Merge branch 'wip-during-release'
This commit is contained in:
commit
6472632f0d
|
@ -5,7 +5,7 @@
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>org.gcube.iam</groupId>
|
<groupId>org.gcube.iam</groupId>
|
||||||
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
<version>2.0.0</version>
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>avatar-importer</artifactId>
|
<artifactId>avatar-importer</artifactId>
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>org.gcube.iam</groupId>
|
<groupId>org.gcube.iam</groupId>
|
||||||
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
<version>2.0.0</version>
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>avatar-realm-resource</artifactId>
|
<artifactId>avatar-realm-resource</artifactId>
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>org.gcube.iam</groupId>
|
<groupId>org.gcube.iam</groupId>
|
||||||
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
<version>2.0.0</version>
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>avatar-storage</artifactId>
|
<artifactId>avatar-storage</artifactId>
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>org.gcube.iam</groupId>
|
<groupId>org.gcube.iam</groupId>
|
||||||
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
<version>2.0.0</version>
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>delete-account</artifactId>
|
<artifactId>delete-account</artifactId>
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>org.gcube.iam</groupId>
|
<groupId>org.gcube.iam</groupId>
|
||||||
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
<version>2.0.0</version>
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>event-listener-provider</artifactId>
|
<artifactId>event-listener-provider</artifactId>
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>org.gcube.iam</groupId>
|
<groupId>org.gcube.iam</groupId>
|
||||||
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
<version>2.0.0</version>
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>identity-provider-mapper</artifactId>
|
<artifactId>identity-provider-mapper</artifactId>
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>org.gcube.iam</groupId>
|
<groupId>org.gcube.iam</groupId>
|
||||||
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
<version>2.0.0</version>
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>keycloak-d4science-script</artifactId>
|
<artifactId>keycloak-d4science-script</artifactId>
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>org.gcube.iam</groupId>
|
<groupId>org.gcube.iam</groupId>
|
||||||
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
<version>2.0.0</version>
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>keycloak-d4science-theme</artifactId>
|
<artifactId>keycloak-d4science-theme</artifactId>
|
||||||
|
|
|
@ -34,4 +34,5 @@ ECLogoAlt=EU H2020 programme
|
||||||
footerRow=Project has received funding from the European Union's Horizon programme ...
|
footerRow=Project has received funding from the European Union's Horizon programme ...
|
||||||
|
|
||||||
kcFormCardWideClass=card-d4s-wide
|
kcFormCardWideClass=card-d4s-wide
|
||||||
kcLogoIdP-eosc-oidc=fa fa-university
|
kcLogoIdP-eosc-oidc=fa fa-university
|
||||||
|
kcLogoIdP-isti-keycloak-oidc=fa fa-university
|
|
@ -7,7 +7,7 @@
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>org.gcube.iam</groupId>
|
<groupId>org.gcube.iam</groupId>
|
||||||
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
<version>2.0.0</version>
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<artifactId>ldap-storage-mapper</artifactId>
|
<artifactId>ldap-storage-mapper</artifactId>
|
||||||
|
|
5
pom.xml
5
pom.xml
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
<groupId>org.gcube.iam</groupId>
|
<groupId>org.gcube.iam</groupId>
|
||||||
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
<version>2.0.0</version>
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
<packaging>pom</packaging>
|
<packaging>pom</packaging>
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
|
@ -32,7 +32,8 @@
|
||||||
<module>keycloak-d4science-script</module>
|
<module>keycloak-d4science-script</module>
|
||||||
<module>keycloak-d4science-theme</module>
|
<module>keycloak-d4science-theme</module>
|
||||||
<module>ldap-storage-mapper</module>
|
<module>ldap-storage-mapper</module>
|
||||||
<module>keycloak-d4science-bundle</module>
|
<module>protocol-mapper</module>
|
||||||
|
<!-- <module>keycloak-d4science-bundle</module>-->
|
||||||
</modules>
|
</modules>
|
||||||
|
|
||||||
<dependencyManagement>
|
<dependencyManagement>
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
# Changelog for "identity-provider-mapper"
|
||||||
|
|
||||||
|
## [v2.1.0-SNAPSHOT]
|
||||||
|
- Added new module to make the custom protocol mappers available
|
|
@ -0,0 +1,26 @@
|
||||||
|
# Acknowledgments
|
||||||
|
|
||||||
|
The projects leading to this software have received funding from a series of European Union programmes including:
|
||||||
|
|
||||||
|
- the Sixth Framework Programme for Research and Technological Development
|
||||||
|
- [DILIGENT](https://cordis.europa.eu/project/id/004260) (grant no. 004260).
|
||||||
|
- the Seventh Framework Programme for research, technological development and demonstration
|
||||||
|
- [D4Science](https://cordis.europa.eu/project/id/212488) (grant no. 212488);
|
||||||
|
- [D4Science-II](https://cordis.europa.eu/project/id/239019) (grant no.239019);
|
||||||
|
- [ENVRI](https://cordis.europa.eu/project/id/283465) (grant no. 283465);
|
||||||
|
- [iMarine](https://cordis.europa.eu/project/id/283644) (grant no. 283644);
|
||||||
|
- [EUBrazilOpenBio](https://cordis.europa.eu/project/id/288754) (grant no. 288754).
|
||||||
|
- the H2020 research and innovation programme
|
||||||
|
- [SoBigData](https://cordis.europa.eu/project/id/654024) (grant no. 654024);
|
||||||
|
- [PARTHENOS](https://cordis.europa.eu/project/id/654119) (grant no. 654119);
|
||||||
|
- [EGI-Engage](https://cordis.europa.eu/project/id/654142) (grant no. 654142);
|
||||||
|
- [ENVRI PLUS](https://cordis.europa.eu/project/id/654182) (grant no. 654182);
|
||||||
|
- [BlueBRIDGE](https://cordis.europa.eu/project/id/675680) (grant no. 675680);
|
||||||
|
- [PerformFISH](https://cordis.europa.eu/project/id/727610) (grant no. 727610);
|
||||||
|
- [AGINFRA PLUS](https://cordis.europa.eu/project/id/731001) (grant no. 731001);
|
||||||
|
- [DESIRA](https://cordis.europa.eu/project/id/818194) (grant no. 818194);
|
||||||
|
- [ARIADNEplus](https://cordis.europa.eu/project/id/823914) (grant no. 823914);
|
||||||
|
- [RISIS 2](https://cordis.europa.eu/project/id/824091) (grant no. 824091);
|
||||||
|
- [EOSC-Pillar](https://cordis.europa.eu/project/id/857650) (grant no. 857650);
|
||||||
|
- [Blue Cloud](https://cordis.europa.eu/project/id/862409) (grant no. 862409);
|
||||||
|
- [SoBigData-PlusPlus](https://cordis.europa.eu/project/id/871042) (grant no. 871042);
|
|
@ -0,0 +1,311 @@
|
||||||
|
#European Union Public Licence V.1.1
|
||||||
|
|
||||||
|
##*EUPL © the European Community 2007*
|
||||||
|
|
||||||
|
|
||||||
|
This **European Union Public Licence** (the **“EUPL”**) applies to the Work or Software
|
||||||
|
(as defined below) which is provided under the terms of this Licence. Any use of
|
||||||
|
the Work, other than as authorised under this Licence is prohibited (to the
|
||||||
|
extent such use is covered by a right of the copyright holder of the Work).
|
||||||
|
|
||||||
|
The Original Work is provided under the terms of this Licence when the Licensor
|
||||||
|
(as defined below) has placed the following notice immediately following the
|
||||||
|
copyright notice for the Original Work:
|
||||||
|
|
||||||
|
**Licensed under the EUPL V.1.1**
|
||||||
|
|
||||||
|
or has expressed by any other mean his willingness to license under the EUPL.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##1. Definitions
|
||||||
|
|
||||||
|
In this Licence, the following terms have the following meaning:
|
||||||
|
|
||||||
|
- The Licence: this Licence.
|
||||||
|
|
||||||
|
- The Original Work or the Software: the software distributed and/or
|
||||||
|
communicated by the Licensor under this Licence, available as Source Code and
|
||||||
|
also as Executable Code as the case may be.
|
||||||
|
|
||||||
|
- Derivative Works: the works or software that could be created by the Licensee,
|
||||||
|
based upon the Original Work or modifications thereof. This Licence does not
|
||||||
|
define the extent of modification or dependence on the Original Work required
|
||||||
|
in order to classify a work as a Derivative Work; this extent is determined by
|
||||||
|
copyright law applicable in the country mentioned in Article 15.
|
||||||
|
|
||||||
|
- The Work: the Original Work and/or its Derivative Works.
|
||||||
|
|
||||||
|
- The Source Code: the human-readable form of the Work which is the most
|
||||||
|
convenient for people to study and modify.
|
||||||
|
|
||||||
|
- The Executable Code: any code which has generally been compiled and which is
|
||||||
|
meant to be interpreted by a computer as a program.
|
||||||
|
|
||||||
|
- The Licensor: the natural or legal person that distributes and/or communicates
|
||||||
|
the Work under the Licence.
|
||||||
|
|
||||||
|
- Contributor(s): any natural or legal person who modifies the Work under the
|
||||||
|
Licence, or otherwise contributes to the creation of a Derivative Work.
|
||||||
|
|
||||||
|
- The Licensee or “You”: any natural or legal person who makes any usage of the
|
||||||
|
Software under the terms of the Licence.
|
||||||
|
|
||||||
|
- Distribution and/or Communication: any act of selling, giving, lending,
|
||||||
|
renting, distributing, communicating, transmitting, or otherwise making
|
||||||
|
available, on-line or off-line, copies of the Work or providing access to its
|
||||||
|
essential functionalities at the disposal of any other natural or legal
|
||||||
|
person.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##2. Scope of the rights granted by the Licence
|
||||||
|
|
||||||
|
The Licensor hereby grants You a world-wide, royalty-free, non-exclusive,
|
||||||
|
sub-licensable licence to do the following, for the duration of copyright vested
|
||||||
|
in the Original Work:
|
||||||
|
|
||||||
|
- use the Work in any circumstance and for all usage, reproduce the Work, modify
|
||||||
|
- the Original Work, and make Derivative Works based upon the Work, communicate
|
||||||
|
- to the public, including the right to make available or display the Work or
|
||||||
|
- copies thereof to the public and perform publicly, as the case may be, the
|
||||||
|
- Work, distribute the Work or copies thereof, lend and rent the Work or copies
|
||||||
|
- thereof, sub-license rights in the Work or copies thereof.
|
||||||
|
|
||||||
|
Those rights can be exercised on any media, supports and formats, whether now
|
||||||
|
known or later invented, as far as the applicable law permits so.
|
||||||
|
|
||||||
|
In the countries where moral rights apply, the Licensor waives his right to
|
||||||
|
exercise his moral right to the extent allowed by law in order to make effective
|
||||||
|
the licence of the economic rights here above listed.
|
||||||
|
|
||||||
|
The Licensor grants to the Licensee royalty-free, non exclusive usage rights to
|
||||||
|
any patents held by the Licensor, to the extent necessary to make use of the
|
||||||
|
rights granted on the Work under this Licence.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##3. Communication of the Source Code
|
||||||
|
|
||||||
|
The Licensor may provide the Work either in its Source Code form, or as
|
||||||
|
Executable Code. If the Work is provided as Executable Code, the Licensor
|
||||||
|
provides in addition a machine-readable copy of the Source Code of the Work
|
||||||
|
along with each copy of the Work that the Licensor distributes or indicates, in
|
||||||
|
a notice following the copyright notice attached to the Work, a repository where
|
||||||
|
the Source Code is easily and freely accessible for as long as the Licensor
|
||||||
|
continues to distribute and/or communicate the Work.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##4. Limitations on copyright
|
||||||
|
|
||||||
|
Nothing in this Licence is intended to deprive the Licensee of the benefits from
|
||||||
|
any exception or limitation to the exclusive rights of the rights owners in the
|
||||||
|
Original Work or Software, of the exhaustion of those rights or of other
|
||||||
|
applicable limitations thereto.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##5. Obligations of the Licensee
|
||||||
|
|
||||||
|
The grant of the rights mentioned above is subject to some restrictions and
|
||||||
|
obligations imposed on the Licensee. Those obligations are the following:
|
||||||
|
|
||||||
|
Attribution right: the Licensee shall keep intact all copyright, patent or
|
||||||
|
trademarks notices and all notices that refer to the Licence and to the
|
||||||
|
disclaimer of warranties. The Licensee must include a copy of such notices and a
|
||||||
|
copy of the Licence with every copy of the Work he/she distributes and/or
|
||||||
|
communicates. The Licensee must cause any Derivative Work to carry prominent
|
||||||
|
notices stating that the Work has been modified and the date of modification.
|
||||||
|
|
||||||
|
Copyleft clause: If the Licensee distributes and/or communicates copies of the
|
||||||
|
Original Works or Derivative Works based upon the Original Work, this
|
||||||
|
Distribution and/or Communication will be done under the terms of this Licence
|
||||||
|
or of a later version of this Licence unless the Original Work is expressly
|
||||||
|
distributed only under this version of the Licence. The Licensee (becoming
|
||||||
|
Licensor) cannot offer or impose any additional terms or conditions on the Work
|
||||||
|
or Derivative Work that alter or restrict the terms of the Licence.
|
||||||
|
|
||||||
|
Compatibility clause: If the Licensee Distributes and/or Communicates Derivative
|
||||||
|
Works or copies thereof based upon both the Original Work and another work
|
||||||
|
licensed under a Compatible Licence, this Distribution and/or Communication can
|
||||||
|
be done under the terms of this Compatible Licence. For the sake of this clause,
|
||||||
|
“Compatible Licence” refers to the licences listed in the appendix attached to
|
||||||
|
this Licence. Should the Licensee’s obligations under the Compatible Licence
|
||||||
|
conflict with his/her obligations under this Licence, the obligations of the
|
||||||
|
Compatible Licence shall prevail.
|
||||||
|
|
||||||
|
Provision of Source Code: When distributing and/or communicating copies of the
|
||||||
|
Work, the Licensee will provide a machine-readable copy of the Source Code or
|
||||||
|
indicate a repository where this Source will be easily and freely available for
|
||||||
|
as long as the Licensee continues to distribute and/or communicate the Work.
|
||||||
|
|
||||||
|
Legal Protection: This Licence does not grant permission to use the trade names,
|
||||||
|
trademarks, service marks, or names of the Licensor, except as required for
|
||||||
|
reasonable and customary use in describing the origin of the Work and
|
||||||
|
reproducing the content of the copyright notice.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##6. Chain of Authorship
|
||||||
|
|
||||||
|
The original Licensor warrants that the copyright in the Original Work granted
|
||||||
|
hereunder is owned by him/her or licensed to him/her and that he/she has the
|
||||||
|
power and authority to grant the Licence.
|
||||||
|
|
||||||
|
Each Contributor warrants that the copyright in the modifications he/she brings
|
||||||
|
to the Work are owned by him/her or licensed to him/her and that he/she has the
|
||||||
|
power and authority to grant the Licence.
|
||||||
|
|
||||||
|
Each time You accept the Licence, the original Licensor and subsequent
|
||||||
|
Contributors grant You a licence to their contributions to the Work, under the
|
||||||
|
terms of this Licence.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##7. Disclaimer of Warranty
|
||||||
|
|
||||||
|
The Work is a work in progress, which is continuously improved by numerous
|
||||||
|
contributors. It is not a finished work and may therefore contain defects or
|
||||||
|
“bugs” inherent to this type of software development.
|
||||||
|
|
||||||
|
For the above reason, the Work is provided under the Licence on an “as is” basis
|
||||||
|
and without warranties of any kind concerning the Work, including without
|
||||||
|
limitation merchantability, fitness for a particular purpose, absence of defects
|
||||||
|
or errors, accuracy, non-infringement of intellectual property rights other than
|
||||||
|
copyright as stated in Article 6 of this Licence.
|
||||||
|
|
||||||
|
This disclaimer of warranty is an essential part of the Licence and a condition
|
||||||
|
for the grant of any rights to the Work.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##8. Disclaimer of Liability
|
||||||
|
|
||||||
|
Except in the cases of wilful misconduct or damages directly caused to natural
|
||||||
|
persons, the Licensor will in no event be liable for any direct or indirect,
|
||||||
|
material or moral, damages of any kind, arising out of the Licence or of the use
|
||||||
|
of the Work, including without limitation, damages for loss of goodwill, work
|
||||||
|
stoppage, computer failure or malfunction, loss of data or any commercial
|
||||||
|
damage, even if the Licensor has been advised of the possibility of such
|
||||||
|
damage. However, the Licensor will be liable under statutory product liability
|
||||||
|
laws as far such laws apply to the Work.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##9. Additional agreements
|
||||||
|
|
||||||
|
While distributing the Original Work or Derivative Works, You may choose to
|
||||||
|
conclude an additional agreement to offer, and charge a fee for, acceptance of
|
||||||
|
support, warranty, indemnity, or other liability obligations and/or services
|
||||||
|
consistent with this Licence. However, in accepting such obligations, You may
|
||||||
|
act only on your own behalf and on your sole responsibility, not on behalf of
|
||||||
|
the original Licensor or any other Contributor, and only if You agree to
|
||||||
|
indemnify, defend, and hold each Contributor harmless for any liability incurred
|
||||||
|
by, or claims asserted against such Contributor by the fact You have accepted
|
||||||
|
any such warranty or additional liability.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##10. Acceptance of the Licence
|
||||||
|
|
||||||
|
The provisions of this Licence can be accepted by clicking on an icon “I agree”
|
||||||
|
placed under the bottom of a window displaying the text of this Licence or by
|
||||||
|
affirming consent in any other similar way, in accordance with the rules of
|
||||||
|
applicable law. Clicking on that icon indicates your clear and irrevocable
|
||||||
|
acceptance of this Licence and all of its terms and conditions.
|
||||||
|
|
||||||
|
Similarly, you irrevocably accept this Licence and all of its terms and
|
||||||
|
conditions by exercising any rights granted to You by Article 2 of this Licence,
|
||||||
|
such as the use of the Work, the creation by You of a Derivative Work or the
|
||||||
|
Distribution and/or Communication by You of the Work or copies thereof.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##11. Information to the public
|
||||||
|
|
||||||
|
In case of any Distribution and/or Communication of the Work by means of
|
||||||
|
electronic communication by You (for example, by offering to download the Work
|
||||||
|
from a remote location) the distribution channel or media (for example, a
|
||||||
|
website) must at least provide to the public the information requested by the
|
||||||
|
applicable law regarding the Licensor, the Licence and the way it may be
|
||||||
|
accessible, concluded, stored and reproduced by the Licensee.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##12. Termination of the Licence
|
||||||
|
|
||||||
|
The Licence and the rights granted hereunder will terminate automatically upon
|
||||||
|
any breach by the Licensee of the terms of the Licence.
|
||||||
|
|
||||||
|
Such a termination will not terminate the licences of any person who has
|
||||||
|
received the Work from the Licensee under the Licence, provided such persons
|
||||||
|
remain in full compliance with the Licence.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##13. Miscellaneous
|
||||||
|
|
||||||
|
Without prejudice of Article 9 above, the Licence represents the complete
|
||||||
|
agreement between the Parties as to the Work licensed hereunder.
|
||||||
|
|
||||||
|
If any provision of the Licence is invalid or unenforceable under applicable
|
||||||
|
law, this will not affect the validity or enforceability of the Licence as a
|
||||||
|
whole. Such provision will be construed and/or reformed so as necessary to make
|
||||||
|
it valid and enforceable.
|
||||||
|
|
||||||
|
The European Commission may publish other linguistic versions and/or new
|
||||||
|
versions of this Licence, so far this is required and reasonable, without
|
||||||
|
reducing the scope of the rights granted by the Licence. New versions of the
|
||||||
|
Licence will be published with a unique version number.
|
||||||
|
|
||||||
|
All linguistic versions of this Licence, approved by the European Commission,
|
||||||
|
have identical value. Parties can take advantage of the linguistic version of
|
||||||
|
their choice.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##14. Jurisdiction
|
||||||
|
|
||||||
|
Any litigation resulting from the interpretation of this License, arising
|
||||||
|
between the European Commission, as a Licensor, and any Licensee, will be
|
||||||
|
subject to the jurisdiction of the Court of Justice of the European Communities,
|
||||||
|
as laid down in article 238 of the Treaty establishing the European Community.
|
||||||
|
|
||||||
|
Any litigation arising between Parties, other than the European Commission, and
|
||||||
|
resulting from the interpretation of this License, will be subject to the
|
||||||
|
exclusive jurisdiction of the competent court where the Licensor resides or
|
||||||
|
conducts its primary business.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
##15. Applicable Law
|
||||||
|
|
||||||
|
This Licence shall be governed by the law of the European Union country where
|
||||||
|
the Licensor resides or has his registered office.
|
||||||
|
|
||||||
|
This licence shall be governed by the Belgian law if:
|
||||||
|
|
||||||
|
- a litigation arises between the European Commission, as a Licensor, and any
|
||||||
|
- Licensee; the Licensor, other than the European Commission, has no residence
|
||||||
|
- or registered office inside a European Union country.
|
||||||
|
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
##Appendix
|
||||||
|
|
||||||
|
|
||||||
|
**“Compatible Licences”** according to article 5 EUPL are:
|
||||||
|
|
||||||
|
|
||||||
|
- GNU General Public License (GNU GPL) v. 2
|
||||||
|
|
||||||
|
- Open Software License (OSL) v. 2.1, v. 3.0
|
||||||
|
|
||||||
|
- Common Public License v. 1.0
|
||||||
|
|
||||||
|
- Eclipse Public License v. 1.0
|
||||||
|
|
||||||
|
- Cecill v. 2.0
|
|
@ -0,0 +1,53 @@
|
||||||
|
# Identity Provider Mapper
|
||||||
|
|
||||||
|
**Protocol Mapper** extends the [Keycloak](https://www.keycloak.org)'s OIDC protocol mappers SPI. In this first release is introduced the possibility to specify the token audience by reading the value of a custom `X-D4Science-Context` HTTP header.
|
||||||
|
|
||||||
|
## Structure of the project
|
||||||
|
|
||||||
|
The source code is present in `src` folder.
|
||||||
|
|
||||||
|
## Built With
|
||||||
|
|
||||||
|
* [OpenJDK](https://openjdk.java.net/) - The JDK used
|
||||||
|
* [Maven](https://maven.apache.org/) - Dependency Management
|
||||||
|
|
||||||
|
## Documentation
|
||||||
|
|
||||||
|
This is one of the modules that composes the EAR deployment defined in the "brother" module [keycloak-d4science-spi](../keycloak-d4science-spi-ear/README.md).
|
||||||
|
|
||||||
|
To build the JAR artifact it is sufficient to type
|
||||||
|
|
||||||
|
mvn clean package
|
||||||
|
|
||||||
|
### Installation
|
||||||
|
|
||||||
|
#### Qurkus based Keycloak
|
||||||
|
|
||||||
|
In order to deploy the module it is sufficient to copy into the `[keycloak-home]/providers` folder.
|
||||||
|
|
||||||
|
## Change log
|
||||||
|
|
||||||
|
See [CHANGELOG.md](CHANGELOG.md).
|
||||||
|
|
||||||
|
## Authors
|
||||||
|
|
||||||
|
* **Marco Lettere** ([Nubisware S.r.l.](http://www.nubisware.com))
|
||||||
|
* **Mauro Mugnaini** ([Nubisware S.r.l.](http://www.nubisware.com))
|
||||||
|
|
||||||
|
## How to Cite this Software
|
||||||
|
[Intentionally left blank]
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
This project is licensed under the EUPL V.1.1 License - see the [LICENSE.md](LICENSE.md) file for details.
|
||||||
|
|
||||||
|
## About the gCube Framework
|
||||||
|
This software is part of the [gCubeFramework](https://www.gcube-system.org/ "gCubeFramework"): an
|
||||||
|
open-source software toolkit used for building and operating Hybrid Data
|
||||||
|
Infrastructures enabling the dynamic deployment of Virtual Research Environments
|
||||||
|
by favouring the realisation of reuse oriented policies.
|
||||||
|
|
||||||
|
The projects leading to this software have received funding from a series of European Union programmes see [FUNDING.md](FUNDING.md)
|
||||||
|
|
||||||
|
## Acknowledgments
|
||||||
|
[Intentionally left blank]
|
|
@ -0,0 +1,48 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<parent>
|
||||||
|
<groupId>org.gcube.iam</groupId>
|
||||||
|
<artifactId>keycloak-d4science-spi-parent</artifactId>
|
||||||
|
<version>2.1.0-SNAPSHOT</version>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>protocol-mapper</artifactId>
|
||||||
|
<packaging>jar</packaging>
|
||||||
|
|
||||||
|
<scm>
|
||||||
|
<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.parent.artifactId}.git</connection>
|
||||||
|
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.parent.artifactId}.git</developerConnection>
|
||||||
|
<url>https://code-repo.d4science.org/gCubeSystem/${project.parent.artifactId}</url>
|
||||||
|
</scm>
|
||||||
|
|
||||||
|
<properties>
|
||||||
|
<junit-jupiter.version>5.8.2</junit-jupiter.version>
|
||||||
|
<assertj-core.version>3.22.0</assertj-core.version>
|
||||||
|
<org-mockito.version>4.5.1</org-mockito.version>
|
||||||
|
</properties>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-core</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.assertj</groupId>
|
||||||
|
<artifactId>assertj-core</artifactId>
|
||||||
|
<version>${assertj-core.version}</version>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.mockito</groupId>
|
||||||
|
<artifactId>mockito-core</artifactId>
|
||||||
|
<version>${org-mockito.version}</version>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
<build />
|
||||||
|
|
||||||
|
</project>
|
|
@ -0,0 +1,98 @@
|
||||||
|
package org.gcube.keycloak.protocol.oidc.mapper;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
|
import org.keycloak.models.ClientSessionContext;
|
||||||
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
import org.keycloak.models.ProtocolMapperModel;
|
||||||
|
import org.keycloak.models.UserSessionModel;
|
||||||
|
import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
|
||||||
|
import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
|
||||||
|
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
|
||||||
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
|
import org.keycloak.representations.AccessToken;
|
||||||
|
import org.keycloak.representations.IDToken;
|
||||||
|
|
||||||
|
public class D4ScienceContextMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper {
|
||||||
|
|
||||||
|
private static final Logger logger = Logger.getLogger(D4ScienceContextMapper.class);
|
||||||
|
|
||||||
|
private static final List<ProviderConfigProperty> configProperties = new ArrayList<>();
|
||||||
|
|
||||||
|
// Assuring that the mapper is executed as last
|
||||||
|
private static final int PRIORITY = Integer.MAX_VALUE;
|
||||||
|
private static final String DISPLAY_TYPE = "OIDC D4Science Context Mapper";
|
||||||
|
private static final String PROVIDER_ID = "oidc-d4scince-context-mapper";
|
||||||
|
|
||||||
|
public static final String HEADER_NAME = "X-D4Science-Context";
|
||||||
|
// public static final String HEADER_NAME = "X-Infrastructure-Context";
|
||||||
|
// public static final String HEADER_NAME = "X-Infra-Context";
|
||||||
|
|
||||||
|
|
||||||
|
static {
|
||||||
|
OIDCAttributeMapperHelper.addTokenClaimNameConfig(configProperties);
|
||||||
|
OIDCAttributeMapperHelper.addIncludeInTokensConfig(configProperties, D4ScienceContextMapper.class);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getDisplayCategory() {
|
||||||
|
return TOKEN_MAPPER_CATEGORY;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int getPriority() {
|
||||||
|
return PRIORITY;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getDisplayType() {
|
||||||
|
return DISPLAY_TYPE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getHelpText() {
|
||||||
|
return "Maps the D4Science context audience by reading the '" + HEADER_NAME + "' header and sets it as the configured token claim";
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<ProviderConfigProperty> getConfigProperties() {
|
||||||
|
return configProperties;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getId() {
|
||||||
|
return PROVIDER_ID;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void setClaim(final IDToken token,
|
||||||
|
final ProtocolMapperModel mappingModel,
|
||||||
|
final UserSessionModel userSession,
|
||||||
|
final KeycloakSession keycloakSession,
|
||||||
|
final ClientSessionContext clientSessionCtx) {
|
||||||
|
|
||||||
|
// Since only the OIDCAccessTokenMapper interface is implemented, we are almost sure that
|
||||||
|
// the token object is an AccessToken but adding a specific check anyway
|
||||||
|
if (token instanceof AccessToken) {
|
||||||
|
logger.debugf("Looking for the '%s' header", HEADER_NAME);
|
||||||
|
String requestedD4SContext = keycloakSession.getContext().getRequestHeaders().getHeaderString(HEADER_NAME);
|
||||||
|
|
||||||
|
if (requestedD4SContext != null && !"".equals(requestedD4SContext)) {
|
||||||
|
logger.debugf("Checking resource access for the requested context: %s", requestedD4SContext);
|
||||||
|
|
||||||
|
if (((AccessToken) token).getResourceAccess().containsKey(requestedD4SContext)) {
|
||||||
|
logger.debugf("Mapping it as the configured claim: %s",
|
||||||
|
mappingModel.getConfig().get(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME));
|
||||||
|
|
||||||
|
OIDCAttributeMapperHelper.mapClaim(token, mappingModel, requestedD4SContext);
|
||||||
|
} else {
|
||||||
|
logger.warnf("Requested context '%s' is not accessible to the client: %s", requestedD4SContext,
|
||||||
|
clientSessionCtx.getClientSession().getClient().getName());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
org.gcube.keycloak.protocol.oidc.mapper.D4ScienceContextMapper
|
|
@ -0,0 +1,145 @@
|
||||||
|
package org.gcube.keycloak.protocol.oidc.mapper;
|
||||||
|
|
||||||
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
import static org.mockito.Mockito.when;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
|
|
||||||
|
import org.assertj.core.util.Maps;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.keycloak.models.AuthenticatedClientSessionModel;
|
||||||
|
import org.keycloak.models.ClientModel;
|
||||||
|
import org.keycloak.models.ClientSessionContext;
|
||||||
|
import org.keycloak.models.KeycloakContext;
|
||||||
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
import org.keycloak.models.ProtocolMapperModel;
|
||||||
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.models.UserSessionModel;
|
||||||
|
import org.keycloak.protocol.oidc.mappers.FullNameMapper;
|
||||||
|
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
|
||||||
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
|
import org.keycloak.representations.AccessToken;
|
||||||
|
import org.mockito.Mockito;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Original code repo: https://github.com/mschwartau/keycloak-custom-protocol-mapper-example
|
||||||
|
*/
|
||||||
|
public class D4ScienceContextMapperTest {
|
||||||
|
|
||||||
|
static final String CLAIM_NAME = "haandlerIdClaimNameExample";
|
||||||
|
static final String HEADER_VALUE = "ginostilla";
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldTokenMapperDisplayCategory() {
|
||||||
|
final String tokenMapperDisplayCategory = new FullNameMapper().getDisplayCategory();
|
||||||
|
assertThat(new D4ScienceContextMapper().getDisplayCategory()).isEqualTo(tokenMapperDisplayCategory);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldHaveDisplayType() {
|
||||||
|
assertThat(new D4ScienceContextMapper().getDisplayType()).isNotBlank();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldHaveHelpText() {
|
||||||
|
assertThat(new D4ScienceContextMapper().getHelpText()).isNotBlank();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldHaveIdId() {
|
||||||
|
assertThat(new D4ScienceContextMapper().getId()).isNotBlank();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldHaveProperties() {
|
||||||
|
final List<String> configPropertyNames = new D4ScienceContextMapper().getConfigProperties().stream()
|
||||||
|
.map(ProviderConfigProperty::getName)
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
|
||||||
|
assertThat(configPropertyNames).containsExactly(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME,
|
||||||
|
OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldAddClaim() {
|
||||||
|
final UserSessionModel session = givenUserSession();
|
||||||
|
final KeycloakSession keycloakSession = givenKeycloakSession(true);
|
||||||
|
final AccessToken accessToken = transformAccessToken(session, keycloakSession, true);
|
||||||
|
assertThat(accessToken.getOtherClaims().get(CLAIM_NAME)).isEqualTo(HEADER_VALUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldNotAddClaim() {
|
||||||
|
final UserSessionModel session = givenUserSession();
|
||||||
|
final KeycloakSession keycloakSession = givenKeycloakSession(false);
|
||||||
|
final AccessToken accessToken = transformAccessToken(session, keycloakSession, true);
|
||||||
|
assertThat(accessToken.getOtherClaims().get(CLAIM_NAME)).isNull();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldNotAddClaimAndLogWarning() {
|
||||||
|
final UserSessionModel session = givenUserSession();
|
||||||
|
final KeycloakSession keycloakSession = givenKeycloakSession(true);
|
||||||
|
final AccessToken accessToken = transformAccessToken(session, keycloakSession, false);
|
||||||
|
assertThat(accessToken.getOtherClaims().get(CLAIM_NAME)).isNull();
|
||||||
|
}
|
||||||
|
|
||||||
|
private UserSessionModel givenUserSession() {
|
||||||
|
UserSessionModel userSession = Mockito.mock(UserSessionModel.class);
|
||||||
|
UserModel user = Mockito.mock(UserModel.class);
|
||||||
|
when(userSession.getUser()).thenReturn(user);
|
||||||
|
return userSession;
|
||||||
|
}
|
||||||
|
|
||||||
|
private KeycloakSession givenKeycloakSession(boolean withHeader) {
|
||||||
|
KeycloakSession keycloakSession = Mockito.mock(KeycloakSession.class);
|
||||||
|
KeycloakContext context = Mockito.mock(KeycloakContext.class);
|
||||||
|
when(keycloakSession.getContext()).thenReturn(context);
|
||||||
|
HttpHeaders headers = Mockito.mock(HttpHeaders.class);
|
||||||
|
when(context.getRequestHeaders()).thenReturn(headers);
|
||||||
|
|
||||||
|
if (withHeader) {
|
||||||
|
when(headers.getHeaderString(D4ScienceContextMapper.HEADER_NAME)).thenReturn(HEADER_VALUE);
|
||||||
|
} else {
|
||||||
|
when(headers.getHeaderString(D4ScienceContextMapper.HEADER_NAME)).thenReturn("");
|
||||||
|
}
|
||||||
|
return keycloakSession;
|
||||||
|
}
|
||||||
|
|
||||||
|
private AccessToken transformAccessToken(UserSessionModel userSessionModel, KeycloakSession keycloakSession,
|
||||||
|
boolean withResourceAccess) {
|
||||||
|
|
||||||
|
final ProtocolMapperModel mappingModel = new ProtocolMapperModel();
|
||||||
|
mappingModel.setConfig(createConfig());
|
||||||
|
AccessToken at = new AccessToken();
|
||||||
|
if (withResourceAccess) {
|
||||||
|
at.setResourceAccess(Maps.newHashMap(HEADER_VALUE, null));
|
||||||
|
}
|
||||||
|
|
||||||
|
return new D4ScienceContextMapper().transformAccessToken(at, mappingModel, keycloakSession,
|
||||||
|
userSessionModel, givenClientSessionContext());
|
||||||
|
}
|
||||||
|
|
||||||
|
private ClientSessionContext givenClientSessionContext() {
|
||||||
|
ClientModel clientModel = Mockito.mock(ClientModel.class);
|
||||||
|
when(clientModel.getName()).thenReturn("test-client-id");
|
||||||
|
AuthenticatedClientSessionModel acsm = Mockito.mock(AuthenticatedClientSessionModel.class);
|
||||||
|
when(acsm.getClient()).thenReturn(clientModel);
|
||||||
|
ClientSessionContext csc = Mockito.mock(ClientSessionContext.class);
|
||||||
|
when(csc.getClientSession()).thenReturn(acsm);
|
||||||
|
return csc;
|
||||||
|
}
|
||||||
|
|
||||||
|
private Map<String, String> createConfig() {
|
||||||
|
final Map<String, String> result = new HashMap<>();
|
||||||
|
result.put("access.token.claim", "true");
|
||||||
|
result.put("claim.name", CLAIM_NAME);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,25 @@
|
||||||
|
package org.gcube.keycloak.protocol.oidc.mapper;
|
||||||
|
|
||||||
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.ServiceLoader;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
import java.util.stream.StreamSupport;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.keycloak.protocol.ProtocolMapper;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Original code repo: https://github.com/mschwartau/keycloak-custom-protocol-mapper-example
|
||||||
|
*/
|
||||||
|
public class NoDuplicateMapperTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void shouldNotHaveMappersWithDuplicateIds() {
|
||||||
|
final ServiceLoader<ProtocolMapper> serviceLoader = ServiceLoader.load(ProtocolMapper.class);
|
||||||
|
final Collection<String> mapperIds = StreamSupport.stream(serviceLoader.spliterator(), false).map(elem -> elem.getId()).collect(Collectors.toList());
|
||||||
|
|
||||||
|
assertThat(mapperIds).doesNotHaveDuplicates();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,24 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8" ?>
|
||||||
|
<log4j:configuration
|
||||||
|
xmlns="http://jakarta.apache.org/log4j/"
|
||||||
|
xmlns:log4j="http://jakarta.apache.org/log4j/">
|
||||||
|
|
||||||
|
<appender name="console"
|
||||||
|
class="org.apache.log4j.ConsoleAppender">
|
||||||
|
<layout class="org.apache.log4j.PatternLayout">
|
||||||
|
<param name="ConversionPattern"
|
||||||
|
value="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n" />
|
||||||
|
</layout>
|
||||||
|
</appender>
|
||||||
|
|
||||||
|
<logger name="org.gcube" additivity="false">
|
||||||
|
<level value="TRACE" />
|
||||||
|
<appender-ref ref="console" />
|
||||||
|
</logger>
|
||||||
|
|
||||||
|
<root>
|
||||||
|
<level value="INFO" />
|
||||||
|
<appender-ref ref="console" />
|
||||||
|
</root>
|
||||||
|
|
||||||
|
</log4j:configuration>
|
Loading…
Reference in New Issue