java - 检索 token 时无法调用 keycloak 协议(protocol)映射器

标签 java keycloak mapper keycloak-services

Keycloak 7.3.0GA 服务器

使用库 keycloak-services 3.4.3

我们的团队在 token 调用期间无法调用我们的 Keycloak 协议(protocol)映射器:

  • 映射器在启动时注册,并在我们客户的映射器列表中可用
  • 我们在 KC UI 中为我们的客户添加映射器
  • 当我尝试“评估”选项卡时,自定义映射器 (Stackoverflow Custom Mapper) 确实在列表中显示为“有效协议(protocol)映射器”之一
  • 但是映射器似乎不是从 Java 端调用的,我在日志中看不到任何内容
  • 在这一点上,我们只是希望看到我们的 transformAccessToken 日志语句和我们添加的测试声明

评估标签: Evaluate Tab Image

Java 代码:

public class SoamProtocolMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper{

public static final String PROVIDER_ID = "oidc-customprotocolmapper";
private static Logger logger = Logger.getLogger(SoamProtocolMapper.class);

private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();

@Override
public List<ProviderConfigProperty> getConfigProperties() {
    logger.info("SOAM: inside getConfigProperties");
    return configProperties;
}

@Override
public String getDisplayCategory() {
    logger.info("SOAM: inside getDisplayCategory");
    return TOKEN_MAPPER_CATEGORY;
}

@Override
public String getDisplayType() {
    logger.info("SOAM: inside getDisplayType");
    return "Stackoverflow Custom Protocol Mapper";
}

@Override
public String getId() {
    logger.info("SOAM: inside getId");
    return PROVIDER_ID;
}

@Override
public String getHelpText() {
    logger.info("SOAM: inside getHelpText");
    return "some help text";
}

@Override
public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
        UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
    logger.info("SOAM: inside transformAccessToken");
    token.getOtherClaims().put("stackoverflowCustomToken", "stackoverflow");

    setClaim(token, mappingModel, userSession, session);
    return token;
}

public static ProtocolMapperModel create(String name, boolean accessToken, boolean idToken, boolean userInfo) {
    logger.info("SOAM: inside create");
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(PROVIDER_ID);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<String, String>();
    mapper.setConfig(config);
    return mapper;
}}

任何帮助 - 谢谢!

最佳答案

回答我自己的问题。 staticcreate 初始化方法中缺少几行代码。这是一个工作示例:

package com.github.bcgov.keycloak.soam;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper;
import org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.IDToken;


/**
 * SOAM Protocol Mapper
 */
public class SoamProtocolMapper extends AbstractOIDCProtocolMapper implements     OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper {

private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();

static {
    OIDCAttributeMapperHelper.addTokenClaimNameConfig(configProperties);
    OIDCAttributeMapperHelper.addIncludeInTokensConfig(configProperties, SoamProtocolMapper.class);
}

public static final String PROVIDER_ID = "oidc-soam-mapper";


public List<ProviderConfigProperty> getConfigProperties() {
    return configProperties;
}

@Override
public String getId() {
    return PROVIDER_ID;
}

@Override
public String getDisplayType() {
    return "Soam Protocol Mapper";
}

@Override
public String getDisplayCategory() {
    return TOKEN_MAPPER_CATEGORY;
}

@Override
public String getHelpText() { 
    return "Map SOAM claims";
}

protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
    token.getOtherClaims().put("test_claim", "Working!");
}

public static ProtocolMapperModel create(String name,
                                  String tokenClaimName,
                                  boolean consentRequired, String consentText,
                                  boolean accessToken, boolean idToken) {
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(PROVIDER_ID);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    mapper.setConsentRequired(consentRequired);
    mapper.setConsentText(consentText);
    Map<String, String> config = new HashMap<String, String>();
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, tokenClaimName);
    if (accessToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    if (idToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    mapper.setConfig(config);

    return mapper;
}

关于java - 检索 token 时无法调用 keycloak 协议(protocol)映射器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58867030/

上一篇:java - 如何检查从 Google Place Search 获得的结果中是否存在 'rating' 字段?

下一篇:java - 在一项 Activity 中使用 volley 进行两次 API 调用......好的做法?

相关文章:

database - 如何将数据库参数传递给keycloak 20+ docker?

KEYCLOAK:请求中未提供客户端 secret

java - 小词词干提取/词形还原

java, l = inputStream.readLine()) != null 背后的原理逻辑

cookies - 使用访问或 ID token / token 交换建立 SSO/设置 cookie

c# - Glue vs Automapper vs Emit vs ValueInjecter 实体映射器

java - 如何在 MyBatis Mapper XML 中连接一个 ResultHandler

swift - alamofire 对象映射器 .. 为什么打印我的项目名称?

Java 窗口事件 - 最大化。如何硬编码?

jsp/jSTL页面中的java错误

©2024 IT工具网  联系我们