检索令牌时无法获取密钥斗篷协议映射器来调用

时间:2019-11-14 21:47:44

标签: java keycloak mapper keycloak-services

Keycloak 7.3.0GA服务器

使用库keycloak-services 3.4.3

我们的团队无法让我们的Keycloak协议映射器在令牌调用期间调用:

  • 映射器在启动时进行了注册,并在我们的客户的映射器列表中可用
  • 我们在客户端的KC UI中添加了映射器
  • 当我尝试“评估”标签时,自定义映射器(Stackoverflow自定义映射器)确实在列表中显示为“有效协议映射器”之一。
  • 但是,似乎没有从Java端调用映射器,但日志中什么也没看到
  • 目前,我们只是希望看到transformAccessToken的日志语句和我们添加的测试声明

评估标签: Evaluate Tab Image

Java代码:

public class SoamProtocolMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper{

public static final String PROVIDER_ID = "oidc-customprotocolmapper";
private static Logger logger = Logger.getLogger(SoamProtocolMapper.class);

private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();

@Override
public List<ProviderConfigProperty> getConfigProperties() {
    logger.info("SOAM: inside getConfigProperties");
    return configProperties;
}

@Override
public String getDisplayCategory() {
    logger.info("SOAM: inside getDisplayCategory");
    return TOKEN_MAPPER_CATEGORY;
}

@Override
public String getDisplayType() {
    logger.info("SOAM: inside getDisplayType");
    return "Stackoverflow Custom Protocol Mapper";
}

@Override
public String getId() {
    logger.info("SOAM: inside getId");
    return PROVIDER_ID;
}

@Override
public String getHelpText() {
    logger.info("SOAM: inside getHelpText");
    return "some help text";
}

@Override
public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
        UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
    logger.info("SOAM: inside transformAccessToken");
    token.getOtherClaims().put("stackoverflowCustomToken", "stackoverflow");

    setClaim(token, mappingModel, userSession, session);
    return token;
}

public static ProtocolMapperModel create(String name, boolean accessToken, boolean idToken, boolean userInfo) {
    logger.info("SOAM: inside create");
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(PROVIDER_ID);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<String, String>();
    mapper.setConfig(config);
    return mapper;
}}

有什么帮助-谢谢!

1 个答案:

答案 0 :(得分:1)

回答我自己的问题。 staticcreate初始化方法中缺少几行代码。这是一个工作示例:

package com.github.bcgov.keycloak.soam;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper;
import org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.IDToken;


/**
 * SOAM Protocol Mapper
 */
public class SoamProtocolMapper extends AbstractOIDCProtocolMapper implements     OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper {

private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();

static {
    OIDCAttributeMapperHelper.addTokenClaimNameConfig(configProperties);
    OIDCAttributeMapperHelper.addIncludeInTokensConfig(configProperties, SoamProtocolMapper.class);
}

public static final String PROVIDER_ID = "oidc-soam-mapper";


public List<ProviderConfigProperty> getConfigProperties() {
    return configProperties;
}

@Override
public String getId() {
    return PROVIDER_ID;
}

@Override
public String getDisplayType() {
    return "Soam Protocol Mapper";
}

@Override
public String getDisplayCategory() {
    return TOKEN_MAPPER_CATEGORY;
}

@Override
public String getHelpText() { 
    return "Map SOAM claims";
}

protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
    token.getOtherClaims().put("test_claim", "Working!");
}

public static ProtocolMapperModel create(String name,
                                  String tokenClaimName,
                                  boolean consentRequired, String consentText,
                                  boolean accessToken, boolean idToken) {
    ProtocolMapperModel mapper = new ProtocolMapperModel();
    mapper.setName(name);
    mapper.setProtocolMapper(PROVIDER_ID);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    mapper.setConsentRequired(consentRequired);
    mapper.setConsentText(consentText);
    Map<String, String> config = new HashMap<String, String>();
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, tokenClaimName);
    if (accessToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    if (idToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    mapper.setConfig(config);

    return mapper;
}

}

相关问题
最新问题