diff --git a/avatar-importer/pom.xml b/avatar-importer/pom.xml
index 33a5484..3d9310d 100644
--- a/avatar-importer/pom.xml
+++ b/avatar-importer/pom.xml
@@ -5,7 +5,7 @@
org.gcube.iam
keycloak-d4science-spi-parent
- 2.0.0
+ 2.1.0-SNAPSHOT
avatar-importer
diff --git a/avatar-realm-resource/pom.xml b/avatar-realm-resource/pom.xml
index 35df85b..57c5c3f 100644
--- a/avatar-realm-resource/pom.xml
+++ b/avatar-realm-resource/pom.xml
@@ -7,7 +7,7 @@
org.gcube.iam
keycloak-d4science-spi-parent
- 2.0.0
+ 2.1.0-SNAPSHOT
avatar-realm-resource
diff --git a/avatar-storage/pom.xml b/avatar-storage/pom.xml
index f422d49..f39dbb1 100644
--- a/avatar-storage/pom.xml
+++ b/avatar-storage/pom.xml
@@ -7,7 +7,7 @@
org.gcube.iam
keycloak-d4science-spi-parent
- 2.0.0
+ 2.1.0-SNAPSHOT
avatar-storage
diff --git a/delete-account/pom.xml b/delete-account/pom.xml
index 6193053..a4921ee 100644
--- a/delete-account/pom.xml
+++ b/delete-account/pom.xml
@@ -7,7 +7,7 @@
org.gcube.iam
keycloak-d4science-spi-parent
- 2.0.0
+ 2.1.0-SNAPSHOT
delete-account
diff --git a/event-listener-provider/pom.xml b/event-listener-provider/pom.xml
index 2b3921f..705c501 100644
--- a/event-listener-provider/pom.xml
+++ b/event-listener-provider/pom.xml
@@ -7,7 +7,7 @@
org.gcube.iam
keycloak-d4science-spi-parent
- 2.0.0
+ 2.1.0-SNAPSHOT
event-listener-provider
diff --git a/identity-provider-mapper/pom.xml b/identity-provider-mapper/pom.xml
index 0dfc441..e15b95f 100644
--- a/identity-provider-mapper/pom.xml
+++ b/identity-provider-mapper/pom.xml
@@ -7,7 +7,7 @@
org.gcube.iam
keycloak-d4science-spi-parent
- 2.0.0
+ 2.1.0-SNAPSHOT
identity-provider-mapper
diff --git a/keycloak-d4science-script/pom.xml b/keycloak-d4science-script/pom.xml
index b943b1c..56fe4e3 100644
--- a/keycloak-d4science-script/pom.xml
+++ b/keycloak-d4science-script/pom.xml
@@ -7,7 +7,7 @@
org.gcube.iam
keycloak-d4science-spi-parent
- 2.0.0
+ 2.1.0-SNAPSHOT
keycloak-d4science-script
diff --git a/keycloak-d4science-theme/pom.xml b/keycloak-d4science-theme/pom.xml
index a5c9730..88118ff 100644
--- a/keycloak-d4science-theme/pom.xml
+++ b/keycloak-d4science-theme/pom.xml
@@ -7,7 +7,7 @@
org.gcube.iam
keycloak-d4science-spi-parent
- 2.0.0
+ 2.1.0-SNAPSHOT
keycloak-d4science-theme
diff --git a/keycloak-d4science-theme/src/main/resources/theme/d4science/login/theme.properties b/keycloak-d4science-theme/src/main/resources/theme/d4science/login/theme.properties
index 7687a46..7ba1191 100644
--- a/keycloak-d4science-theme/src/main/resources/theme/d4science/login/theme.properties
+++ b/keycloak-d4science-theme/src/main/resources/theme/d4science/login/theme.properties
@@ -34,4 +34,5 @@ ECLogoAlt=EU H2020 programme
footerRow=Project has received funding from the European Union's Horizon programme ...
kcFormCardWideClass=card-d4s-wide
-kcLogoIdP-eosc-oidc=fa fa-university
\ No newline at end of file
+kcLogoIdP-eosc-oidc=fa fa-university
+kcLogoIdP-isti-keycloak-oidc=fa fa-university
\ No newline at end of file
diff --git a/ldap-storage-mapper/pom.xml b/ldap-storage-mapper/pom.xml
index ba28506..cea57c7 100644
--- a/ldap-storage-mapper/pom.xml
+++ b/ldap-storage-mapper/pom.xml
@@ -7,7 +7,7 @@
org.gcube.iam
keycloak-d4science-spi-parent
- 2.0.0
+ 2.1.0-SNAPSHOT
ldap-storage-mapper
diff --git a/pom.xml b/pom.xml
index 8421846..adb00bc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
org.gcube.iam
keycloak-d4science-spi-parent
- 2.0.0
+ 2.1.0-SNAPSHOT
pom
@@ -32,7 +32,8 @@
keycloak-d4science-script
keycloak-d4science-theme
ldap-storage-mapper
- keycloak-d4science-bundle
+ protocol-mapper
+
diff --git a/protocol-mapper/CHANGELOG.md b/protocol-mapper/CHANGELOG.md
new file mode 100644
index 0000000..0ff63e6
--- /dev/null
+++ b/protocol-mapper/CHANGELOG.md
@@ -0,0 +1,6 @@
+This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+# Changelog for "identity-provider-mapper"
+
+## [v2.1.0-SNAPSHOT]
+- Added new module to make the custom protocol mappers available
diff --git a/protocol-mapper/FUNDING.md b/protocol-mapper/FUNDING.md
new file mode 100644
index 0000000..6fa9eac
--- /dev/null
+++ b/protocol-mapper/FUNDING.md
@@ -0,0 +1,26 @@
+# Acknowledgments
+
+The projects leading to this software have received funding from a series of European Union programmes including:
+
+- the Sixth Framework Programme for Research and Technological Development
+ - [DILIGENT](https://cordis.europa.eu/project/id/004260) (grant no. 004260).
+- the Seventh Framework Programme for research, technological development and demonstration
+ - [D4Science](https://cordis.europa.eu/project/id/212488) (grant no. 212488);
+ - [D4Science-II](https://cordis.europa.eu/project/id/239019) (grant no.239019);
+ - [ENVRI](https://cordis.europa.eu/project/id/283465) (grant no. 283465);
+ - [iMarine](https://cordis.europa.eu/project/id/283644) (grant no. 283644);
+ - [EUBrazilOpenBio](https://cordis.europa.eu/project/id/288754) (grant no. 288754).
+- the H2020 research and innovation programme
+ - [SoBigData](https://cordis.europa.eu/project/id/654024) (grant no. 654024);
+ - [PARTHENOS](https://cordis.europa.eu/project/id/654119) (grant no. 654119);
+ - [EGI-Engage](https://cordis.europa.eu/project/id/654142) (grant no. 654142);
+ - [ENVRI PLUS](https://cordis.europa.eu/project/id/654182) (grant no. 654182);
+ - [BlueBRIDGE](https://cordis.europa.eu/project/id/675680) (grant no. 675680);
+ - [PerformFISH](https://cordis.europa.eu/project/id/727610) (grant no. 727610);
+ - [AGINFRA PLUS](https://cordis.europa.eu/project/id/731001) (grant no. 731001);
+ - [DESIRA](https://cordis.europa.eu/project/id/818194) (grant no. 818194);
+ - [ARIADNEplus](https://cordis.europa.eu/project/id/823914) (grant no. 823914);
+ - [RISIS 2](https://cordis.europa.eu/project/id/824091) (grant no. 824091);
+ - [EOSC-Pillar](https://cordis.europa.eu/project/id/857650) (grant no. 857650);
+ - [Blue Cloud](https://cordis.europa.eu/project/id/862409) (grant no. 862409);
+ - [SoBigData-PlusPlus](https://cordis.europa.eu/project/id/871042) (grant no. 871042);
\ No newline at end of file
diff --git a/protocol-mapper/LICENSE.md b/protocol-mapper/LICENSE.md
new file mode 100644
index 0000000..1932b4c
--- /dev/null
+++ b/protocol-mapper/LICENSE.md
@@ -0,0 +1,311 @@
+#European Union Public Licence V.1.1
+
+##*EUPL © the European Community 2007*
+
+
+This **European Union Public Licence** (the **“EUPL”**) applies to the Work or Software
+(as defined below) which is provided under the terms of this Licence. Any use of
+the Work, other than as authorised under this Licence is prohibited (to the
+extent such use is covered by a right of the copyright holder of the Work).
+
+The Original Work is provided under the terms of this Licence when the Licensor
+(as defined below) has placed the following notice immediately following the
+copyright notice for the Original Work:
+
+**Licensed under the EUPL V.1.1**
+
+or has expressed by any other mean his willingness to license under the EUPL.
+
+
+
+##1. Definitions
+
+In this Licence, the following terms have the following meaning:
+
+- The Licence: this Licence.
+
+- The Original Work or the Software: the software distributed and/or
+ communicated by the Licensor under this Licence, available as Source Code and
+ also as Executable Code as the case may be.
+
+- Derivative Works: the works or software that could be created by the Licensee,
+ based upon the Original Work or modifications thereof. This Licence does not
+ define the extent of modification or dependence on the Original Work required
+ in order to classify a work as a Derivative Work; this extent is determined by
+ copyright law applicable in the country mentioned in Article 15.
+
+- The Work: the Original Work and/or its Derivative Works.
+
+- The Source Code: the human-readable form of the Work which is the most
+ convenient for people to study and modify.
+
+- The Executable Code: any code which has generally been compiled and which is
+ meant to be interpreted by a computer as a program.
+
+- The Licensor: the natural or legal person that distributes and/or communicates
+ the Work under the Licence.
+
+- Contributor(s): any natural or legal person who modifies the Work under the
+ Licence, or otherwise contributes to the creation of a Derivative Work.
+
+- The Licensee or “You”: any natural or legal person who makes any usage of the
+ Software under the terms of the Licence.
+
+- Distribution and/or Communication: any act of selling, giving, lending,
+ renting, distributing, communicating, transmitting, or otherwise making
+ available, on-line or off-line, copies of the Work or providing access to its
+ essential functionalities at the disposal of any other natural or legal
+ person.
+
+
+
+##2. Scope of the rights granted by the Licence
+
+The Licensor hereby grants You a world-wide, royalty-free, non-exclusive,
+sub-licensable licence to do the following, for the duration of copyright vested
+in the Original Work:
+
+- use the Work in any circumstance and for all usage, reproduce the Work, modify
+- the Original Work, and make Derivative Works based upon the Work, communicate
+- to the public, including the right to make available or display the Work or
+- copies thereof to the public and perform publicly, as the case may be, the
+- Work, distribute the Work or copies thereof, lend and rent the Work or copies
+- thereof, sub-license rights in the Work or copies thereof.
+
+Those rights can be exercised on any media, supports and formats, whether now
+known or later invented, as far as the applicable law permits so.
+
+In the countries where moral rights apply, the Licensor waives his right to
+exercise his moral right to the extent allowed by law in order to make effective
+the licence of the economic rights here above listed.
+
+The Licensor grants to the Licensee royalty-free, non exclusive usage rights to
+any patents held by the Licensor, to the extent necessary to make use of the
+rights granted on the Work under this Licence.
+
+
+
+##3. Communication of the Source Code
+
+The Licensor may provide the Work either in its Source Code form, or as
+Executable Code. If the Work is provided as Executable Code, the Licensor
+provides in addition a machine-readable copy of the Source Code of the Work
+along with each copy of the Work that the Licensor distributes or indicates, in
+a notice following the copyright notice attached to the Work, a repository where
+the Source Code is easily and freely accessible for as long as the Licensor
+continues to distribute and/or communicate the Work.
+
+
+
+##4. Limitations on copyright
+
+Nothing in this Licence is intended to deprive the Licensee of the benefits from
+any exception or limitation to the exclusive rights of the rights owners in the
+Original Work or Software, of the exhaustion of those rights or of other
+applicable limitations thereto.
+
+
+
+##5. Obligations of the Licensee
+
+The grant of the rights mentioned above is subject to some restrictions and
+obligations imposed on the Licensee. Those obligations are the following:
+
+Attribution right: the Licensee shall keep intact all copyright, patent or
+trademarks notices and all notices that refer to the Licence and to the
+disclaimer of warranties. The Licensee must include a copy of such notices and a
+copy of the Licence with every copy of the Work he/she distributes and/or
+communicates. The Licensee must cause any Derivative Work to carry prominent
+notices stating that the Work has been modified and the date of modification.
+
+Copyleft clause: If the Licensee distributes and/or communicates copies of the
+Original Works or Derivative Works based upon the Original Work, this
+Distribution and/or Communication will be done under the terms of this Licence
+or of a later version of this Licence unless the Original Work is expressly
+distributed only under this version of the Licence. The Licensee (becoming
+Licensor) cannot offer or impose any additional terms or conditions on the Work
+or Derivative Work that alter or restrict the terms of the Licence.
+
+Compatibility clause: If the Licensee Distributes and/or Communicates Derivative
+Works or copies thereof based upon both the Original Work and another work
+licensed under a Compatible Licence, this Distribution and/or Communication can
+be done under the terms of this Compatible Licence. For the sake of this clause,
+“Compatible Licence” refers to the licences listed in the appendix attached to
+this Licence. Should the Licensee’s obligations under the Compatible Licence
+conflict with his/her obligations under this Licence, the obligations of the
+Compatible Licence shall prevail.
+
+Provision of Source Code: When distributing and/or communicating copies of the
+Work, the Licensee will provide a machine-readable copy of the Source Code or
+indicate a repository where this Source will be easily and freely available for
+as long as the Licensee continues to distribute and/or communicate the Work.
+
+Legal Protection: This Licence does not grant permission to use the trade names,
+trademarks, service marks, or names of the Licensor, except as required for
+reasonable and customary use in describing the origin of the Work and
+reproducing the content of the copyright notice.
+
+
+
+##6. Chain of Authorship
+
+The original Licensor warrants that the copyright in the Original Work granted
+hereunder is owned by him/her or licensed to him/her and that he/she has the
+power and authority to grant the Licence.
+
+Each Contributor warrants that the copyright in the modifications he/she brings
+to the Work are owned by him/her or licensed to him/her and that he/she has the
+power and authority to grant the Licence.
+
+Each time You accept the Licence, the original Licensor and subsequent
+Contributors grant You a licence to their contributions to the Work, under the
+terms of this Licence.
+
+
+
+##7. Disclaimer of Warranty
+
+The Work is a work in progress, which is continuously improved by numerous
+contributors. It is not a finished work and may therefore contain defects or
+“bugs” inherent to this type of software development.
+
+For the above reason, the Work is provided under the Licence on an “as is” basis
+and without warranties of any kind concerning the Work, including without
+limitation merchantability, fitness for a particular purpose, absence of defects
+or errors, accuracy, non-infringement of intellectual property rights other than
+copyright as stated in Article 6 of this Licence.
+
+This disclaimer of warranty is an essential part of the Licence and a condition
+for the grant of any rights to the Work.
+
+
+
+##8. Disclaimer of Liability
+
+Except in the cases of wilful misconduct or damages directly caused to natural
+persons, the Licensor will in no event be liable for any direct or indirect,
+material or moral, damages of any kind, arising out of the Licence or of the use
+of the Work, including without limitation, damages for loss of goodwill, work
+stoppage, computer failure or malfunction, loss of data or any commercial
+damage, even if the Licensor has been advised of the possibility of such
+damage. However, the Licensor will be liable under statutory product liability
+laws as far such laws apply to the Work.
+
+
+
+##9. Additional agreements
+
+While distributing the Original Work or Derivative Works, You may choose to
+conclude an additional agreement to offer, and charge a fee for, acceptance of
+support, warranty, indemnity, or other liability obligations and/or services
+consistent with this Licence. However, in accepting such obligations, You may
+act only on your own behalf and on your sole responsibility, not on behalf of
+the original Licensor or any other Contributor, and only if You agree to
+indemnify, defend, and hold each Contributor harmless for any liability incurred
+by, or claims asserted against such Contributor by the fact You have accepted
+any such warranty or additional liability.
+
+
+
+##10. Acceptance of the Licence
+
+The provisions of this Licence can be accepted by clicking on an icon “I agree”
+placed under the bottom of a window displaying the text of this Licence or by
+affirming consent in any other similar way, in accordance with the rules of
+applicable law. Clicking on that icon indicates your clear and irrevocable
+acceptance of this Licence and all of its terms and conditions.
+
+Similarly, you irrevocably accept this Licence and all of its terms and
+conditions by exercising any rights granted to You by Article 2 of this Licence,
+such as the use of the Work, the creation by You of a Derivative Work or the
+Distribution and/or Communication by You of the Work or copies thereof.
+
+
+
+##11. Information to the public
+
+In case of any Distribution and/or Communication of the Work by means of
+electronic communication by You (for example, by offering to download the Work
+from a remote location) the distribution channel or media (for example, a
+website) must at least provide to the public the information requested by the
+applicable law regarding the Licensor, the Licence and the way it may be
+accessible, concluded, stored and reproduced by the Licensee.
+
+
+
+##12. Termination of the Licence
+
+The Licence and the rights granted hereunder will terminate automatically upon
+any breach by the Licensee of the terms of the Licence.
+
+Such a termination will not terminate the licences of any person who has
+received the Work from the Licensee under the Licence, provided such persons
+remain in full compliance with the Licence.
+
+
+
+##13. Miscellaneous
+
+Without prejudice of Article 9 above, the Licence represents the complete
+agreement between the Parties as to the Work licensed hereunder.
+
+If any provision of the Licence is invalid or unenforceable under applicable
+law, this will not affect the validity or enforceability of the Licence as a
+whole. Such provision will be construed and/or reformed so as necessary to make
+it valid and enforceable.
+
+The European Commission may publish other linguistic versions and/or new
+versions of this Licence, so far this is required and reasonable, without
+reducing the scope of the rights granted by the Licence. New versions of the
+Licence will be published with a unique version number.
+
+All linguistic versions of this Licence, approved by the European Commission,
+have identical value. Parties can take advantage of the linguistic version of
+their choice.
+
+
+
+##14. Jurisdiction
+
+Any litigation resulting from the interpretation of this License, arising
+between the European Commission, as a Licensor, and any Licensee, will be
+subject to the jurisdiction of the Court of Justice of the European Communities,
+as laid down in article 238 of the Treaty establishing the European Community.
+
+Any litigation arising between Parties, other than the European Commission, and
+resulting from the interpretation of this License, will be subject to the
+exclusive jurisdiction of the competent court where the Licensor resides or
+conducts its primary business.
+
+
+
+##15. Applicable Law
+
+This Licence shall be governed by the law of the European Union country where
+the Licensor resides or has his registered office.
+
+This licence shall be governed by the Belgian law if:
+
+- a litigation arises between the European Commission, as a Licensor, and any
+- Licensee; the Licensor, other than the European Commission, has no residence
+- or registered office inside a European Union country.
+
+
+---
+
+
+##Appendix
+
+
+**“Compatible Licences”** according to article 5 EUPL are:
+
+
+- GNU General Public License (GNU GPL) v. 2
+
+- Open Software License (OSL) v. 2.1, v. 3.0
+
+- Common Public License v. 1.0
+
+- Eclipse Public License v. 1.0
+
+- Cecill v. 2.0
diff --git a/protocol-mapper/README.md b/protocol-mapper/README.md
new file mode 100644
index 0000000..713647d
--- /dev/null
+++ b/protocol-mapper/README.md
@@ -0,0 +1,53 @@
+# Identity Provider Mapper
+
+**Protocol Mapper** extends the [Keycloak](https://www.keycloak.org)'s OIDC protocol mappers SPI. In this first release is introduced the possibility to specify the token audience by reading the value of a custom `X-D4Science-Context` HTTP header.
+
+## Structure of the project
+
+The source code is present in `src` folder.
+
+## Built With
+
+* [OpenJDK](https://openjdk.java.net/) - The JDK used
+* [Maven](https://maven.apache.org/) - Dependency Management
+
+## Documentation
+
+This is one of the modules that composes the EAR deployment defined in the "brother" module [keycloak-d4science-spi](../keycloak-d4science-spi-ear/README.md).
+
+To build the JAR artifact it is sufficient to type
+
+ mvn clean package
+
+### Installation
+
+#### Qurkus based Keycloak
+
+In order to deploy the module it is sufficient to copy into the `[keycloak-home]/providers` folder.
+
+## Change log
+
+See [CHANGELOG.md](CHANGELOG.md).
+
+## Authors
+
+* **Marco Lettere** ([Nubisware S.r.l.](http://www.nubisware.com))
+* **Mauro Mugnaini** ([Nubisware S.r.l.](http://www.nubisware.com))
+
+## How to Cite this Software
+[Intentionally left blank]
+
+## License
+
+This project is licensed under the EUPL V.1.1 License - see the [LICENSE.md](LICENSE.md) file for details.
+
+## About the gCube Framework
+This software is part of the [gCubeFramework](https://www.gcube-system.org/ "gCubeFramework"): an
+open-source software toolkit used for building and operating Hybrid Data
+Infrastructures enabling the dynamic deployment of Virtual Research Environments
+by favouring the realisation of reuse oriented policies.
+
+The projects leading to this software have received funding from a series of European Union programmes see [FUNDING.md](FUNDING.md)
+
+## Acknowledgments
+[Intentionally left blank]
\ No newline at end of file
diff --git a/protocol-mapper/pom.xml b/protocol-mapper/pom.xml
new file mode 100644
index 0000000..57a72c1
--- /dev/null
+++ b/protocol-mapper/pom.xml
@@ -0,0 +1,48 @@
+
+
+ 4.0.0
+
+
+ org.gcube.iam
+ keycloak-d4science-spi-parent
+ 2.1.0-SNAPSHOT
+
+
+ protocol-mapper
+ jar
+
+
+ scm:git:https://code-repo.d4science.org/gCubeSystem/${project.parent.artifactId}.git
+ scm:git:https://code-repo.d4science.org/gCubeSystem/${project.parent.artifactId}.git
+ https://code-repo.d4science.org/gCubeSystem/${project.parent.artifactId}
+
+
+
+ 5.8.2
+ 3.22.0
+ 4.5.1
+
+
+
+
+ org.keycloak
+ keycloak-saml-core
+ provided
+
+
+ org.assertj
+ assertj-core
+ ${assertj-core.version}
+ test
+
+
+ org.mockito
+ mockito-core
+ ${org-mockito.version}
+ test
+
+
+
+
+
+
\ No newline at end of file
diff --git a/protocol-mapper/src/main/java/org/gcube/keycloak/protocol/oidc/mapper/D4ScienceContextMapper.java b/protocol-mapper/src/main/java/org/gcube/keycloak/protocol/oidc/mapper/D4ScienceContextMapper.java
new file mode 100644
index 0000000..74f6175
--- /dev/null
+++ b/protocol-mapper/src/main/java/org/gcube/keycloak/protocol/oidc/mapper/D4ScienceContextMapper.java
@@ -0,0 +1,98 @@
+package org.gcube.keycloak.protocol.oidc.mapper;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.jboss.logging.Logger;
+import org.keycloak.models.ClientSessionContext;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.ProtocolMapperModel;
+import org.keycloak.models.UserSessionModel;
+import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
+import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
+import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
+import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.IDToken;
+
+public class D4ScienceContextMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper {
+
+ private static final Logger logger = Logger.getLogger(D4ScienceContextMapper.class);
+
+ private static final List configProperties = new ArrayList<>();
+
+ // Assuring that the mapper is executed as last
+ private static final int PRIORITY = Integer.MAX_VALUE;
+ private static final String DISPLAY_TYPE = "OIDC D4Science Context Mapper";
+ private static final String PROVIDER_ID = "oidc-d4scince-context-mapper";
+
+ public static final String HEADER_NAME = "X-D4Science-Context";
+// public static final String HEADER_NAME = "X-Infrastructure-Context";
+// public static final String HEADER_NAME = "X-Infra-Context";
+
+
+ static {
+ OIDCAttributeMapperHelper.addTokenClaimNameConfig(configProperties);
+ OIDCAttributeMapperHelper.addIncludeInTokensConfig(configProperties, D4ScienceContextMapper.class);
+ }
+
+ @Override
+ public String getDisplayCategory() {
+ return TOKEN_MAPPER_CATEGORY;
+ }
+
+ @Override
+ public int getPriority() {
+ return PRIORITY;
+ }
+
+ @Override
+ public String getDisplayType() {
+ return DISPLAY_TYPE;
+ }
+
+ @Override
+ public String getHelpText() {
+ return "Maps the D4Science context audience by reading the '" + HEADER_NAME + "' header and sets it as the configured token claim";
+ }
+
+ @Override
+ public List getConfigProperties() {
+ return configProperties;
+ }
+
+ @Override
+ public String getId() {
+ return PROVIDER_ID;
+ }
+
+ @Override
+ protected void setClaim(final IDToken token,
+ final ProtocolMapperModel mappingModel,
+ final UserSessionModel userSession,
+ final KeycloakSession keycloakSession,
+ final ClientSessionContext clientSessionCtx) {
+
+ // Since only the OIDCAccessTokenMapper interface is implemented, we are almost sure that
+ // the token object is an AccessToken but adding a specific check anyway
+ if (token instanceof AccessToken) {
+ logger.debugf("Looking for the '%s' header", HEADER_NAME);
+ String requestedD4SContext = keycloakSession.getContext().getRequestHeaders().getHeaderString(HEADER_NAME);
+
+ if (requestedD4SContext != null && !"".equals(requestedD4SContext)) {
+ logger.debugf("Checking resource access for the requested context: %s", requestedD4SContext);
+
+ if (((AccessToken) token).getResourceAccess().containsKey(requestedD4SContext)) {
+ logger.debugf("Mapping it as the configured claim: %s",
+ mappingModel.getConfig().get(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME));
+
+ OIDCAttributeMapperHelper.mapClaim(token, mappingModel, requestedD4SContext);
+ } else {
+ logger.warnf("Requested context '%s' is not accessible to the client: %s", requestedD4SContext,
+ clientSessionCtx.getClientSession().getClient().getName());
+ }
+ }
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/protocol-mapper/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper b/protocol-mapper/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper
new file mode 100644
index 0000000..5b8f773
--- /dev/null
+++ b/protocol-mapper/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper
@@ -0,0 +1 @@
+org.gcube.keycloak.protocol.oidc.mapper.D4ScienceContextMapper
\ No newline at end of file
diff --git a/protocol-mapper/src/test/java/org/gcube/keycloak/protocol/oidc/mapper/D4ScienceContextMapperTest.java b/protocol-mapper/src/test/java/org/gcube/keycloak/protocol/oidc/mapper/D4ScienceContextMapperTest.java
new file mode 100644
index 0000000..1829ad3
--- /dev/null
+++ b/protocol-mapper/src/test/java/org/gcube/keycloak/protocol/oidc/mapper/D4ScienceContextMapperTest.java
@@ -0,0 +1,145 @@
+package org.gcube.keycloak.protocol.oidc.mapper;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import javax.ws.rs.core.HttpHeaders;
+
+import org.assertj.core.util.Maps;
+import org.junit.Test;
+import org.keycloak.models.AuthenticatedClientSessionModel;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.ClientSessionContext;
+import org.keycloak.models.KeycloakContext;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.ProtocolMapperModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
+import org.keycloak.protocol.oidc.mappers.FullNameMapper;
+import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
+import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.representations.AccessToken;
+import org.mockito.Mockito;
+
+/**
+ * Original code repo: https://github.com/mschwartau/keycloak-custom-protocol-mapper-example
+ */
+public class D4ScienceContextMapperTest {
+
+ static final String CLAIM_NAME = "haandlerIdClaimNameExample";
+ static final String HEADER_VALUE = "ginostilla";
+
+ @Test
+ public void shouldTokenMapperDisplayCategory() {
+ final String tokenMapperDisplayCategory = new FullNameMapper().getDisplayCategory();
+ assertThat(new D4ScienceContextMapper().getDisplayCategory()).isEqualTo(tokenMapperDisplayCategory);
+ }
+
+ @Test
+ public void shouldHaveDisplayType() {
+ assertThat(new D4ScienceContextMapper().getDisplayType()).isNotBlank();
+ }
+
+ @Test
+ public void shouldHaveHelpText() {
+ assertThat(new D4ScienceContextMapper().getHelpText()).isNotBlank();
+ }
+
+ @Test
+ public void shouldHaveIdId() {
+ assertThat(new D4ScienceContextMapper().getId()).isNotBlank();
+ }
+
+ @Test
+ public void shouldHaveProperties() {
+ final List configPropertyNames = new D4ScienceContextMapper().getConfigProperties().stream()
+ .map(ProviderConfigProperty::getName)
+ .collect(Collectors.toList());
+
+ assertThat(configPropertyNames).containsExactly(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME,
+ OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
+ }
+
+ @Test
+ public void shouldAddClaim() {
+ final UserSessionModel session = givenUserSession();
+ final KeycloakSession keycloakSession = givenKeycloakSession(true);
+ final AccessToken accessToken = transformAccessToken(session, keycloakSession, true);
+ assertThat(accessToken.getOtherClaims().get(CLAIM_NAME)).isEqualTo(HEADER_VALUE);
+ }
+
+ @Test
+ public void shouldNotAddClaim() {
+ final UserSessionModel session = givenUserSession();
+ final KeycloakSession keycloakSession = givenKeycloakSession(false);
+ final AccessToken accessToken = transformAccessToken(session, keycloakSession, true);
+ assertThat(accessToken.getOtherClaims().get(CLAIM_NAME)).isNull();
+ }
+
+ @Test
+ public void shouldNotAddClaimAndLogWarning() {
+ final UserSessionModel session = givenUserSession();
+ final KeycloakSession keycloakSession = givenKeycloakSession(true);
+ final AccessToken accessToken = transformAccessToken(session, keycloakSession, false);
+ assertThat(accessToken.getOtherClaims().get(CLAIM_NAME)).isNull();
+ }
+
+ private UserSessionModel givenUserSession() {
+ UserSessionModel userSession = Mockito.mock(UserSessionModel.class);
+ UserModel user = Mockito.mock(UserModel.class);
+ when(userSession.getUser()).thenReturn(user);
+ return userSession;
+ }
+
+ private KeycloakSession givenKeycloakSession(boolean withHeader) {
+ KeycloakSession keycloakSession = Mockito.mock(KeycloakSession.class);
+ KeycloakContext context = Mockito.mock(KeycloakContext.class);
+ when(keycloakSession.getContext()).thenReturn(context);
+ HttpHeaders headers = Mockito.mock(HttpHeaders.class);
+ when(context.getRequestHeaders()).thenReturn(headers);
+
+ if (withHeader) {
+ when(headers.getHeaderString(D4ScienceContextMapper.HEADER_NAME)).thenReturn(HEADER_VALUE);
+ } else {
+ when(headers.getHeaderString(D4ScienceContextMapper.HEADER_NAME)).thenReturn("");
+ }
+ return keycloakSession;
+ }
+
+ private AccessToken transformAccessToken(UserSessionModel userSessionModel, KeycloakSession keycloakSession,
+ boolean withResourceAccess) {
+
+ final ProtocolMapperModel mappingModel = new ProtocolMapperModel();
+ mappingModel.setConfig(createConfig());
+ AccessToken at = new AccessToken();
+ if (withResourceAccess) {
+ at.setResourceAccess(Maps.newHashMap(HEADER_VALUE, null));
+ }
+
+ return new D4ScienceContextMapper().transformAccessToken(at, mappingModel, keycloakSession,
+ userSessionModel, givenClientSessionContext());
+ }
+
+ private ClientSessionContext givenClientSessionContext() {
+ ClientModel clientModel = Mockito.mock(ClientModel.class);
+ when(clientModel.getName()).thenReturn("test-client-id");
+ AuthenticatedClientSessionModel acsm = Mockito.mock(AuthenticatedClientSessionModel.class);
+ when(acsm.getClient()).thenReturn(clientModel);
+ ClientSessionContext csc = Mockito.mock(ClientSessionContext.class);
+ when(csc.getClientSession()).thenReturn(acsm);
+ return csc;
+ }
+
+ private Map createConfig() {
+ final Map result = new HashMap<>();
+ result.put("access.token.claim", "true");
+ result.put("claim.name", CLAIM_NAME);
+ return result;
+ }
+
+}
\ No newline at end of file
diff --git a/protocol-mapper/src/test/java/org/gcube/keycloak/protocol/oidc/mapper/NoDuplicateMapperTest.java b/protocol-mapper/src/test/java/org/gcube/keycloak/protocol/oidc/mapper/NoDuplicateMapperTest.java
new file mode 100644
index 0000000..926a4b5
--- /dev/null
+++ b/protocol-mapper/src/test/java/org/gcube/keycloak/protocol/oidc/mapper/NoDuplicateMapperTest.java
@@ -0,0 +1,25 @@
+package org.gcube.keycloak.protocol.oidc.mapper;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.util.Collection;
+import java.util.ServiceLoader;
+import java.util.stream.Collectors;
+import java.util.stream.StreamSupport;
+
+import org.junit.Test;
+import org.keycloak.protocol.ProtocolMapper;
+
+/**
+ * Original code repo: https://github.com/mschwartau/keycloak-custom-protocol-mapper-example
+ */
+public class NoDuplicateMapperTest {
+
+ @Test
+ public void shouldNotHaveMappersWithDuplicateIds() {
+ final ServiceLoader serviceLoader = ServiceLoader.load(ProtocolMapper.class);
+ final Collection mapperIds = StreamSupport.stream(serviceLoader.spliterator(), false).map(elem -> elem.getId()).collect(Collectors.toList());
+
+ assertThat(mapperIds).doesNotHaveDuplicates();
+ }
+}
diff --git a/protocol-mapper/src/test/resources/log4j.xml b/protocol-mapper/src/test/resources/log4j.xml
new file mode 100644
index 0000000..9ff69e5
--- /dev/null
+++ b/protocol-mapper/src/test/resources/log4j.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file