org.keycloak.services.resources.admin.IdentityProviderResource 連携図

公開メンバ関数
	IdentityProviderResource (AdminPermissionEvaluator auth, RealmModel realm, KeycloakSession session, IdentityProviderModel identityProviderModel, AdminEventBuilder adminEvent)

IdentityProviderRepresentation	getIdentityProvider ()

Response	delete ()

Response	update (IdentityProviderRepresentation providerRep)

Response	export (@QueryParam("format") String format)

Map< String, IdentityProviderMapperTypeRepresentation >	getMapperTypes ()

List< IdentityProviderMapperRepresentation >	getMappers ()

Response	addMapper (IdentityProviderMapperRepresentation mapper)

IdentityProviderMapperRepresentation	getMapperById (@PathParam("id") String id)

void	update (@PathParam("id") String id, IdentityProviderMapperRepresentation rep)

void	delete (@PathParam("id") String id)

ManagementPermissionReference	getManagementPermissions ()

ManagementPermissionReference	setManagementPermissionsEnabled (ManagementPermissionReference ref)

静的公開メンバ関数
static ManagementPermissionReference	toMgmtRef (IdentityProviderModel model, AdminPermissionManagement permissions)

静的限定公開変数類
static final Logger	logger = Logger.getLogger(IdentityProviderResource.class)

非公開メンバ関数
void	updateIdpFromRep (IdentityProviderRepresentation providerRep, RealmModel realm, KeycloakSession session)

IdentityProviderFactory	getIdentityProviderFactory ()

静的非公開メンバ関数
static String	getProviderIdByInternalId (RealmModel realm, String providerInternalId)

static void	updateUsersAfterProviderAliasChange (List< UserModel > users, String oldProviderId, String newProviderId, RealmModel realm, KeycloakSession session)

非公開変数類
final AdminPermissionEvaluator	auth

final RealmModel	realm

final KeycloakSession	session

final IdentityProviderModel	identityProviderModel

final AdminEventBuilder	adminEvent

詳解

Identity Providers

著者: Pedro Igor

構築子と解体子

◆ IdentityProviderResource()

org.keycloak.services.resources.admin.IdentityProviderResource.IdentityProviderResource	(	AdminPermissionEvaluator	auth,
		RealmModel	realm,
		KeycloakSession	session,
		IdentityProviderModel	identityProviderModel,
		AdminEventBuilder	adminEvent
	)

inline

                                                                                                                                                                                          {
         this.realm = realm;
         this.session = session;
         this.identityProviderModel = identityProviderModel;
         this.auth = auth;
         this.adminEvent = adminEvent.resource(ResourceType.IDENTITY_PROVIDER);
     }

関数詳解

◆ addMapper()

Response org.keycloak.services.resources.admin.IdentityProviderResource.addMapper ( IdentityProviderMapperRepresentation mapper )

inline

Add a mapper to identity provider

引数

mapper

戻り値

                                                                            {
         this.auth.realm().requireManageIdentityProviders();
 
         if (identityProviderModel == null) {
             throw new javax.ws.rs.NotFoundException();
         }
 
         IdentityProviderMapperModel model = RepresentationToModel.toModel(mapper);
         try {
             model = realm.addIdentityProviderMapper(model);
         } catch (Exception e) {
             return ErrorResponse.error("Failed to add mapper '" + model.getName() + "' to identity provider [" + identityProviderModel.getProviderId() + "].", Response.Status.BAD_REQUEST);
         }
 
         adminEvent.operation(OperationType.CREATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(session.getContext().getUri(), model.getId())
             .representation(mapper).success();
 
         return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(model.getId()).build()).build();
 
     }

◆ delete() [1/2]

Response org.keycloak.services.resources.admin.IdentityProviderResource.delete ( )

inline

Delete the identity provider

戻り値

                              {
         this.auth.realm().requireManageIdentityProviders();
 
         if (identityProviderModel == null) {
             throw new javax.ws.rs.NotFoundException();
         }
 
         String alias = this.identityProviderModel.getAlias();
         this.realm.removeIdentityProviderByAlias(alias);
 
         Set<IdentityProviderMapperModel> mappers = this.realm.getIdentityProviderMappersByAlias(alias);
         for (IdentityProviderMapperModel mapper : mappers) {
             this.realm.removeIdentityProviderMapper(mapper);
         }
 
         adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).success();
 
         return Response.noContent().build();
     }

◆ delete() [2/2]

void org.keycloak.services.resources.admin.IdentityProviderResource.delete ( @PathParam("id") String id )

inline

Delete a mapper for the identity provider

引数

id Mapper id

                                                    {
         this.auth.realm().requireManageIdentityProviders();
 
         if (identityProviderModel == null) {
             throw new javax.ws.rs.NotFoundException();
         }
 
         IdentityProviderMapperModel model = realm.getIdentityProviderMapperById(id);
         if (model == null) throw new NotFoundException("Model not found");
         realm.removeIdentityProviderMapper(model);
         adminEvent.operation(OperationType.DELETE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(session.getContext().getUri()).success();
 
     }

◆ export()

Response org.keycloak.services.resources.admin.IdentityProviderResource.export ( @QueryParam("format") String format )

inline

Export public broker configuration for identity provider

引数

format Format to use

戻り値

                                                                 {
         this.auth.realm().requireViewIdentityProviders();
 
         if (identityProviderModel == null) {
             throw new javax.ws.rs.NotFoundException();
         }
 
         try {
             IdentityProviderFactory factory = getIdentityProviderFactory();
             return factory.create(session, identityProviderModel).export(session.getContext().getUri(), realm, format);
         } catch (Exception e) {
             return ErrorResponse.error("Could not export public broker configuration for identity provider [" + identityProviderModel.getProviderId() + "].", Response.Status.NOT_FOUND);
         }
     }

◆ getIdentityProvider()

IdentityProviderRepresentation org.keycloak.services.resources.admin.IdentityProviderResource.getIdentityProvider ( )

inline

Get the identity provider

戻り値

                                                                 {
         this.auth.realm().requireViewIdentityProviders();
 
         if (identityProviderModel == null) {
             throw new javax.ws.rs.NotFoundException();
         }
 
         IdentityProviderRepresentation rep = ModelToRepresentation.toRepresentation(realm, this.identityProviderModel);
         return StripSecretsUtils.strip(rep);
     }

◆ getIdentityProviderFactory()

IdentityProviderFactory org.keycloak.services.resources.admin.IdentityProviderResource.getIdentityProviderFactory ( )

inlineprivate

                                                                  {
         List<ProviderFactory> allProviders = new ArrayList<ProviderFactory>();
 
         allProviders.addAll(this.session.getKeycloakSessionFactory().getProviderFactories(IdentityProvider.class));
         allProviders.addAll(this.session.getKeycloakSessionFactory().getProviderFactories(SocialIdentityProvider.class));
 
         for (ProviderFactory providerFactory : allProviders) {
             if (providerFactory.getId().equals(identityProviderModel.getProviderId())) return (IdentityProviderFactory)providerFactory;
         }
 
         return null;
     }

◆ getManagementPermissions()

ManagementPermissionReference org.keycloak.services.resources.admin.IdentityProviderResource.getManagementPermissions ( )

inline

Return object stating whether client Authorization permissions have been initialized or not and a reference

戻り値

                                                                     {
         this.auth.realm().requireViewIdentityProviders();
 
         AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
         if (!permissions.idps().isPermissionsEnabled(identityProviderModel)) {
             return new ManagementPermissionReference();
         }
         return toMgmtRef(identityProviderModel, permissions);
     }

◆ getMapperById()

IdentityProviderMapperRepresentation org.keycloak.services.resources.admin.IdentityProviderResource.getMapperById ( @PathParam("id") String id )

inline

Get mapper by id for the identity provider

引数

id

戻り値

                                                                                           {
         this.auth.realm().requireViewIdentityProviders();
 
         if (identityProviderModel == null) {
             throw new javax.ws.rs.NotFoundException();
         }
 
         IdentityProviderMapperModel model = realm.getIdentityProviderMapperById(id);
         if (model == null) throw new NotFoundException("Model not found");
         return ModelToRepresentation.toRepresentation(model);
     }

◆ getMappers()

List<IdentityProviderMapperRepresentation> org.keycloak.services.resources.admin.IdentityProviderResource.getMappers ( )

inline

Get mappers for identity provider

                                                                    {
         this.auth.realm().requireViewIdentityProviders();
 
         if (identityProviderModel == null) {
             throw new javax.ws.rs.NotFoundException();
         }
 
         List<IdentityProviderMapperRepresentation> mappers = new LinkedList<>();
         for (IdentityProviderMapperModel model : realm.getIdentityProviderMappersByAlias(identityProviderModel.getAlias())) {
             mappers.add(ModelToRepresentation.toRepresentation(model));
         }
         return mappers;
     }

◆ getMapperTypes()

Map<String, IdentityProviderMapperTypeRepresentation> org.keycloak.services.resources.admin.IdentityProviderResource.getMapperTypes ( )

inline

Get mapper types for identity provider

                                                                                   {
         this.auth.realm().requireViewIdentityProviders();
 
         if (identityProviderModel == null) {
             throw new javax.ws.rs.NotFoundException();
         }
 
         KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
         Map<String, IdentityProviderMapperTypeRepresentation> types = new HashMap<>();
         List<ProviderFactory> factories = sessionFactory.getProviderFactories(IdentityProviderMapper.class);
         for (ProviderFactory factory : factories) {
             IdentityProviderMapper mapper = (IdentityProviderMapper)factory;
             for (String type : mapper.getCompatibleProviders()) {
                 if (IdentityProviderMapper.ANY_PROVIDER.equals(type) || type.equals(identityProviderModel.getProviderId())) {
                     IdentityProviderMapperTypeRepresentation rep = new IdentityProviderMapperTypeRepresentation();
                     rep.setId(mapper.getId());
                     rep.setCategory(mapper.getDisplayCategory());
                     rep.setName(mapper.getDisplayType());
                     rep.setHelpText(mapper.getHelpText());
                     List<ProviderConfigProperty> configProperties = mapper.getConfigProperties();
                     for (ProviderConfigProperty prop : configProperties) {
                         ConfigPropertyRepresentation propRep = ModelToRepresentation.toRepresentation(prop);
                         rep.getProperties().add(propRep);
                     }
                     types.put(rep.getId(), rep);
                     break;
                 }
             }
         }
         return types;
     }

◆ getProviderIdByInternalId()

static String org.keycloak.services.resources.admin.IdentityProviderResource.getProviderIdByInternalId	(	RealmModel	realm,
		String	providerInternalId
	)

inlinestaticprivate

                                                                                                  {
         List<IdentityProviderModel> providerModels = realm.getIdentityProviders();
         for (IdentityProviderModel providerModel : providerModels) {
             if (providerModel.getInternalId().equals(providerInternalId)) {
                 return providerModel.getAlias();
             }
         }
 
         return null;
     }

◆ setManagementPermissionsEnabled()

ManagementPermissionReference org.keycloak.services.resources.admin.IdentityProviderResource.setManagementPermissionsEnabled ( ManagementPermissionReference ref )

inline

Return object stating whether client Authorization permissions have been initialized or not and a reference

戻り値: initialized manage permissions reference

                                                                                                             {
         this.auth.realm().requireManageIdentityProviders();
         AdminPermissionManagement permissions = AdminPermissions.management(session, realm);
         permissions.idps().setPermissionsEnabled(identityProviderModel, ref.isEnabled());
         if (ref.isEnabled()) {
             return toMgmtRef(identityProviderModel, permissions);
         } else {
             return new ManagementPermissionReference();
         }
     }

◆ toMgmtRef()

static ManagementPermissionReference org.keycloak.services.resources.admin.IdentityProviderResource.toMgmtRef	(	IdentityProviderModel	model,
		AdminPermissionManagement	permissions
	)

inlinestatic

                                                                                                                               {
         ManagementPermissionReference ref = new ManagementPermissionReference();
         ref.setEnabled(true);
         ref.setResource(permissions.idps().resource(model).getId());
         ref.setScopePermissions(permissions.idps().getPermissions(model));
         return ref;
     }

◆ update() [1/2]

Response org.keycloak.services.resources.admin.IdentityProviderResource.update ( IdentityProviderRepresentation providerRep )

inline

Update the identity provider

引数

providerRep

戻り値

                                                                        {
         this.auth.realm().requireManageIdentityProviders();
 
         if (identityProviderModel == null) {
             throw new javax.ws.rs.NotFoundException();
         }
 
         try {
             updateIdpFromRep(providerRep, realm, session);
 
             adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(providerRep).success();
 
             return Response.noContent().build();
         } catch (ModelDuplicateException e) {
             return ErrorResponse.exists("Identity Provider " + providerRep.getAlias() + " already exists");
         }
     }

◆ update() [2/2]

void org.keycloak.services.resources.admin.IdentityProviderResource.update	(	@PathParam("id") String	id,
		IdentityProviderMapperRepresentation	rep
	)

inline

Update a mapper for the identity provider

引数

id	Mapper id
rep

                                                                                              {
         this.auth.realm().requireManageIdentityProviders();
 
         if (identityProviderModel == null) {
             throw new javax.ws.rs.NotFoundException();
         }
 
         IdentityProviderMapperModel model = realm.getIdentityProviderMapperById(id);
         if (model == null) throw new NotFoundException("Model not found");
         model = RepresentationToModel.toModel(rep);
         realm.updateIdentityProviderMapper(model);
         adminEvent.operation(OperationType.UPDATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(session.getContext().getUri()).representation(rep).success();
 
     }

◆ updateIdpFromRep()

void org.keycloak.services.resources.admin.IdentityProviderResource.updateIdpFromRep	(	IdentityProviderRepresentation	providerRep,
		RealmModel	realm,
		KeycloakSession	session
	)

inlineprivate

                                                                                                                          {
         String internalId = providerRep.getInternalId();
         String newProviderId = providerRep.getAlias();
         String oldProviderId = getProviderIdByInternalId(realm, internalId);
 
         IdentityProviderModel updated = RepresentationToModel.toModel(realm, providerRep);
 
         if (updated.getConfig() != null && ComponentRepresentation.SECRET_VALUE.equals(updated.getConfig().get("clientSecret"))) {
             updated.getConfig().put("clientSecret", identityProviderModel.getConfig() != null ? identityProviderModel.getConfig().get("clientSecret") : null);
         }
 
         realm.updateIdentityProvider(updated);
 
         if (oldProviderId != null && !oldProviderId.equals(newProviderId)) {
 
             // Admin changed the ID (alias) of identity provider. We must update all clients and users
             logger.debug("Changing providerId in all clients and linked users. oldProviderId=" + oldProviderId + ", newProviderId=" + newProviderId);
 
             updateUsersAfterProviderAliasChange(session.users().getUsers(realm, false), oldProviderId, newProviderId, realm, session);
         }
     }

◆ updateUsersAfterProviderAliasChange()

static void org.keycloak.services.resources.admin.IdentityProviderResource.updateUsersAfterProviderAliasChange	(	List< UserModel >	users,
		String	oldProviderId,
		String	newProviderId,
		RealmModel	realm,
		KeycloakSession	session
	)

inlinestaticprivate

                                                                                                                                                                           {
         for (UserModel user : users) {
             FederatedIdentityModel federatedIdentity = session.users().getFederatedIdentity(user, oldProviderId, realm);
             if (federatedIdentity != null) {
                 // Remove old link first
                 session.users().removeFederatedIdentity(realm, user, oldProviderId);
 
                 // And create new
                 FederatedIdentityModel newFederatedIdentity = new FederatedIdentityModel(newProviderId, federatedIdentity.getUserId(), federatedIdentity.getUserName(),
                         federatedIdentity.getToken());
                 session.users().addFederatedIdentity(realm, user, newFederatedIdentity);
             }
         }
     }

メンバ詳解

◆ adminEvent

final AdminEventBuilder org.keycloak.services.resources.admin.IdentityProviderResource.adminEvent

private

◆ auth

final AdminPermissionEvaluator org.keycloak.services.resources.admin.IdentityProviderResource.auth

private

◆ identityProviderModel

final IdentityProviderModel org.keycloak.services.resources.admin.IdentityProviderResource.identityProviderModel

private

◆ logger

final Logger org.keycloak.services.resources.admin.IdentityProviderResource.logger = Logger.getLogger(IdentityProviderResource.class)

staticprotected

◆ realm

final RealmModel org.keycloak.services.resources.admin.IdentityProviderResource.realm

private

◆ session

final KeycloakSession org.keycloak.services.resources.admin.IdentityProviderResource.session

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java

公開メンバ関数

静的公開メンバ関数

静的限定公開変数類

非公開メンバ関数

静的非公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ IdentityProviderResource()

関数詳解

◆ addMapper()

◆ delete() [1/2]

◆ delete() [2/2]

◆ export()

◆ getIdentityProvider()

◆ getIdentityProviderFactory()

◆ getManagementPermissions()

◆ getMapperById()

◆ getMappers()

◆ getMapperTypes()

◆ getProviderIdByInternalId()

◆ setManagementPermissionsEnabled()

◆ toMgmtRef()

◆ update() [1/2]

◆ update() [2/2]

◆ updateIdpFromRep()

◆ updateUsersAfterProviderAliasChange()

メンバ詳解

◆ adminEvent

◆ auth

◆ identityProviderModel

◆ logger

◆ realm

◆ session