java - 检索令牌时无法获取要调用的keycloak协议映射器

标签 java keycloak mapper keycloak-services

Keycloak 7.3.0GA服务器

使用库keycloak-services 3.4.3

我们的团队无法让我们的Keycloak协议映射器在令牌调用期间调用:


映射器在启动时已注册,可在我们的客户的映射器列表中找到
我们在客户端的KC UI中添加了映射器
当我尝试“评估”选项卡时,自定义映射器(Stackoverflow自定义映射器)确实在列表中显示为“有效协议映射器”之一
但是,映射器似乎没有从Java端调用,我的日志中什么也看不到
此时,我们只是希望看到我们的transformAccessToken日志语句和我们添加的测试声明


评估标签:
Evaluate Tab Image

Java代码:

public class SoamProtocolMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper{

public static final String PROVIDER_ID = "oidc-customprotocolmapper";
private static Logger logger = Logger.getLogger(SoamProtocolMapper.class);

private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();

@Override
public List<ProviderConfigProperty> getConfigProperties() {
    logger.info("SOAM: inside getConfigProperties");
    return configProperties;
}

@Override
public String getDisplayCategory() {
    logger.info("SOAM: inside getDisplayCategory");
    return TOKEN_MAPPER_CATEGORY;
}

@Override
public String getDisplayType() {
    logger.info("SOAM: inside getDisplayType");
    return "Stackoverflow Custom Protocol Mapper";
}

@Override
public String getId() {
    logger.info("SOAM: inside getId");
    return PROVIDER_ID;
}

@Override
public String getHelpText() {
    logger.info("SOAM: inside getHelpText");
    return "some help text";
}

@Override
public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
        UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
    logger.info("SOAM: inside transformAccessToken");
    token.getOtherClaims().put("stackoverflowCustomToken", "stackoverflow");

    setClaim(token, mappingModel, userSession, session);
    return token;
}

public static ProtocolMapperModel create(String name, boolean accessToken, boolean idToken, boolean userInfo) {
    logger.info("SOAM: inside create");
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(PROVIDER_ID);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<String, String>();
    mapper.setConfig(config);
    return mapper;
}}


任何帮助-谢谢!

最佳答案

回答我自己的问题。 staticcreate初始化方法中缺少几行代码。这是一个工作示例:

package com.github.bcgov.keycloak.soam;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper;
import org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.IDToken;


/**
 * SOAM Protocol Mapper
 */
public class SoamProtocolMapper extends AbstractOIDCProtocolMapper implements     OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper {

private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();

static {
    OIDCAttributeMapperHelper.addTokenClaimNameConfig(configProperties);
    OIDCAttributeMapperHelper.addIncludeInTokensConfig(configProperties, SoamProtocolMapper.class);
}

public static final String PROVIDER_ID = "oidc-soam-mapper";


public List<ProviderConfigProperty> getConfigProperties() {
    return configProperties;
}

@Override
public String getId() {
    return PROVIDER_ID;
}

@Override
public String getDisplayType() {
    return "Soam Protocol Mapper";
}

@Override
public String getDisplayCategory() {
    return TOKEN_MAPPER_CATEGORY;
}

@Override
public String getHelpText() { 
    return "Map SOAM claims";
}

protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
    token.getOtherClaims().put("test_claim", "Working!");
}

public static ProtocolMapperModel create(String name,
                                  String tokenClaimName,
                                  boolean consentRequired, String consentText,
                                  boolean accessToken, boolean idToken) {
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(PROVIDER_ID);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    mapper.setConsentRequired(consentRequired);
    mapper.setConsentText(consentText);
    Map<String, String> config = new HashMap<String, String>();
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, tokenClaimName);
    if (accessToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    if (idToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    mapper.setConfig(config);

    return mapper;
}


}

本文翻译自 https://stackoverflow.com/questions/58867030/

网站遵循 CC BY-SA 4.0 协议,转载或引用请注明出处。


相关文章:

java - 基于参数在数据库中查找固定数量的RANDOM用户的最佳方法是什么?

java - 当代码未引用该动作时,为什么我找不到动作?

java - 如何解决“所需的机制'BASIC'在HttpAuthenticationFactory的机制[KEYCLOAK]中不可用”

hadoop - 何时使用身份映射器/减速器?

java - 将没有引号的json字符串转换为映射

java - Java-修改后的compareTo方法表示需要返回一个int,但应该返回一个int

java - 使用jms连接到ibm mq。指定通道和队列管理器

java - Keycloak抱怨令牌端点上的无效redirect_uri

java - 使用Keycloak构建Java OAuth2.0授权服务器