Class ScriptBasedMapper
java.lang.Object
org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper
org.keycloak.protocol.saml.mappers.ScriptBasedMapper
- All Implemented Interfaces:
ProtocolMapper,SAMLAttributeStatementMapper,ConfiguredProvider,EnvironmentDependentProviderFactory,Provider,ProviderFactory<ProtocolMapper>
- Direct Known Subclasses:
DeployedScriptSAMLProtocolMapper
public class ScriptBasedMapper
extends AbstractSAMLProtocolMapper
implements SAMLAttributeStatementMapper, EnvironmentDependentProviderFactory
This class provides a mapper that uses javascript to attach a value to an attribute for SAML tokens.
The mapper can handle both a result that is a single value, or multiple values (an array or a list for example).
For the latter case, it can return the result as a single attribute with multiple values, or as multiple attributes
However, in all cases, the returned values must be castable to String values.
- Author:
- Alistair Doswald
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic ProtocolMapperModelcreate(String name, String samlAttributeName, String nameFormat, String friendlyName, String script, boolean singleAttribute) Creates an protocol mapper model for the this script based mapper.getId()protected StringgetScriptCode(ProtocolMapperModel mappingModel) booleanisSupported(Config.Scope config) Check if the provider is supported and should be available based on the provider configuration.voidtransformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) This method attaches one or many attributes to the passed attribute statement.voidvalidateConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel client, ProtocolMapperModel mapperModel) Called when instance of mapperModel is created/updated for this protocolMapper through admin endpointMethods inherited from class org.keycloak.protocol.saml.mappers.AbstractSAMLProtocolMapper
close, create, getProtocol, init, postInitMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.provider.ConfiguredProvider
getConfigMethods inherited from interface org.keycloak.protocol.ProtocolMapper
getEffectiveModel, getPriorityMethods inherited from interface org.keycloak.provider.ProviderFactory
getConfigMetadata, order
-
Field Details
-
PROVIDER_ID
- See Also:
-
-
Constructor Details
-
ScriptBasedMapper
public ScriptBasedMapper()
-
-
Method Details
-
getConfigProperties
- Specified by:
getConfigPropertiesin interfaceConfiguredProvider
-
getId
- Specified by:
getIdin interfaceProviderFactory<ProtocolMapper>
-
getDisplayType
- Specified by:
getDisplayTypein interfaceProtocolMapper
-
getDisplayCategory
- Specified by:
getDisplayCategoryin interfaceProtocolMapper
-
getHelpText
- Specified by:
getHelpTextin interfaceConfiguredProvider
-
isSupported
Description copied from interface:EnvironmentDependentProviderFactoryCheck if the provider is supported and should be available based on the provider configuration.- Specified by:
isSupportedin interfaceEnvironmentDependentProviderFactory- Parameters:
config- the provider configuration- Returns:
trueif the provider is supported. Otherwise,false.
-
transformAttributeStatement
public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) This method attaches one or many attributes to the passed attribute statement. To obtain the attribute values, it executes the mapper's script and returns attaches the returned value to the attribute. If the returned attribute is an Array or is iterable, the mapper will either return multiple attributes, or an attribute with multiple values. The variant chosen depends on the configuration of the mapper- Specified by:
transformAttributeStatementin interfaceSAMLAttributeStatementMapper- Parameters:
attributeStatement- The attribute statements to be added to a tokenmappingModel- The mapping model reflects the values that are actually input in the GUIsession- The current sessionuserSession- The current user sessionclientSession- The current client session
-
validateConfig
public void validateConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel client, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException Description copied from interface:ProtocolMapperCalled when instance of mapperModel is created/updated for this protocolMapper through admin endpoint- Specified by:
validateConfigin interfaceProtocolMapperclient- client or clientTemplate- Throws:
ProtocolMapperConfigException- if configuration provided in mapperModel is not valid
-
getScriptCode
-
create
public static ProtocolMapperModel create(String name, String samlAttributeName, String nameFormat, String friendlyName, String script, boolean singleAttribute) Creates an protocol mapper model for the this script based mapper. This mapper model is meant to be used for testing, as normally such objects are created in a different manner through the keycloak GUI.- Parameters:
name- The name of the mapper (this has no functional use)samlAttributeName- The name of the attribute in the SAML attributenameFormat- can be "basic", "URI reference" or "unspecified"friendlyName- a display name, only useful for the keycloak GUIscript- the javascript to be executed by the mappersingleAttribute- If true, all groups will be stored under one attribute with multiple attribute values- Returns:
- a Protocol Mapper for a group mapping
-