Class AbstractPairwiseSubMapper
java.lang.Object
org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper
- All Implemented Interfaces:
OIDCAccessTokenMapper
,OIDCIDTokenMapper
,UserInfoTokenMapper
,ProtocolMapper
,ConfiguredProvider
,Provider
,ProviderFactory<ProtocolMapper>
- Direct Known Subclasses:
SHA256PairwiseSubMapper
public abstract class AbstractPairwiseSubMapper
extends AbstractOIDCProtocolMapper
implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper
Set the 'sub' claim to pairwise .
- Author:
- Martin Hardselius
-
Field Summary
Fields inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
TOKEN_MAPPER_CATEGORY
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionabstract String
generateSub
(ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub) Generates a pairwise subject identifier.Override to add additional provider configuration properties.final List<ProviderConfigProperty>
final String
final String
getId()
abstract String
protected void
setAccessTokenSubject
(IDToken token, String pairwiseSub) protected void
setIDTokenSubject
(IDToken token, String pairwiseSub) protected void
setUserInfoTokenSubject
(IDToken token, String pairwiseSub) transformAccessToken
(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) transformIDToken
(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) transformUserInfoToken
(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) void
validateAdditionalConfig
(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) Override to add additional configuration validation.final void
validateConfig
(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) Called when instance of mapperModel is created/updated for this protocolMapper through admin endpointMethods inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
close, create, getProtocol, init, postInit, setClaim, setClaim, setClaim, transformAccessTokenResponse
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.keycloak.provider.ConfiguredProvider
getConfig, getHelpText
Methods inherited from interface org.keycloak.protocol.ProtocolMapper
getDisplayType, getPriority
Methods inherited from interface org.keycloak.provider.ProviderFactory
getConfigMetadata, order
-
Field Details
-
PROVIDER_ID_SUFFIX
- See Also:
-
-
Constructor Details
-
AbstractPairwiseSubMapper
public AbstractPairwiseSubMapper()
-
-
Method Details
-
getIdPrefix
-
generateSub
public abstract String generateSub(ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub) Generates a pairwise subject identifier.- Parameters:
mappingModel
-sectorIdentifier
- client sector identifierlocalSub
- local subject identifier (user id)- Returns:
- A pairwise subject identifier
-
getAdditionalConfigProperties
Override to add additional provider configuration properties. By default, a pairwise sub mapper will only contain configuration for a sector identifier URI.- Returns:
- A list of provider configuration properties.
-
validateAdditionalConfig
public void validateAdditionalConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException Override to add additional configuration validation. Called when instance of mapperModel is created/updated for this protocolMapper through admin endpoint.- Parameters:
session
-realm
-mapperContainer
- client or clientScopemapperModel
-- Throws:
ProtocolMapperConfigException
- if configuration provided in mapperModel is not valid
-
getDisplayCategory
- Specified by:
getDisplayCategory
in interfaceProtocolMapper
-
transformIDToken
public IDToken transformIDToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformIDToken
in interfaceOIDCIDTokenMapper
- Overrides:
transformIDToken
in classAbstractOIDCProtocolMapper
-
transformAccessToken
public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformAccessToken
in interfaceOIDCAccessTokenMapper
- Overrides:
transformAccessToken
in classAbstractOIDCProtocolMapper
-
transformUserInfoToken
public AccessToken transformUserInfoToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformUserInfoToken
in interfaceUserInfoTokenMapper
- Overrides:
transformUserInfoToken
in classAbstractOIDCProtocolMapper
-
setIDTokenSubject
-
setAccessTokenSubject
-
setUserInfoTokenSubject
-
getConfigProperties
- Specified by:
getConfigProperties
in interfaceConfiguredProvider
-
validateConfig
public final void validateConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException Description copied from interface:ProtocolMapper
Called when instance of mapperModel is created/updated for this protocolMapper through admin endpoint- Specified by:
validateConfig
in interfaceProtocolMapper
mapperContainer
- client or clientTemplate- Throws:
ProtocolMapperConfigException
- if configuration provided in mapperModel is not valid
-
getId
- Specified by:
getId
in interfaceProviderFactory<ProtocolMapper>
-