Package org.keycloak.broker.oidc.mappers

Class AbstractClaimToRoleMapper

java.lang.Object

org.keycloak.broker.provider.AbstractIdentityProviderMapper

org.keycloak.broker.oidc.mappers.AbstractClaimMapper

org.keycloak.broker.oidc.mappers.AbstractClaimToRoleMapper

All Implemented Interfaces:

IdentityProviderMapper, ConfiguredProvider, Provider, ProviderFactory<IdentityProviderMapper>

Direct Known Subclasses:

AdvancedClaimToRoleMapper, ClaimToRoleMapper, ExternalKeycloakRoleToRoleMapper

public abstract class AbstractClaimToRoleMapper
extends AbstractClaimMapper

Abstract class that handles the logic for importing and updating brokered users for all mappers that map an OIDC claim into a Keycloak role.

Author:

Stefan Guilhen, Daniel Fesenmeyer

Field Summary

Fields inherited from class org.keycloak.broker.oidc.mappers.AbstractClaimMapper

CLAIM, CLAIM_VALUE

Fields inherited from interface org.keycloak.broker.provider.IdentityProviderMapper

ANY_PROVIDER, DEFAULT_IDENTITY_PROVIDER_MAPPER_SYNC_MODES

Constructor Summary

Constructors

Constructor	Description
AbstractClaimToRoleMapper()

Method Summary

Modifier and Type	Method	Description
protected abstract boolean	applies(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context)	This method must be implemented by subclasses and they must return true if their mapping can be applied (i.e.
void	importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context)	Called after UserModel is created for first time for this user.
void	updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context)	Called when this user has logged in before and has already been imported.
void	updateBrokeredUserLegacy(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context)	Called when this user has logged in before and has already been imported.

Methods inherited from class org.keycloak.broker.oidc.mappers.AbstractClaimMapper

getClaimValue, getClaimValue, getClaimValue, hasClaimValue, valueEquals

Methods inherited from class org.keycloak.broker.provider.AbstractIdentityProviderMapper

close, create, init, postInit, preprocessFederatedIdentity

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.provider.ConfiguredProvider

getConfig, getConfigProperties, getHelpText

Methods inherited from interface org.keycloak.broker.provider.IdentityProviderMapper

getCompatibleProviders, getDisplayCategory, getDisplayType, supportsSyncMode

Methods inherited from interface org.keycloak.provider.ProviderFactory

getConfigMetadata, getId, order

Constructor Detail

AbstractClaimToRoleMapper

public AbstractClaimToRoleMapper()

Method Detail

importNewUser

public void importNewUser(KeycloakSession session,
                          RealmModel realm,
                          UserModel user,
                          IdentityProviderMapperModel mapperModel,
                          BrokeredIdentityContext context)

Description copied from interface: IdentityProviderMapper

Called after UserModel is created for first time for this user. Called after "FirstBrokerLogin" flow

Specified by:

importNewUser in interface IdentityProviderMapper

Overrides:

importNewUser in class AbstractIdentityProviderMapper

updateBrokeredUserLegacy

public void updateBrokeredUserLegacy(KeycloakSession session,
                                     RealmModel realm,
                                     UserModel user,
                                     IdentityProviderMapperModel mapperModel,
                                     BrokeredIdentityContext context)

Description copied from interface: IdentityProviderMapper

Called when this user has logged in before and has already been imported. Legacy behaviour. When updating the mapper to correctly update brokered users in all sync modes, move the old behavior into this method.

Specified by:

updateBrokeredUserLegacy in interface IdentityProviderMapper

Overrides:

updateBrokeredUserLegacy in class AbstractIdentityProviderMapper

updateBrokeredUser

public void updateBrokeredUser(KeycloakSession session,
                               RealmModel realm,
                               UserModel user,
                               IdentityProviderMapperModel mapperModel,
                               BrokeredIdentityContext context)

Description copied from interface: IdentityProviderMapper

Called when this user has logged in before and has already been imported.

Specified by:

updateBrokeredUser in interface IdentityProviderMapper

Overrides:

updateBrokeredUser in class AbstractIdentityProviderMapper

applies

protected abstract boolean applies(IdentityProviderMapperModel mapperModel,
                                   BrokeredIdentityContext context)

This method must be implemented by subclasses and they must return true if their mapping can be applied (i.e. user has the OIDC claim that should be mapped) or false otherwise.

Parameters:

mapperModel - a reference to the IdentityProviderMapperModel.

context - a reference to the BrokeredIdentityContext.

Returns:

true if the mapping can be applied or false otherwise.*