org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper の継承関係図

org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper 連携図

公開メンバ関数
	SHA256PairwiseSubMapper ()

void	validateAdditionalConfig (KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException

String	getHelpText ()

List< ProviderConfigProperty >	getAdditionalConfigProperties ()

String	generateSub (ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub)

String	getDisplayType ()

String	getIdPrefix ()

final String	getDisplayCategory ()

IDToken	transformIDToken (IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

AccessToken	transformAccessToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

AccessToken	transformUserInfoToken (AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)

final List< ProviderConfigProperty >	getConfigProperties ()

final void	validateConfig (KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException

final String	getId ()

String	getProtocol ()

void	close ()

final ProtocolMapper	create (KeycloakSession session)

void	init (Config.Scope config)

void	postInit (KeycloakSessionFactory factory)

静的公開メンバ関数
static ProtocolMapperRepresentation	createPairwiseMapper (String sectorIdentifierUri, String salt)

静的公開変数類
static final String	PROVIDER_ID = "sha256"

static final String	PROVIDER_ID_SUFFIX = "-pairwise-sub-mapper"

static final String	TOKEN_MAPPER_CATEGORY = "Token mapper"

限定公開メンバ関数
void	setIDTokenSubject (IDToken token, String pairwiseSub)

void	setAccessTokenSubject (IDToken token, String pairwiseSub)

void	setUserInfoTokenSubject (IDToken token, String pairwiseSub)

void	setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession)

void	setClaim (IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession)

非公開メンバ関数
String	generateSub (String sectorIdentifier, String localSub, byte[] salt)

静的非公開メンバ関数
static String	generateSalt ()

非公開変数類
final Charset	charset

静的非公開変数類
static final String	HASH_ALGORITHM = "SHA-256"

static final Logger	logger = Logger.getLogger(SHA256PairwiseSubMapper.class)

詳解

構築子と解体子

◆ SHA256PairwiseSubMapper()

org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.SHA256PairwiseSubMapper ( )

inline

                                      {
         charset = Charset.forName("UTF-8");
     }

関数詳解

◆ close()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.close ( )

inlineinherited

                         {
 
     }

◆ create()

final ProtocolMapper org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.create ( KeycloakSession session )

inlineinherited

                                                                 {
         throw new RuntimeException("UNSUPPORTED METHOD");
     }

◆ createPairwiseMapper()

static ProtocolMapperRepresentation org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.createPairwiseMapper	(	String	sectorIdentifierUri,
		String	salt
	)

inlinestatic

                                                                                                              {
         Map<String, String> config;
         ProtocolMapperRepresentation pairwise = new ProtocolMapperRepresentation();
         pairwise.setName("pairwise subject identifier");
         pairwise.setProtocolMapper(new SHA256PairwiseSubMapper().getId());
         pairwise.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
         config = new HashMap<>();
         config.put(PairwiseSubMapperHelper.SECTOR_IDENTIFIER_URI, sectorIdentifierUri);
         if (salt == null) {
             salt = KeycloakModelUtils.generateId();
         }
         config.put(PairwiseSubMapperHelper.PAIRWISE_SUB_ALGORITHM_SALT, salt);
         pairwise.setConfig(config);
         return pairwise;
     }

◆ generateSalt()

static String org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.generateSalt ( )

inlinestaticprivate

                                          {
         return KeycloakModelUtils.generateId();
     }

◆ generateSub() [1/2]

String org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.generateSub	(	ProtocolMapperModel	mappingModel,
		String	sectorIdentifier,
		String	localSub
	)

inline

                                                                                                           {
         String saltStr = PairwiseSubMapperHelper.getSalt(mappingModel);
         if (saltStr == null) {
             throw new IllegalStateException("Salt not available on mappingModel. Please update protocol mapper");
         }
 
         Charset charset = Charset.forName("UTF-8");
         byte[] salt = saltStr.getBytes(charset);
         String pairwiseSub = generateSub(sectorIdentifier, localSub, salt);
         logger.tracef("local sub = '%s', pairwise sub = '%s'", localSub, pairwiseSub);
         return pairwiseSub;
     }

◆ generateSub() [2/2]

String org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.generateSub	(	String	sectorIdentifier,
		String	localSub,
		byte []	salt
	)

inlineprivate

                                                                                       {
         MessageDigest sha256;
         try {
             sha256 = MessageDigest.getInstance(HASH_ALGORITHM);
         } catch (NoSuchAlgorithmException e) {
             throw new IllegalStateException(e.getMessage(), e);
         }
         sha256.update(sectorIdentifier.getBytes(charset));
         sha256.update(localSub.getBytes(charset));
         byte[] hash = sha256.digest(salt);
         return UUID.nameUUIDFromBytes(hash).toString();
     }

◆ getAdditionalConfigProperties()

List<ProviderConfigProperty> org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.getAdditionalConfigProperties ( )

inline

                                                                         {
         List<ProviderConfigProperty> configProperties = new LinkedList<>();
         configProperties.add(PairwiseSubMapperHelper.createSaltConfig());
         return configProperties;
     }

◆ getConfigProperties()

final List<ProviderConfigProperty> org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.getConfigProperties ( )

inlineinherited

                                                                     {
         List<ProviderConfigProperty> configProperties = new LinkedList<>();
         configProperties.add(PairwiseSubMapperHelper.createSectorIdentifierConfig());
         configProperties.addAll(getAdditionalConfigProperties());
         return configProperties;
     }

◆ getDisplayCategory()

final String org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.getDisplayCategory ( )

inlineinherited

                                              {
         return AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY;
     }

◆ getDisplayType()

String org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.getDisplayType ( )

inline

                                    {
         return "Pairwise subject identifier";
     }

◆ getHelpText()

String org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.getHelpText ( )

inline

                                 {
         return "Calculates a pairwise subject identifier using a salted sha-256 hash. See OpenID Connect specification for more info about pairwise subject identifiers.";
     }

◆ getId()

final String org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.getId ( )

inlineinherited

                                 {
         return "oidc-" + getIdPrefix() + PROVIDER_ID_SUFFIX;
     }

◆ getIdPrefix()

String org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.getIdPrefix ( )

inline

                                 {
         return PROVIDER_ID;
     }

◆ getProtocol()

String org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.getProtocol ( )

inlineinherited

                                 {
         return OIDCLoginProtocol.LOGIN_PROTOCOL;
     }

◆ init()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.init ( Config.Scope config )

inlineinherited

55 {

56 }

◆ postInit()

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.postInit ( KeycloakSessionFactory factory )

inlineinherited

                                                          {
 
     }

◆ setAccessTokenSubject()

void org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.setAccessTokenSubject	(	IDToken	token,
		String	pairwiseSub
	)

inlineprotectedinherited

                                                                             {
         token.setSubject(pairwiseSub);
     }

◆ setClaim() [1/2]

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		UserSessionModel	userSession
	)

inlineprotectedinherited

Intended to be overridden in ProtocolMapper implementations to add claims to an token.

引数

token
mappingModel
userSession

非推奨:: override setClaim(IDToken, ProtocolMapperModel, UserSessionModel, KeycloakSession) instead.

105 {

106 }

◆ setClaim() [2/2]

void org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		UserSessionModel	userSession,
		KeycloakSession	keycloakSession
	)

inlineprotectedinherited

Intended to be overridden in ProtocolMapper implementations to add claims to an token.

引数

token
mappingModel
userSession
keycloakSession

                                                                                                                                             {
         // we delegate to the old #setClaim(...) method for backwards compatibility
         setClaim(token, mappingModel, userSession);
     }

◆ setIDTokenSubject()

void org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.setIDTokenSubject	(	IDToken	token,
		String	pairwiseSub
	)

inlineprotectedinherited

                                                                         {
         token.setSubject(pairwiseSub);
     }

◆ setUserInfoTokenSubject()

void org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.setUserInfoTokenSubject	(	IDToken	token,
		String	pairwiseSub
	)

inlineprotectedinherited

                                                                               {
         token.getOtherClaims().put("sub", pairwiseSub);
     }

◆ transformAccessToken()

AccessToken org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.transformAccessToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inlineinherited

org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapperを実装しています。

                                                                                                                                                                                                        {
         setAccessTokenSubject(token, generateSub(mappingModel, getSectorIdentifier(clientSession.getClient(), mappingModel), userSession.getUser().getId()));
         return token;
     }

◆ transformIDToken()

IDToken org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.transformIDToken	(	IDToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inlineinherited

org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapperを実装しています。

                                                                                                                                                                                            {
         setIDTokenSubject(token, generateSub(mappingModel, getSectorIdentifier(clientSession.getClient(), mappingModel), userSession.getUser().getId()));
         return token;
     }

◆ transformUserInfoToken()

AccessToken org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.transformUserInfoToken	(	AccessToken	token,
		ProtocolMapperModel	mappingModel,
		KeycloakSession	session,
		UserSessionModel	userSession,
		AuthenticatedClientSessionModel	clientSession
	)

inlineinherited

org.keycloak.protocol.oidc.mappers.UserInfoTokenMapperを実装しています。

                                                                                                                                                                                                          {
         setUserInfoTokenSubject(token, generateSub(mappingModel, getSectorIdentifier(clientSession.getClient(), mappingModel), userSession.getUser().getId()));
         return token;
     }

◆ validateAdditionalConfig()

void org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.validateAdditionalConfig	(	KeycloakSession	session,
		RealmModel	realm,
		ProtocolMapperContainerModel	mapperContainer,
		ProtocolMapperModel	mapperModel
	)		throws ProtocolMapperConfigException

inline

                                                                                                                                                                                                         {
         // Generate random salt if needed
         String salt = PairwiseSubMapperHelper.getSalt(mapperModel);
         if (salt == null || salt.trim().isEmpty()) {
             salt = generateSalt();
             PairwiseSubMapperHelper.setSalt(mapperModel, salt);
         }
     }

◆ validateConfig()

final void org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.validateConfig	(	KeycloakSession	session,
		RealmModel	realm,
		ProtocolMapperContainerModel	mapperContainer,
		ProtocolMapperModel	mapperModel
	)		throws ProtocolMapperConfigException

inlineinherited

                                                                                                                                                                                                     {
         ClientModel client = null;
         if (mapperContainer instanceof ClientModel) {
             client = (ClientModel) mapperContainer;
             PairwiseSubMapperValidator.validate(session, client, mapperModel);
         }
         validateAdditionalConfig(session, realm, mapperContainer, mapperModel);
     }

メンバ詳解

◆ charset

final Charset org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.charset

private

◆ HASH_ALGORITHM

final String org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.HASH_ALGORITHM = "SHA-256"

staticprivate

◆ logger

final Logger org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.logger = Logger.getLogger(SHA256PairwiseSubMapper.class)

staticprivate

◆ PROVIDER_ID

final String org.keycloak.protocol.oidc.mappers.SHA256PairwiseSubMapper.PROVIDER_ID = "sha256"

static

◆ PROVIDER_ID_SUFFIX

final String org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper.PROVIDER_ID_SUFFIX = "-pairwise-sub-mapper"

staticinherited

◆ TOKEN_MAPPER_CATEGORY

final String org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.TOKEN_MAPPER_CATEGORY = "Token mapper"

staticinherited

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/protocol/oidc/mappers/SHA256PairwiseSubMapper.java

公開メンバ関数

静的公開メンバ関数

静的公開変数類

限定公開メンバ関数

非公開メンバ関数

静的非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ SHA256PairwiseSubMapper()

関数詳解

◆ close()

◆ create()

◆ createPairwiseMapper()

◆ generateSalt()

◆ generateSub() [1/2]

◆ generateSub() [2/2]

◆ getAdditionalConfigProperties()

◆ getConfigProperties()

◆ getDisplayCategory()

◆ getDisplayType()

◆ getHelpText()

◆ getId()

◆ getIdPrefix()

◆ getProtocol()

◆ init()

◆ postInit()

◆ setAccessTokenSubject()

◆ setClaim() [1/2]

◆ setClaim() [2/2]

◆ setIDTokenSubject()

◆ setUserInfoTokenSubject()

◆ transformAccessToken()

◆ transformIDToken()

◆ transformUserInfoToken()

◆ validateAdditionalConfig()

◆ validateConfig()

メンバ詳解

◆ charset

◆ HASH_ALGORITHM

◆ logger

◆ PROVIDER_ID

◆ PROVIDER_ID_SUFFIX

◆ TOKEN_MAPPER_CATEGORY