public class UserClientRoleMappingMapper extends AbstractOIDCProtocolMapper
Modifier and Type | Field and Description |
---|---|
static String |
PROVIDER_ID |
TOKEN_MAPPER_CATEGORY
Constructor and Description |
---|
UserClientRoleMappingMapper() |
Modifier and Type | Method and Description |
---|---|
static ProtocolMapperModel |
create(String clientId,
String clientRolePrefix,
String name,
String tokenClaimName,
boolean accessToken,
boolean idToken) |
static ProtocolMapperModel |
create(String clientId,
String clientRolePrefix,
String name,
String tokenClaimName,
boolean accessToken,
boolean idToken,
boolean multiValued) |
List<ProviderConfigProperty> |
getConfigProperties() |
String |
getDisplayCategory() |
String |
getDisplayType() |
String |
getHelpText() |
String |
getId() |
int |
getPriority()
Priority of this protocolMapper implementation.
|
protected static void |
setClaim(IDToken token,
ProtocolMapperModel mappingModel,
Set<String> rolesToAdd,
String clientId,
String prefix)
Retrieves all roles of the current user based on direct roles set to the user, its groups and their parent groups.
|
protected void |
setClaim(IDToken token,
ProtocolMapperModel mappingModel,
UserSessionModel userSession,
KeycloakSession session,
ClientSessionContext clientSessionCtx)
Intended to be overridden in
ProtocolMapper implementations to add claims to an token. |
close, create, getProtocol, init, postInit, setClaim, transformAccessToken, transformIDToken, transformUserInfoToken
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
transformAccessToken
transformIDToken
transformUserInfoToken
validateConfig
order
public static final String PROVIDER_ID
public List<ProviderConfigProperty> getConfigProperties()
public String getId()
public String getDisplayType()
public String getDisplayCategory()
public String getHelpText()
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession session, ClientSessionContext clientSessionCtx)
AbstractOIDCProtocolMapper
ProtocolMapper
implementations to add claims to an token.setClaim
in class AbstractOIDCProtocolMapper
public static ProtocolMapperModel create(String clientId, String clientRolePrefix, String name, String tokenClaimName, boolean accessToken, boolean idToken)
public static ProtocolMapperModel create(String clientId, String clientRolePrefix, String name, String tokenClaimName, boolean accessToken, boolean idToken, boolean multiValued)
public int getPriority()
ProtocolMapper
getPriority
in interface ProtocolMapper
protected static void setClaim(IDToken token, ProtocolMapperModel mappingModel, Set<String> rolesToAdd, String clientId, String prefix)
restriction
.
If the current client sessions is restricted (i.e. no client found in active user session has full scope allowed),
the final list of roles is also restricted by the client scope. Finally, the list is mapped to the token into
a claim.token
- mappingModel
- rolesToAdd
- clientId
- prefix
- Copyright © 2020 JBoss by Red Hat. All rights reserved.