org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper の継承関係図

org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper 連携図

公開メンバ関数
abstract String	getIdPrefix ()

abstract String	generateSub (ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub)

List< ProviderConfigProperty >	getAdditionalConfigProperties ()

void	validateAdditionalConfig (KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException

final String	getDisplayCategory ()

IDToken	transformIDToken (IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

AccessToken	transformAccessToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

AccessToken	transformUserInfoToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

final List< ProviderConfigProperty >	getConfigProperties ()

final void	validateConfig (KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException

final String	getId ()

String	getProtocol ()

void	close ()

final ProtocolMapper	create (KeycloakSession session)

void	init (Config.Scope config)

void	postInit (KeycloakSessionFactory factory)

静的公開変数類
static final String	PROVIDER_ID_SUFFIX = "-pairwise-sub-mapper"

static final String	TOKEN_MAPPER_CATEGORY = "Token mapper"

限定公開メンバ関数
void	setIDTokenSubject (IDToken token, String pairwiseSub)

void	setAccessTokenSubject (IDToken token, String pairwiseSub)

void	setUserInfoTokenSubject (IDToken token, String pairwiseSub)

void	setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession)

void	setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession)

非公開メンバ関数
String	getSectorIdentifier (ClientModel client, ProtocolMapperModel mappingModel)

詳解

Set the 'sub' claim to pairwise .

著者: Martin Hardselius

関数詳解

◆ close()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.close ( )

inlineinherited

                         {
 
     }

◆ create()

final ProtocolMapper org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.create ( KeycloakSession session )

inlineinherited

                                                                 {
         throw new RuntimeException("UNSUPPORTED METHOD");
     }

◆ generateSub()

abstract String org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.generateSub	(	ProtocolMapperModel	mappingModel,
		String	sectorIdentifier,
		String	localSub
	)

abstract

Generates a pairwise subject identifier.

引数

mappingModel
sectorIdentifier	client sector identifier
localSub	local subject identifier (user id)

戻り値: A pairwise subject identifier

◆ getAdditionalConfigProperties()

List<ProviderConfigProperty> org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.getAdditionalConfigProperties ( )

inline

Override to add additional provider configuration properties. By default, a pairwise sub mapper will only contain configuration for a sector identifier URI.

戻り値: A list of provider configuration properties.

                                                                         {
         return new LinkedList<>();
     }

◆ getConfigProperties()

final List<ProviderConfigProperty> org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.getConfigProperties ( )

inline

                                                                     {
         List<ProviderConfigProperty> configProperties = new LinkedList<>();
         configProperties.add(PairwiseSubMapperHelper.createSectorIdentifierConfig());
         configProperties.addAll(getAdditionalConfigProperties());
         return configProperties;
     }

◆ getDisplayCategory()

final String org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.getDisplayCategory ( )

inline

                                              {
         return AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY;
     }

◆ getId()

final String org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.getId ( )

inline

                                 {
         return "oidc-" + getIdPrefix() + PROVIDER_ID_SUFFIX;
     }

◆ getIdPrefix()

abstract String org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.getIdPrefix ( )

abstract

◆ getProtocol()

String org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.getProtocol ( )

inlineinherited

                                 {
         return OIDCLoginProtocol.LOGIN_PROTOCOL;
     }

◆ getSectorIdentifier()

String org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.getSectorIdentifier	(	ClientModel	client,
		ProtocolMapperModel	mappingModel
	)

inlineprivate

                                                                                              {
         String sectorIdentifierUri = PairwiseSubMapperHelper.getSectorIdentifierUri(mappingModel);
         if (sectorIdentifierUri != null && !sectorIdentifierUri.isEmpty()) {
             return PairwiseSubMapperUtils.resolveValidSectorIdentifier(sectorIdentifierUri);
         }
         return PairwiseSubMapperUtils.resolveValidSectorIdentifier(client.getRootUrl(), client.getRedirectUris());
     }

◆ init()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.init ( Config.Scope config )

inlineinherited

55 {

56 }

◆ postInit()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.postInit ( KeycloakSessionFactory factory )

inlineinherited

                                                          {
 
     }

◆ setAccessTokenSubject()

void org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.setAccessTokenSubject	(	IDToken	token,
		String	pairwiseSub
	)

inlineprotected

                                                                             {
         token.setSubject(pairwiseSub);
     }

◆ setClaim() [1/2]

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		UserSessionModel	userSession
	)

inlineprotectedinherited

Intended to be overridden in ProtocolMapper implementations to add claims to an token.

引数

token
mappingModel
userSession

非推奨:: override setClaim(IDToken, ProtocolMapperModel, UserSessionModel, KeycloakSession) instead.

105 {

106 }

◆ setClaim() [2/2]

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		UserSessionModel	userSession,
		KeycloakSession	keycloakSession
	)

inlineprotectedinherited

Intended to be overridden in ProtocolMapper implementations to add claims to an token.

引数

token
mappingModel
userSession
keycloakSession

                                                                                                                                             {
         // we delegate to the old #setClaim(...) method for backwards compatibility
         setClaim(token, mappingModel, userSession);
     }

◆ setIDTokenSubject()

void org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.setIDTokenSubject	(	IDToken	token,
		String	pairwiseSub
	)

inlineprotected

                                                                         {
         token.setSubject(pairwiseSub);
     }

◆ setUserInfoTokenSubject()

void org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.setUserInfoTokenSubject	(	IDToken	token,
		String	pairwiseSub
	)

inlineprotected

                                                                               {
         token.getOtherClaims().put("sub", pairwiseSub);
     }

◆ transformAccessToken()

AccessToken org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.transformAccessToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inline

org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapperを実装しています。

                                                                                                                                                                                                        {
         setAccessTokenSubject(token, generateSub(mappingModel, getSectorIdentifier(clientSession.getClient(), mappingModel), userSession.getUser().getId()));
         return token;
     }

◆ transformIDToken()

IDToken org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.transformIDToken	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inline

org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapperを実装しています。

                                                                                                                                                                                            {
         setIDTokenSubject(token, generateSub(mappingModel, getSectorIdentifier(clientSession.getClient(), mappingModel), userSession.getUser().getId()));
         return token;
     }

◆ transformUserInfoToken()

AccessToken org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.transformUserInfoToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inline

org.keycloak.protocol.oidc.mappers.UserInfoTokenMapperを実装しています。

                                                                                                                                                                                                          {
         setUserInfoTokenSubject(token, generateSub(mappingModel, getSectorIdentifier(clientSession.getClient(), mappingModel), userSession.getUser().getId()));
         return token;
     }

◆ validateAdditionalConfig()

void org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.validateAdditionalConfig	(	KeycloakSession	session,
		RealmModel	realm,
		ProtocolMapperContainerModel	mapperContainer,
		ProtocolMapperModel	mapperModel
	)		throws ProtocolMapperConfigException

inline

Override to add additional configuration validation. Called when instance of mapperModel is created/updated for this protocolMapper through admin endpoint.

引数

session
realm
mapperContainer	client or clientScope
mapperModel

例外

ProtocolMapperConfigException if configuration provided in mapperModel is not valid

58 {

59 }

◆ validateConfig()

final void org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.validateConfig	(	KeycloakSession	session,
		RealmModel	realm,
		ProtocolMapperContainerModel	mapperContainer,
		ProtocolMapperModel	mapperModel
	)		throws ProtocolMapperConfigException

inline

                                                                                                                                                                                                     {
         ClientModel client = null;
         if (mapperContainer instanceof ClientModel) {
             client = (ClientModel) mapperContainer;
             PairwiseSubMapperValidator.validate(session, client, mapperModel);
         }
         validateAdditionalConfig(session, realm, mapperContainer, mapperModel);
     }

メンバ詳解

◆ PROVIDER_ID_SUFFIX

final String org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.PROVIDER_ID_SUFFIX = "-pairwise-sub-mapper"

static

◆ TOKEN_MAPPER_CATEGORY

final String org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY = "Token mapper"

staticinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/oidc/mappers/AbstractPairwiseSubMapper.java

公開メンバ関数

静的公開変数類

限定公開メンバ関数

非公開メンバ関数

詳解

関数詳解

◆ close()

◆ create()

◆ generateSub()

◆ getAdditionalConfigProperties()

◆ getConfigProperties()

◆ getDisplayCategory()

◆ getId()

◆ getIdPrefix()

◆ getProtocol()

◆ getSectorIdentifier()

◆ init()

◆ postInit()

◆ setAccessTokenSubject()

◆ setClaim() [1/2]

◆ setClaim() [2/2]

◆ setIDTokenSubject()

◆ setUserInfoTokenSubject()

◆ transformAccessToken()

◆ transformIDToken()

◆ transformUserInfoToken()

◆ validateAdditionalConfig()

◆ validateConfig()

メンバ詳解

◆ PROVIDER_ID_SUFFIX

◆ TOKEN_MAPPER_CATEGORY