironmentDependentProviderFactory
,Provider
,ProviderFactory<ProtocolMapper>
- Direct Known Subclasses:
DeployedScriptSAMLProtocolMapper
public class ScriptBasedMapper extends AbstractSAMLProtocolMapper implements SAMLAttributeStatementMapper, EnvironmentDependentProviderFactory
This class provides a mapper that uses javascript to attach a value to an attribute for SAML tokens. The mapper can handle both a result that is a single value, or multiple values (an array or a list for example). For the latter case, it can return the result as a single attribute with multiple values, or as multiple attributes However, in all cases, the returned values must be castable to String values.- Author:
- Alistair Doswald
-
-
Field Summary
Fields Modifier and Type Field Description static String
PROVIDER_ID
-
Constructor Summary
Constructors Constructor Description ScriptBasedMapper()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static ProtocolMapperModel
create(String name, String samlAttributeName, String nameFormat, String friendlyName, String script, boolean singleAttribute)
Creates an protocol mapper model for the this script based mapper.List<ProviderConfigProperty>
getConfigProperties()
String
getDisplayCategory()
String
getDisplayType()
String
getHelpText()
String
getId()
protected String
getScriptCode(ProtocolMapperModel mappingModel)
boolean
isSupported()
void
transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
This method attaches one or many attributes to the passed attribute statement.void
validateConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel client, ProtocolMapperModel mapperModel)
Called when instance of mapperModel is created/updated for this protocolMapper through admin endpoint-
Methods inherited from class org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper
close, create, getProtocol, init, postInit
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.provider.ConfiguredProvider
getConfig
-
Methods inherited from interface org.keycloak.provider.EnvironmentDependentProviderFactory
isSupported
-
Methods inherited from interface org.keycloak.protocol.ProtocolMapper
getPriority
-
Methods inherited from interface org.keycloak.provider.ProviderFactory
getConfigMetadata, order
-
-
-
-
Field Detail
-
PROVIDER_ID
public static final String PROVIDER_ID
- See Also:
- Constant Field Values
-
-
Method Detail
-
getConfigProperties
public List<ProviderConfigProperty> getConfigProperties()
- Specified by:
getConfigProperties
in interfaceConfiguredProvider
-
getId
public String getId()
- Specified by:
getId
in interfaceProviderFactory<ProtocolMapper>
-
getDisplayType
public String getDisplayType()
- Specified by:
getDisplayType
in interfaceProtocolMapper
-
getDisplayCategory
public String getDisplayCategory()
- Specified by:
getDisplayCategory
in interfaceProtocolMapper
-
getHelpText
public String getHelpText()
- Specified by:
getHelpText
in interfaceConfiguredProvider
-
isSupported
public boolean isSupported()
- Specified by:
isSupported
in interfaceEnvironmentDependentProviderFactory
- Returns:
true
if the provider is supported and should be available,false
otherwise
-
transformAttributeStatement
public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
This method attaches one or many attributes to the passed attribute statement. To obtain the attribute values, it executes the mapper's script and returns attaches the returned value to the attribute. If the returned attribute is an Array or is iterable, the mapper will either return multiple attributes, or an attribute with multiple values. The variant chosen depends on the configuration of the mapper- Specified by:
transformAttributeStatement
in interfaceSAMLAttributeStatementMapper
- Parameters:
attributeStatement
- The attribute statements to be added to a tokenmappingModel
- The mapping model reflects the values that are actually input in the GUIsession
- The current sessionuserSession
- The current user sessionclientSession
- The current client session
-
validateConfig
public void validateConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel client, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException
Description copied from interface:ProtocolMapper
Called when instance of mapperModel is created/updated for this protocolMapper through admin endpoint- Specified by:
validateConfig
in interfaceProtocolMapper
client
- client or clientTemplate- Throws:
ProtocolMapperConfigException
- if configuration provided in mapperModel is not valid
-
getScriptCode
protected String getScriptCode(ProtocolMapperModel mappingModel)
-
create
public static ProtocolMapperModel create(String name, String samlAttributeName, String nameFormat, String friendlyName, String script, boolean singleAttribute)
Creates an protocol mapper model for the this script based mapper. This mapper model is meant to be used for testing, as normally such objects are created in a different manner through the keycloak GUI.- Parameters:
name
- The name of the mapper (this has no functional use)samlAttributeName
- The name of the attribute in the SAML attributenameFormat
- can be "basic", "URI reference" or "unspecified"friendlyName
- a display name, only useful for the keycloak GUIscript
- the javascript to be executed by the mappersingleAttribute
- If true, all groups will be stored under one attribute with multiple attribute values- Returns:
- a Protocol Mapper for a group mapping
-
-