Class AbstractPairwiseSubMapper
java.lang.Object
org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
org.keycloak.protocol.oidc.mappers.AbstractPairwiseSubMapper
- All Implemented Interfaces:
LogoutTokenMapper,OIDCAccessTokenMapper,OIDCIDTokenMapper,TokenIntrospectionTokenMapper,UserInfoTokenMapper,ProtocolMapper,ConfiguredProvider,Provider,ProviderFactory<ProtocolMapper>
- Direct Known Subclasses:
SHA256PairwiseSubMapper
public abstract class AbstractPairwiseSubMapper
extends AbstractOIDCProtocolMapper
implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper, TokenIntrospectionTokenMapper, LogoutTokenMapper
Set the 'sub' claim to pairwise .
- Author:
- Martin Hardselius
-
Field Summary
FieldsFields inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
TOKEN_MAPPER_CATEGORY -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionabstract StringgenerateSub(ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub) Generates a pairwise subject identifier.Override to add additional provider configuration properties.final List<ProviderConfigProperty>final Stringfinal StringgetId()abstract Stringprotected voidsetAccessTokenSubject(IDToken token, String pairwiseSub) protected voidsetIDTokenSubject(IDToken token, String pairwiseSub) protected voidsetLogoutTokenSubject(LogoutToken token, String pairwiseSub) protected voidsetUserInfoTokenSubject(IDToken token, String pairwiseSub) transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) transformIDToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) transformIntrospectionToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) transformLogoutToken(LogoutToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) transformUserInfoToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) voidvalidateAdditionalConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) Override to add additional configuration validation.final voidvalidateConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) Called when instance of mapperModel is created/updated for this protocolMapper through admin endpointMethods inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
close, create, getEffectiveModel, getProtocol, getShouldUseLightweightToken, init, postInit, setClaim, setClaim, setClaim, transformAccessTokenResponseMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.provider.ConfiguredProvider
getConfig, getHelpTextMethods inherited from interface org.keycloak.protocol.ProtocolMapper
getDisplayType, getPriorityMethods inherited from interface org.keycloak.provider.ProviderFactory
dependsOn, getConfigMetadata, order
-
Field Details
-
PROVIDER_ID_SUFFIX
- See Also:
-
-
Constructor Details
-
AbstractPairwiseSubMapper
public AbstractPairwiseSubMapper()
-
-
Method Details
-
getIdPrefix
-
generateSub
public abstract String generateSub(ProtocolMapperModel mappingModel, String sectorIdentifier, String localSub) Generates a pairwise subject identifier.- Parameters:
mappingModel-sectorIdentifier- client sector identifierlocalSub- local subject identifier (user id)- Returns:
- A pairwise subject identifier
-
getAdditionalConfigProperties
Override to add additional provider configuration properties. By default, a pairwise sub mapper will only contain configuration for a sector identifier URI.- Returns:
- A list of provider configuration properties.
-
validateAdditionalConfig
public void validateAdditionalConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException Override to add additional configuration validation. Called when instance of mapperModel is created/updated for this protocolMapper through admin endpoint.- Parameters:
session-realm-mapperContainer- client or clientScopemapperModel-- Throws:
ProtocolMapperConfigException- if configuration provided in mapperModel is not valid
-
getDisplayCategory
- Specified by:
getDisplayCategoryin interfaceProtocolMapper
-
transformIDToken
public IDToken transformIDToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformIDTokenin interfaceOIDCIDTokenMapper- Overrides:
transformIDTokenin classAbstractOIDCProtocolMapper
-
transformAccessToken
public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformAccessTokenin interfaceOIDCAccessTokenMapper- Overrides:
transformAccessTokenin classAbstractOIDCProtocolMapper
-
transformIntrospectionToken
public AccessToken transformIntrospectionToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformIntrospectionTokenin interfaceTokenIntrospectionTokenMapper- Overrides:
transformIntrospectionTokenin classAbstractOIDCProtocolMapper
-
transformLogoutToken
public LogoutToken transformLogoutToken(LogoutToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformLogoutTokenin interfaceLogoutTokenMapper
-
transformUserInfoToken
public AccessToken transformUserInfoToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformUserInfoTokenin interfaceUserInfoTokenMapper- Overrides:
transformUserInfoTokenin classAbstractOIDCProtocolMapper
-
setIDTokenSubject
-
setAccessTokenSubject
-
setLogoutTokenSubject
-
setUserInfoTokenSubject
-
getConfigProperties
- Specified by:
getConfigPropertiesin interfaceConfiguredProvider
-
validateConfig
public final void validateConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel mapperContainer, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException Description copied from interface:ProtocolMapperCalled when instance of mapperModel is created/updated for this protocolMapper through admin endpoint- Specified by:
validateConfigin interfaceProtocolMappermapperContainer- client or clientTemplate- Throws:
ProtocolMapperConfigException- if configuration provided in mapperModel is not valid
-
getId
- Specified by:
getIdin interfaceProviderFactory<ProtocolMapper>
-