|
List< ProviderConfigProperty > | getConfigProperties () |
|
String | getId () |
|
String | getDisplayType () |
|
String | getDisplayCategory () |
|
String | getHelpText () |
|
boolean | isSupported () |
|
void | validateConfig (KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel client, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException |
|
String | getProtocol () |
|
void | close () |
|
final ProtocolMapper | create (KeycloakSession session) |
|
void | init (Config.Scope config) |
|
void | postInit (KeycloakSessionFactory factory) |
|
AccessToken | transformUserInfoToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) |
|
AccessToken | transformAccessToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) |
|
IDToken | transformIDToken (IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) |
|
AccessToken | transformAccessToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) |
|
IDToken | transformIDToken (IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) |
|
AccessToken | transformUserInfoToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) |
|
|
static ProtocolMapperModel | create (String name, String userAttribute, String tokenClaimName, String claimType, boolean accessToken, boolean idToken, String script, boolean multiValued) |
|
|
void | setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession) |
|
void | setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) |
|
|
static final Logger | LOGGER = Logger.getLogger(ScriptBasedOIDCProtocolMapper.class) |
|
static final String | SCRIPT = "script" |
|
static final List< ProviderConfigProperty > | configProperties |
|
OIDC org.keycloak.protocol.ProtocolMapper that uses a provided JavaScript fragment to compute the token claim value.
- 著者
- Thomas Darimont
◆ [static initializer]()
org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.[static initializer] |
( |
| ) |
|
|
inlinestaticpackage |
◆ close()
void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.close |
( |
| ) |
|
|
inlineinherited |
◆ create() [1/2]
final ProtocolMapper org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.create |
( |
KeycloakSession |
session | ) |
|
|
inlineinherited |
51 throw new RuntimeException(
"UNSUPPORTED METHOD");
◆ create() [2/2]
static ProtocolMapperModel org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.create |
( |
String |
name, |
|
|
String |
userAttribute, |
|
|
String |
tokenClaimName, |
|
|
String |
claimType, |
|
|
boolean |
accessToken, |
|
|
boolean |
idToken, |
|
|
String |
script, |
|
|
boolean |
multiValued |
|
) |
| |
|
inlinestatic |
173 ProtocolMapperModel mapper = OIDCAttributeMapperHelper.createClaimMapper(name, userAttribute,
174 tokenClaimName, claimType,
175 accessToken, idToken,
178 mapper.getConfig().put(
SCRIPT, script);
179 mapper.getConfig().put(ProtocolMapperUtils.MULTIVALUED, String.valueOf(multiValued));
static final String SCRIPT
Definition: ScriptBasedOIDCProtocolMapper.java:53
static final String PROVIDER_ID
Definition: ScriptBasedOIDCProtocolMapper.java:49
◆ getConfigProperties()
List<ProviderConfigProperty> org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.getConfigProperties |
( |
| ) |
|
|
inline |
static final List< ProviderConfigProperty > configProperties
Definition: ScriptBasedOIDCProtocolMapper.java:55
◆ getDisplayCategory()
String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.getDisplayCategory |
( |
| ) |
|
|
inline |
static final String TOKEN_MAPPER_CATEGORY
Definition: AbstractOIDCProtocolMapper.java:37
◆ getDisplayType()
String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.getDisplayType |
( |
| ) |
|
|
inline |
106 return "Script Mapper";
◆ getHelpText()
String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.getHelpText |
( |
| ) |
|
|
inline |
116 return "Evaluates a JavaScript function to produce a token claim based on context information.";
◆ getId()
String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.getId |
( |
| ) |
|
|
inline |
static final String PROVIDER_ID
Definition: ScriptBasedOIDCProtocolMapper.java:49
◆ getProtocol()
String org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.getProtocol |
( |
| ) |
|
|
inlineinherited |
41 return OIDCLoginProtocol.LOGIN_PROTOCOL;
◆ init()
void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.init |
( |
Config.Scope |
config | ) |
|
|
inlineinherited |
◆ isSupported()
boolean org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.isSupported |
( |
| ) |
|
|
inline |
120 return Profile.isFeatureEnabled(Profile.Feature.SCRIPTS);
◆ postInit()
void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.postInit |
( |
KeycloakSessionFactory |
factory | ) |
|
|
inlineinherited |
◆ setClaim() [1/2]
void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim |
( |
IDToken |
token, |
|
|
ProtocolMapperModel |
mappingModel, |
|
|
UserSessionModel |
userSession |
|
) |
| |
|
inlineprotectedinherited |
◆ setClaim() [2/2]
void org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.setClaim |
( |
IDToken |
token, |
|
|
ProtocolMapperModel |
mappingModel, |
|
|
UserSessionModel |
userSession, |
|
|
KeycloakSession |
keycloakSession |
|
) |
| |
|
inlineprotected |
125 UserModel user = userSession.getUser();
126 String scriptSource = mappingModel.getConfig().get(
SCRIPT);
127 RealmModel realm = userSession.getRealm();
129 ScriptingProvider scripting = keycloakSession.getProvider(ScriptingProvider.class);
130 ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT,
"token-mapper-script_" + mappingModel.getName(), scriptSource, null);
132 EvaluatableScriptAdapter script = scripting.prepareEvaluatableScript(scriptModel);
136 claimValue = script.eval((bindings) -> {
137 bindings.put(
"user", user);
138 bindings.put(
"realm", realm);
139 bindings.put(
"token", token);
140 bindings.put(
"userSession", userSession);
141 bindings.put(
"keycloakSession", keycloakSession);
143 }
catch (Exception ex) {
144 LOGGER.error(
"Error during execution of ProtocolMapper script", ex);
148 OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claimValue);
static final String SCRIPT
Definition: ScriptBasedOIDCProtocolMapper.java:53
static final Logger LOGGER
Definition: ScriptBasedOIDCProtocolMapper.java:51
◆ transformAccessToken() [1/2]
AccessToken org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper.transformAccessToken |
( |
AccessToken |
token, |
|
|
ProtocolMapperModel |
mappingModel, |
|
|
KeycloakSession |
session, |
|
|
UserSessionModel |
userSession, |
|
|
AuthenticatedClientSessionModel |
clientSession |
|
) |
| |
|
inherited |
◆ transformAccessToken() [2/2]
AccessToken org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformAccessToken |
( |
AccessToken |
token, |
|
|
ProtocolMapperModel |
mappingModel, |
|
|
KeycloakSession |
session, |
|
|
UserSessionModel |
userSession, |
|
|
AuthenticatedClientSessionModel |
clientSession |
|
) |
| |
|
inlineinherited |
77 if (!OIDCAttributeMapperHelper.includeInAccessToken(mappingModel)){
81 setClaim(token, mappingModel, userSession, session);
void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession)
Definition: AbstractOIDCProtocolMapper.java:105
◆ transformIDToken() [1/2]
IDToken org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper.transformIDToken |
( |
IDToken |
token, |
|
|
ProtocolMapperModel |
mappingModel, |
|
|
KeycloakSession |
session, |
|
|
UserSessionModel |
userSession, |
|
|
AuthenticatedClientSessionModel |
clientSession |
|
) |
| |
|
inherited |
◆ transformIDToken() [2/2]
IDToken org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformIDToken |
( |
IDToken |
token, |
|
|
ProtocolMapperModel |
mappingModel, |
|
|
KeycloakSession |
session, |
|
|
UserSessionModel |
userSession, |
|
|
AuthenticatedClientSessionModel |
clientSession |
|
) |
| |
|
inlineinherited |
88 if (!OIDCAttributeMapperHelper.includeInIDToken(mappingModel)){
92 setClaim(token, mappingModel, userSession, session);
void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession)
Definition: AbstractOIDCProtocolMapper.java:105
◆ transformUserInfoToken() [1/2]
AccessToken org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper.transformUserInfoToken |
( |
AccessToken |
token, |
|
|
ProtocolMapperModel |
mappingModel, |
|
|
KeycloakSession |
session, |
|
|
UserSessionModel |
userSession, |
|
|
AuthenticatedClientSessionModel |
clientSession |
|
) |
| |
|
inherited |
◆ transformUserInfoToken() [2/2]
AccessToken org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformUserInfoToken |
( |
AccessToken |
token, |
|
|
ProtocolMapperModel |
mappingModel, |
|
|
KeycloakSession |
session, |
|
|
UserSessionModel |
userSession, |
|
|
AuthenticatedClientSessionModel |
clientSession |
|
) |
| |
|
inlineinherited |
66 if (!OIDCAttributeMapperHelper.includeInUserInfo(mappingModel)) {
70 setClaim(token, mappingModel, userSession, session);
void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession)
Definition: AbstractOIDCProtocolMapper.java:105
◆ validateConfig()
void org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.validateConfig |
( |
KeycloakSession |
session, |
|
|
RealmModel |
realm, |
|
|
ProtocolMapperContainerModel |
client, |
|
|
ProtocolMapperModel |
mapperModel |
|
) |
| throws ProtocolMapperConfigException |
|
inline |
154 String scriptCode = mapperModel.getConfig().get(
SCRIPT);
155 if (scriptCode == null) {
159 ScriptingProvider scripting = session.getProvider(ScriptingProvider.class);
160 ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, mapperModel.getName() +
"-script", scriptCode,
"");
163 scripting.prepareEvaluatableScript(scriptModel);
164 }
catch (ScriptCompilationException ex) {
165 throw new ProtocolMapperConfigException(
"error",
"{0}", ex.getMessage());
static final String SCRIPT
Definition: ScriptBasedOIDCProtocolMapper.java:53
◆ configProperties
final List<ProviderConfigProperty> org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.configProperties |
|
staticprivate |
◆ LOGGER
final Logger org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.LOGGER = Logger.getLogger(ScriptBasedOIDCProtocolMapper.class) |
|
staticprivate |
◆ PROVIDER_ID
final String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.PROVIDER_ID = "oidc-script-based-protocol-mapper" |
|
static |
◆ SCRIPT
final String org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper.SCRIPT = "script" |
|
staticprivate |
◆ TOKEN_MAPPER_CATEGORY
final String org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY = "Token mapper" |
|
staticinherited |
このクラス詳解は次のファイルから抽出されました: