gCubeSystem
/
keycloak-d4science-spi-parent
17
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

First share of beta version

Browse Source
master
Mauro Mugnaini 4 years ago
commit 8f72f814e8
23 changed files with 1533 additions and 0 deletions
Show Stats Download Patch File Download Diff File

38
.classpath
Unescape Escape View File

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
<attribute name="test" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="src" output="target/classes" path="src/main/java">
<attributes>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="src" output="target/test-classes" path="src/test/java">
<attributes>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
<attribute name="test" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="output" path="target/classes"/>
</classpath>

1
.gitignore vendored
Unescape Escape View File

@ -0,0 +1 @@
target

23
.project
Unescape Escape View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>keycloak-d4science-spi</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.m2e.core.maven2Builder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipse.m2e.core.maven2Nature</nature>
</natures>
</projectDescription>

6
.settings/org.eclipse.core.resources.prefs
Unescape Escape View File

@ -0,0 +1,6 @@
eclipse.preferences.version=1
encoding//src/main/java=UTF-8
encoding//src/main/resources=UTF-8
encoding//src/test/java=UTF-8
encoding//src/test/resources=UTF-8
encoding/<project>=UTF-8

8
.settings/org.eclipse.jdt.core.prefs
Unescape Escape View File

@ -0,0 +1,8 @@
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
org.eclipse.jdt.core.compiler.compliance=1.8
org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
org.eclipse.jdt.core.compiler.release=disabled
org.eclipse.jdt.core.compiler.source=1.8

4
.settings/org.eclipse.m2e.core.prefs
Unescape Escape View File

@ -0,0 +1,4 @@
activeProfiles=
eclipse.preferences.version=1
resolveWorkspaceProjects=true
version=1

7
CHANGELOG.md
Unescape Escape View File

@ -0,0 +1,7 @@
# Changelog for "keycloak-extension-spi"
## [Unreleased]
- First release (#TBA)
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

311
LICENSE.md
Unescape Escape View File

@ -0,0 +1,311 @@
#European Union Public Licence V.1.1
##*EUPL © the European Community 2007*
This **European Union Public Licence** (the **“EUPL”**) applies to the Work or Software
(as defined below) which is provided under the terms of this Licence. Any use of
the Work, other than as authorised under this Licence is prohibited (to the
extent such use is covered by a right of the copyright holder of the Work).
The Original Work is provided under the terms of this Licence when the Licensor
(as defined below) has placed the following notice immediately following the
copyright notice for the Original Work:
**Licensed under the EUPL V.1.1**
or has expressed by any other mean his willingness to license under the EUPL.
##1. Definitions
In this Licence, the following terms have the following meaning:
- The Licence: this Licence.
- The Original Work or the Software: the software distributed and/or
communicated by the Licensor under this Licence, available as Source Code and
also as Executable Code as the case may be.
- Derivative Works: the works or software that could be created by the Licensee,
based upon the Original Work or modifications thereof. This Licence does not
define the extent of modification or dependence on the Original Work required
in order to classify a work as a Derivative Work; this extent is determined by
copyright law applicable in the country mentioned in Article 15.
- The Work: the Original Work and/or its Derivative Works.
- The Source Code: the human-readable form of the Work which is the most
convenient for people to study and modify.
- The Executable Code: any code which has generally been compiled and which is
meant to be interpreted by a computer as a program.
- The Licensor: the natural or legal person that distributes and/or communicates
the Work under the Licence.
- Contributor(s): any natural or legal person who modifies the Work under the
Licence, or otherwise contributes to the creation of a Derivative Work.
- The Licensee or “You”: any natural or legal person who makes any usage of the
Software under the terms of the Licence.
- Distribution and/or Communication: any act of selling, giving, lending,
renting, distributing, communicating, transmitting, or otherwise making
available, on-line or off-line, copies of the Work or providing access to its
essential functionalities at the disposal of any other natural or legal
person.
##2. Scope of the rights granted by the Licence
The Licensor hereby grants You a world-wide, royalty-free, non-exclusive,
sub-licensable licence to do the following, for the duration of copyright vested
in the Original Work:
- use the Work in any circumstance and for all usage, reproduce the Work, modify
- the Original Work, and make Derivative Works based upon the Work, communicate
- to the public, including the right to make available or display the Work or
- copies thereof to the public and perform publicly, as the case may be, the
- Work, distribute the Work or copies thereof, lend and rent the Work or copies
- thereof, sub-license rights in the Work or copies thereof.
Those rights can be exercised on any media, supports and formats, whether now
known or later invented, as far as the applicable law permits so.
In the countries where moral rights apply, the Licensor waives his right to
exercise his moral right to the extent allowed by law in order to make effective
the licence of the economic rights here above listed.
The Licensor grants to the Licensee royalty-free, non exclusive usage rights to
any patents held by the Licensor, to the extent necessary to make use of the
rights granted on the Work under this Licence.
##3. Communication of the Source Code
The Licensor may provide the Work either in its Source Code form, or as
Executable Code. If the Work is provided as Executable Code, the Licensor
provides in addition a machine-readable copy of the Source Code of the Work
along with each copy of the Work that the Licensor distributes or indicates, in
a notice following the copyright notice attached to the Work, a repository where
the Source Code is easily and freely accessible for as long as the Licensor
continues to distribute and/or communicate the Work.
##4. Limitations on copyright
Nothing in this Licence is intended to deprive the Licensee of the benefits from
any exception or limitation to the exclusive rights of the rights owners in the
Original Work or Software, of the exhaustion of those rights or of other
applicable limitations thereto.
##5. Obligations of the Licensee
The grant of the rights mentioned above is subject to some restrictions and
obligations imposed on the Licensee. Those obligations are the following:
Attribution right: the Licensee shall keep intact all copyright, patent or
trademarks notices and all notices that refer to the Licence and to the
disclaimer of warranties. The Licensee must include a copy of such notices and a
copy of the Licence with every copy of the Work he/she distributes and/or
communicates. The Licensee must cause any Derivative Work to carry prominent
notices stating that the Work has been modified and the date of modification.
Copyleft clause: If the Licensee distributes and/or communicates copies of the
Original Works or Derivative Works based upon the Original Work, this
Distribution and/or Communication will be done under the terms of this Licence
or of a later version of this Licence unless the Original Work is expressly
distributed only under this version of the Licence. The Licensee (becoming
Licensor) cannot offer or impose any additional terms or conditions on the Work
or Derivative Work that alter or restrict the terms of the Licence.
Compatibility clause: If the Licensee Distributes and/or Communicates Derivative
Works or copies thereof based upon both the Original Work and another work
licensed under a Compatible Licence, this Distribution and/or Communication can
be done under the terms of this Compatible Licence. For the sake of this clause,
“Compatible Licence” refers to the licences listed in the appendix attached to
this Licence. Should the Licensees obligations under the Compatible Licence
conflict with his/her obligations under this Licence, the obligations of the
Compatible Licence shall prevail.
Provision of Source Code: When distributing and/or communicating copies of the
Work, the Licensee will provide a machine-readable copy of the Source Code or
indicate a repository where this Source will be easily and freely available for
as long as the Licensee continues to distribute and/or communicate the Work.
Legal Protection: This Licence does not grant permission to use the trade names,
trademarks, service marks, or names of the Licensor, except as required for
reasonable and customary use in describing the origin of the Work and
reproducing the content of the copyright notice.
##6. Chain of Authorship
The original Licensor warrants that the copyright in the Original Work granted
hereunder is owned by him/her or licensed to him/her and that he/she has the
power and authority to grant the Licence.
Each Contributor warrants that the copyright in the modifications he/she brings
to the Work are owned by him/her or licensed to him/her and that he/she has the
power and authority to grant the Licence.
Each time You accept the Licence, the original Licensor and subsequent
Contributors grant You a licence to their contributions to the Work, under the
terms of this Licence.
##7. Disclaimer of Warranty
The Work is a work in progress, which is continuously improved by numerous
contributors. It is not a finished work and may therefore contain defects or
“bugs” inherent to this type of software development.
For the above reason, the Work is provided under the Licence on an “as is” basis
and without warranties of any kind concerning the Work, including without
limitation merchantability, fitness for a particular purpose, absence of defects
or errors, accuracy, non-infringement of intellectual property rights other than
copyright as stated in Article 6 of this Licence.
This disclaimer of warranty is an essential part of the Licence and a condition
for the grant of any rights to the Work.
##8. Disclaimer of Liability
Except in the cases of wilful misconduct or damages directly caused to natural
persons, the Licensor will in no event be liable for any direct or indirect,
material or moral, damages of any kind, arising out of the Licence or of the use
of the Work, including without limitation, damages for loss of goodwill, work
stoppage, computer failure or malfunction, loss of data or any commercial
damage, even if the Licensor has been advised of the possibility of such
damage. However, the Licensor will be liable under statutory product liability
laws as far such laws apply to the Work.
##9. Additional agreements
While distributing the Original Work or Derivative Works, You may choose to
conclude an additional agreement to offer, and charge a fee for, acceptance of
support, warranty, indemnity, or other liability obligations and/or services
consistent with this Licence. However, in accepting such obligations, You may
act only on your own behalf and on your sole responsibility, not on behalf of
the original Licensor or any other Contributor, and only if You agree to
indemnify, defend, and hold each Contributor harmless for any liability incurred
by, or claims asserted against such Contributor by the fact You have accepted
any such warranty or additional liability.
##10. Acceptance of the Licence
The provisions of this Licence can be accepted by clicking on an icon “I agree”
placed under the bottom of a window displaying the text of this Licence or by
affirming consent in any other similar way, in accordance with the rules of
applicable law. Clicking on that icon indicates your clear and irrevocable
acceptance of this Licence and all of its terms and conditions.
Similarly, you irrevocably accept this Licence and all of its terms and
conditions by exercising any rights granted to You by Article 2 of this Licence,
such as the use of the Work, the creation by You of a Derivative Work or the
Distribution and/or Communication by You of the Work or copies thereof.
##11. Information to the public
In case of any Distribution and/or Communication of the Work by means of
electronic communication by You (for example, by offering to download the Work
from a remote location) the distribution channel or media (for example, a
website) must at least provide to the public the information requested by the
applicable law regarding the Licensor, the Licence and the way it may be
accessible, concluded, stored and reproduced by the Licensee.
##12. Termination of the Licence
The Licence and the rights granted hereunder will terminate automatically upon
any breach by the Licensee of the terms of the Licence.
Such a termination will not terminate the licences of any person who has
received the Work from the Licensee under the Licence, provided such persons
remain in full compliance with the Licence.
##13. Miscellaneous
Without prejudice of Article 9 above, the Licence represents the complete
agreement between the Parties as to the Work licensed hereunder.
If any provision of the Licence is invalid or unenforceable under applicable
law, this will not affect the validity or enforceability of the Licence as a
whole. Such provision will be construed and/or reformed so as necessary to make
it valid and enforceable.
The European Commission may publish other linguistic versions and/or new
versions of this Licence, so far this is required and reasonable, without
reducing the scope of the rights granted by the Licence. New versions of the
Licence will be published with a unique version number.
All linguistic versions of this Licence, approved by the European Commission,
have identical value. Parties can take advantage of the linguistic version of
their choice.
##14. Jurisdiction
Any litigation resulting from the interpretation of this License, arising
between the European Commission, as a Licensor, and any Licensee, will be
subject to the jurisdiction of the Court of Justice of the European Communities,
as laid down in article 238 of the Treaty establishing the European Community.
Any litigation arising between Parties, other than the European Commission, and
resulting from the interpretation of this License, will be subject to the
exclusive jurisdiction of the competent court where the Licensor resides or
conducts its primary business.
##15. Applicable Law
This Licence shall be governed by the law of the European Union country where
the Licensor resides or has his registered office.
This licence shall be governed by the Belgian law if:
- a litigation arises between the European Commission, as a Licensor, and any
- Licensee; the Licensor, other than the European Commission, has no residence
- or registered office inside a European Union country.
---
##Appendix
**“Compatible Licences”** according to article 5 EUPL are:
- GNU General Public License (GNU GPL) v. 2
- Open Software License (OSL) v. 2.1, v. 3.0
- Common Public License v. 1.0
- Eclipse Public License v. 1.0
- Cecill v. 2.0

48
README.md
Unescape Escape View File

@ -0,0 +1,48 @@
# Event Publisher Portal
**Keycloak D4Science SPI** is a suite classes to extend the [Keycloak](https://www.keycloak.org)'s functionalities via its provided SPI. It contains specific IdP mapper to extract the username from the email address and an LDAP mapper to map user's home attribute. It also contains an event publisher to push JSON events to an orchestrator endpoint.
## Structure of the project
The source code is present in `src` folder.
## Built With
* [OpenJDK](https://openjdk.java.net/) - The JDK used
* [Maven](https://maven.apache.org/) - Dependency Management
## Documentation
To build the fat JAR file it is sufficient to type
mvn clean package
## Change log
See [Releases](https://code-repo.d4science.org/gCubeSystem/authorization-client/releases).
## Authors
* **Marco Lettere** ([Nubisware S.r.l.](http://www.nubisware.com))
* **Mauro Mugnaini** ([Nubisware S.r.l.](http://www.nubisware.com))
## License
This project is licensed under the EUPL V.1.1 License - see the [LICENSE.md](LICENSE.md) file for details.
## About the gCube Framework
This software is part of the [gCubeFramework](https://www.gcube-system.org/ "gCubeFramework"): an
open-source software toolkit used for building and operating Hybrid Data
Infrastructures enabling the dynamic deployment of Virtual Research Environments
by favouring the realisation of reuse oriented policies.
The projects leading to this software have received funding from a series of European Union programmes including:
- the Sixth Framework Programme for Research and Technological Development
- DILIGENT (grant no. 004260);
- the Seventh Framework Programme for research, technological development and demonstration
- D4Science (grant no. 212488), D4Science-II (grant no.239019), ENVRI (grant no. 283465), EUBrazilOpenBio (grant no. 288754), iMarine(grant no. 283644);
- the H2020 research and innovation programme
- BlueBRIDGE (grant no. 675680), EGIEngage (grant no. 654142), ENVRIplus (grant no. 654182), Parthenos (grant no. 654119), SoBigData (grant no. 654024),DESIRA (grant no. 818194), ARIADNEplus (grant no. 823914), RISIS2 (grant no. 824091), PerformFish (grant no. 727610), AGINFRAplus (grant no. 731001);

32
descriptor.xml
Unescape Escape View File

@ -0,0 +1,32 @@
<assembly
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
<id>servicearchive</id>
<formats>
<format>tar.gz</format>
</formats>
<baseDirectory>/</baseDirectory>
<fileSets>
<fileSet>
<directory>.</directory>
<outputDirectory>${file.separator}</outputDirectory>
<useDefaultExcludes>true</useDefaultExcludes>
<includes>
<include>README.md</include>
<include>LICENSE.md</include>
<include>CHANGELOG.md</include>
<include>profile.xml</include>
</includes>
<fileMode>755</fileMode>
<filtered>true</filtered>
</fileSet>
</fileSets>
<files>
<file>
<source>target${file.separator}${build.finalName}.${project.packaging}</source>
<outputDirectory>${file.separator}${artifactId}</outputDirectory>
</file>
</files>
</assembly>

136
pom.xml
Unescape Escape View File

@ -0,0 +1,136 @@
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>maven-parent</artifactId>
<groupId>org.gcube.tools</groupId>
<version>1.1.0</version>
<relativePath />
</parent>
<groupId>org.gcube</groupId>
<artifactId>keycloak-d4science-spi</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
<keycloak-version>10.0.2</keycloak-version>
<jboss.logging.version>3.4.1.Final</jboss.logging.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.gcube.distribution</groupId>
<artifactId>maven-portal-bom</artifactId>
<version>3.6.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>event-publisher-library</artifactId>
<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<scope>provided</scope>
</dependency>
<!-- <dependency> -->
<!-- <groupId>org.jboss.slf4j</groupId> -->
<!-- <artifactId>slf4j-jboss-logging</artifactId> -->
<!-- <version>1.2.0.Final</version> -->
<!-- <scope>runtime</scope> -->
<!-- </dependency> -->
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<version>${keycloak-version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi</artifactId>
<version>${keycloak-version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi-private</artifactId>
<version>${keycloak-version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<version>${keycloak-version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ldap-federation</artifactId>
<version>${keycloak-version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
<version>${jboss.logging.version}</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>${maven.compiler.source}</source>
<target>${maven.compiler.target}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.wildfly.plugins</groupId>
<artifactId>wildfly-maven-plugin</artifactId>
<configuration>
<skip>false</skip>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
<executions>
<execution>
<id>make-assembly</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

25
profile.xml
Unescape Escape View File

@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<Resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ID></ID>
<Type>Portlet</Type>
<Profile>
<Description>${project.description}</Description>
<Class>PortletUser</Class>
<Name>${project.artifactId}</Name>
<Version>1.0.0</Version>
<Packages>
<Software>
<Name>${project.artifactId}</Name>
<Description>${project.description}</Description>
<MavenCoordinates>
<groupId>${project.groupId}</groupId>
<artifactId>${project.artifactId}</artifactId>
<version>${project.version}</version>
</MavenCoordinates>
<Files>
<File>${project.build.finalName}.${project.packaging}</File>
</Files>
</Software>
</Packages>
</Profile>
</Resource>

18
service_archive.xml
Unescape Escape View File

@ -0,0 +1,18 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptors>
<descriptor>descriptor.xml</descriptor>
</descriptors>
</configuration>
<executions>
<execution>
<id>servicearchive</id>
<phase>install</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>

218
src/main/java/org/gcube/keycloak/broker/oidc/mappers/UsernameFromMailMapper.java
Unescape Escape View File

@ -0,0 +1,218 @@
package org.gcube.keycloak.broker.oidc.mappers;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.KeycloakOIDCIdentityProviderFactory;
import org.keycloak.broker.oidc.OIDCIdentityProviderFactory;
import org.keycloak.broker.oidc.mappers.AbstractClaimMapper;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
import org.keycloak.social.bitbucket.BitbucketIdentityProviderFactory;
import org.keycloak.social.facebook.FacebookIdentityProviderFactory;
import org.keycloak.social.github.GitHubIdentityProviderFactory;
import org.keycloak.social.gitlab.GitLabIdentityProviderFactory;
import org.keycloak.social.google.GoogleIdentityProviderFactory;
import org.keycloak.social.instagram.InstagramIdentityProviderFactory;
import org.keycloak.social.linkedin.LinkedInIdentityProviderFactory;
import org.keycloak.social.microsoft.MicrosoftIdentityProviderFactory;
import org.keycloak.social.openshift.OpenshiftV3IdentityProviderFactory;
import org.keycloak.social.openshift.OpenshiftV4IdentityProviderFactory;
import org.keycloak.social.paypal.PayPalIdentityProviderFactory;
import org.keycloak.social.stackoverflow.StackoverflowIdentityProviderFactory;
import org.keycloak.social.twitter.TwitterIdentityProviderFactory;
/**
* @author <a href="mailto:mauro.mugnaini@nubisware.com">Mauro Mugnaini</a>
*/
public class UsernameFromMailMapper extends AbstractClaimMapper {
private static final Logger logger = Logger.getLogger(UsernameFromMailMapper.class);
private static final Character PERIOD = '.';
private static final Character DASH = '-';
private static final String CYRUS = "cyrus";
private static final String POSTFIX = "postfix";
private static final String COMMA = ",";
public static final String[] COMPATIBLE_PROVIDERS = {
KeycloakOIDCIdentityProviderFactory.PROVIDER_ID,
OIDCIdentityProviderFactory.PROVIDER_ID,
BitbucketIdentityProviderFactory.PROVIDER_ID,
FacebookIdentityProviderFactory.PROVIDER_ID,
GitHubIdentityProviderFactory.PROVIDER_ID,
GitLabIdentityProviderFactory.PROVIDER_ID,
GoogleIdentityProviderFactory.PROVIDER_ID,
InstagramIdentityProviderFactory.PROVIDER_ID,
LinkedInIdentityProviderFactory.PROVIDER_ID,
MicrosoftIdentityProviderFactory.PROVIDER_ID,
OpenshiftV3IdentityProviderFactory.PROVIDER_ID,
OpenshiftV4IdentityProviderFactory.PROVIDER_ID,
PayPalIdentityProviderFactory.PROVIDER_ID,
StackoverflowIdentityProviderFactory.PROVIDER_ID,
TwitterIdentityProviderFactory.PROVIDER_ID
};
private static final List<ProviderConfigProperty> configProperties;
private static final Set<IdentityProviderSyncMode> IDENTITY_PROVIDER_SYNC_MODES = new HashSet<>(
Arrays.asList(IdentityProviderSyncMode.values()));
public static final String RESERVED_USERNAMES = "reserved-usernames";
public static final String AUTO_RESOLVE_CONFLICT = "auto-resolve";
static {
configProperties = ProviderConfigurationBuilder.create().property().name(RESERVED_USERNAMES)
.label("Reserved Usernames")
.helpText("List of reserved usernames (comma separated) that cannot be accepted. "
+ "If found a progressive suffix number will we added.")
.type(ProviderConfigProperty.STRING_TYPE).defaultValue(CYRUS + COMMA + POSTFIX)
.add().property().name(AUTO_RESOLVE_CONFLICT).label("Auto resolve conflicts")
.helpText("Automatically add a numeric suffix to avoid already existing username conflict.")
.type(ProviderConfigProperty.BOOLEAN_TYPE).add().build();
}
public static final String PROVIDER_ID = "username-from-idp-email-mapper";
@Override
public boolean supportsSyncMode(IdentityProviderSyncMode syncMode) {
return IDENTITY_PROVIDER_SYNC_MODES.contains(syncMode);
}
@Override
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}
@Override
public String getId() {
return PROVIDER_ID;
}
@Override
public String[] getCompatibleProviders() {
return COMPATIBLE_PROVIDERS;
}
@Override
public String getDisplayCategory() {
return "Preprocessor";
}
@Override
public String getDisplayType() {
return "Username from email importer";
}
@Override
public void updateBrokeredUserLegacy(KeycloakSession session, RealmModel realm, UserModel user,
IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
}
@Override
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user,
IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
// preprocessFederatedIdentity gets called anyways, so we only need to set the username if necessary.
// However, we don't want to set the username when the email is used as username
if (!realm.isRegistrationEmailAsUsername()) {
user.setUsername(context.getModelUsername());
}
}
@Override
public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm,
IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
Set<String> reservedUsernames = getConfigValuesOrEmptySetIfNullOrEmptyString(
mapperModel.getConfig().get(RESERVED_USERNAMES));
logger.debugf("Reserved usernames are: %s", reservedUsernames);
boolean autoResolveConflicts = Boolean.valueOf(mapperModel.getConfig().get(AUTO_RESOLVE_CONFLICT));
logger.debugf("Auto resolve conflict setting is: %b", autoResolveConflicts);
String email = context.getEmail();
logger.debugf("Email address is: " + email);
String username = email.substring(0, email.indexOf('@')).toLowerCase();
logger.debugf("Extracted raw username is: %s", username);
for (Character c : username.chars().mapToObj(e -> (char) e).collect(Collectors.toSet())) {
if (!isChar(c) && !isDigit(c) && (c != DASH) && (c != PERIOD)) {
logger.infof("Replacing unneded char (%c) with %c", c, PERIOD);
username = username.replace(c, PERIOD);
}
}
boolean usernameAlreadyExists = usernameAlreadyExists(session, realm, username);
if ((usernameAlreadyExists && autoResolveConflicts)
|| reservedUsernames.contains(username)) {
if (usernameAlreadyExists) {
logger.infof("Username already exists: %s", username);
} else {
logger.info("Username is one of the reserved usernames");
}
for (int i = 1;; i++) {
String tempUsername = username + PERIOD + i;
logger.tracef("Trying with username: %s", tempUsername);
if (usernameAlreadyExists(session, realm, tempUsername)) {
logger.tracef("Username already exists: %s", tempUsername);
} else {
logger.tracef("Username is OK: %s", tempUsername);
username = tempUsername;
break;
}
}
}
logger.infof("Final computed username is: %s", username);
context.setModelUsername(username);
}
private static boolean isChar(char c) {
return (((c >= 'a') && (c <= 'z')) || ((c >= 'A') && (c <= 'Z')));
}
private static boolean isDigit(char c) {
return ((c >= '0') && (c <= '9'));
}
private boolean usernameAlreadyExists(KeycloakSession session, RealmModel realm, String username) {
return KeycloakModelUtils.findUserByNameOrEmail(session, realm, username) != null;
}
@Override
public String getHelpText() {
return "Extract the IdP username from the e-mail address (before the '@' char).";
}
protected Set<String> getConfigValuesOrEmptySetIfNullOrEmptyString(String str) {
if (str == null || "".equals(str)) {
return Collections.emptySet();
} else {
String[] objClasses = str.split(COMMA);
Set<String> trimmed = new HashSet<>();
for (String objectClass : objClasses) {
objectClass = objectClass.trim();
if (objectClass.length() > 0) {
trimmed.add(objectClass);
}
}
return trimmed;
}
}
}

110
src/main/java/org/gcube/keycloak/event/KeycloakEvent.java
Unescape Escape View File

@ -0,0 +1,110 @@
package org.gcube.keycloak.event;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.Map;
import org.gcube.event.publisher.Event;
import org.keycloak.events.admin.AdminEvent;
public class KeycloakEvent extends Event {
private static final long serialVersionUID = 4072256389444123291L;
public static final String TYPE = "keycloak";
public static final String REALM = "realm";
public static final String USER = "user";
public static final String CLIENT = "client";
public static final String RESOURCE = "resource";
public static final String RESOURCE_TYPE = "resource-type";
public static final String OPERATION = "operation";
public static final String ADMIN_NAME = "ADMIN";
public KeycloakEvent(String name, String sender, String realm) {
this(name, sender, realm, null);
}
public KeycloakEvent(String name, String sender, String realm, Map<String, String> data) {
super(name, TYPE, sender, data);
setRealm(realm);
}
public static KeycloakEvent newKeycloakEvent(org.keycloak.events.Event event) {
KeycloakEvent keycloakEvent = new KeycloakEvent(event.getType().name(), event.getIpAddress(),
event.getRealmId(), event.getDetails());
// Overriding the timestamp setting it equal to the event time
keycloakEvent.setTimestamp(convertEventDate(event.getTime()));
keycloakEvent.setClient(event.getClientId());
keycloakEvent.setUser(event.getUserId());
return keycloakEvent;
}
public static KeycloakEvent newKeycloakAdminEvent(AdminEvent adminEvent) {
KeycloakEvent keycloakEvent = new KeycloakEvent(ADMIN_NAME, adminEvent.getResourcePath(),
adminEvent.getRealmId());
// Overriding the timestamp setting it equal to the event time
keycloakEvent.setTimestamp(convertEventDate(adminEvent.getTime()));
keycloakEvent.setResource(adminEvent.getResourcePath());
keycloakEvent.setResourceType(adminEvent.getResourceTypeAsString());
keycloakEvent.setOperation(adminEvent.getOperationType().name());
return keycloakEvent;
}
private static OffsetDateTime convertEventDate(long millis) {
OrchestratorEventPublisherProvider.logger.infof("Creating offset date time from millis: %l", millis);
return Instant.ofEpochMilli(millis).atZone(ZoneOffset.systemDefault()).toOffsetDateTime();
}
public void setRealm(String realm) {
set(REALM, realm);
}
public String getRealm() {
return (String) get(REALM);
}
public void setUser(String user) {
set(USER, user);
}
public String getUser() {
return (String) get(USER);
}
public void setClient(String client) {
set(CLIENT, client);
}
public String getClient() {
return (String) get(CLIENT);
}
public void setResource(String resource) {
set(RESOURCE, resource);
}
public String getResource() {
return (String) get(RESOURCE);
}
public void setResourceType(String resourceType) {
set(RESOURCE_TYPE, resourceType);
}
public String getResourceType() {
return (String) get(RESOURCE_TYPE);
}
public void setOperation(String operation) {
set(OPERATION, operation);
}
public String getOperation() {
return (String) get(OPERATION);
}
}

59
src/main/java/org/gcube/keycloak/event/OrchestratorEventPublisherProvider.java
Unescape Escape View File

@ -0,0 +1,59 @@
package org.gcube.keycloak.event;
import java.util.EventListener;
import org.gcube.event.publisher.AbstractEventPublisher;
import org.gcube.event.publisher.EventSender;
import org.gcube.event.publisher.HTTPWithUMAAuthEventSender;
import org.jboss.logging.Logger;
import org.keycloak.events.Event;
import org.keycloak.events.EventListenerProvider;
import org.keycloak.events.admin.AdminEvent;
/**
* @author <a href="mailto:marco.lettere@nubisware.com">Marco Lettere</a>
* @author <a href="mailto:mauro.mugnaini@nubisware.com">Mauro Mugnaini</a>
*/
public class OrchestratorEventPublisherProvider extends AbstractEventPublisher
implements EventListenerProvider, EventListener {
public static final Logger logger = Logger.getLogger(OrchestratorEventPublisherProvider.class);
public OrchestratorEventPublisherProvider() {
super();
}
@Override
public void close() {
}
@Override
public void onEvent(Event event) {
if (event.getError() != null) {
logger.debug("Skipping error event publish");
return;
}
logger.debug("Publishing new event to orchestrator");
publish(KeycloakEvent.newKeycloakEvent(event));
}
@Override
public void onEvent(AdminEvent event, boolean includeRepresentation) {
if (event.getError() != null) {
logger.debug("Skipping error admin event publish");
return;
}
logger.debug("Publishing new admin event to orchestrator");
publish(KeycloakEvent.newKeycloakAdminEvent(event));
}
@Override
protected EventSender createEventSender() {
logger.infof("Creating the HTTP event sender with endpoint: %s",
OrchestratorEventPublisherProviderFactory.endpoint);
return new HTTPWithUMAAuthEventSender(OrchestratorEventPublisherProviderFactory.endpoint, null, null, null,
null);
}
}

70
src/main/java/org/gcube/keycloak/event/OrchestratorEventPublisherProviderFactory.java
Unescape Escape View File

@ -0,0 +1,70 @@
package org.gcube.keycloak.event;
import java.net.MalformedURLException;
import java.net.URL;
import org.jboss.logging.Logger;
import org.keycloak.Config.Scope;
import org.keycloak.events.EventListenerProvider;
import org.keycloak.events.EventListenerProviderFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
/**
* @author <a href="mailto:marco.lettere@nubisware.com">Marco Lettere</a>
* @author <a href="mailto:mauro.mugnaini@nubisware.com">Mauro Mugnaini</a>
*/
public class OrchestratorEventPublisherProviderFactory implements EventListenerProviderFactory {
public static final String REALM_NAME = "d4science";
public static final String ORCHESTRATOR_CLIENT_ID = "orchestrator";
private static final Logger logger = Logger.getLogger(OrchestratorEventPublisherProviderFactory.class);
public static URL endpoint;
protected OrchestratorEventPublisherProvider oepp;
public OrchestratorEventPublisherProviderFactory() {
logger.info("New OrchestratorEventPublisherProviderFactory has been created");
}
@Override
public void close() {
}
@Override
public EventListenerProvider create(KeycloakSession keycloakSession) {
logger.debugf("Getting configured endpoint address for client '%s' in realm '%s'", ORCHESTRATOR_CLIENT_ID,
REALM_NAME);
String address = keycloakSession.realms().getRealmByName(REALM_NAME).getClientByClientId(ORCHESTRATOR_CLIENT_ID)
.getBaseUrl();
try {
URL newEndpoint = new URL(address);
if (oepp == null || !newEndpoint.equals(endpoint)) {
logger.infof("Creating new orchestrator event publisher provider for endpoint: %s", address);
OrchestratorEventPublisherProviderFactory.endpoint = newEndpoint;
// Endpoint address will be read from 'address' static field in this class
oepp = new OrchestratorEventPublisherProvider();
}
} catch (MalformedURLException e) {
logger.error("Can't create new orchestrator event publisher provider with endpoint address: " + address, e);
oepp = null;
}
return oepp;
}
@Override
public String getId() {
return "orchestrator-event-publisher";
}
@Override
public void init(Scope scope) {
}
@Override
public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
}
}

262
src/main/java/org/gcube/keycloak/storage/ldap/mappers/UserAttributeTemplatedLDAPStorageMapper.java
Unescape Escape View File

@ -0,0 +1,262 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.gcube.keycloak.storage.ldap.mappers;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.reflection.Property;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.LDAPUtils;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class UserAttributeTemplatedLDAPStorageMapper extends AbstractLDAPStorageMapper {
private static final Logger logger = Logger.getLogger(UserAttributeTemplatedLDAPStorageMapper.class);
private static final Map<String, Property<Object>> userModelProperties = LDAPUtils.getUserModelProperties();
public static final String TEMPLATE_ATTRIBUTE = "template.string";
public static final String USER_MODEL_ATTRIBUTE = "user.model.attribute";
public static final String LDAP_ATTRIBUTE = "ldap.attribute";
public static final String READ_ONLY = "read.only";
public static final String ALWAYS_READ_VALUE_FROM_LDAP = "always.read.value.from.ldap";
public static final String IS_MANDATORY_IN_LDAP = "is.mandatory.in.ldap";
public UserAttributeTemplatedLDAPStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider) {
super(mapperModel, ldapProvider);
}
@Override
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) {
String userModelAttrName = getUserModelAttribute();
String ldapAttrName = getLdapAttributeName();
Property<Object> userModelProperty = userModelProperties.get(userModelAttrName.toLowerCase());
if (userModelProperty != null) {
// we have java property on UserModel
String ldapAttrValue = ldapUser.getAttributeAsString(ldapAttrName);
checkDuplicateEmail(userModelAttrName, ldapAttrValue, realm, ldapProvider.getSession(), user);
setPropertyOnUserModel(userModelProperty, user, ldapAttrValue);
} else {
// we don't have java property. Let's set attribute
Set<String> ldapAttrValue = ldapUser.getAttributeAsSet(ldapAttrName);
if (ldapAttrValue != null) {
user.setAttribute(userModelAttrName, new ArrayList<>(ldapAttrValue));
} else {
user.removeAttribute(userModelAttrName);
}
}
}
public static final String VALUE = "VALUE";
public static final String ATTRIBUTE_VALUE = "${" + VALUE + "}";
public static Pattern substitution = Pattern.compile("\\$\\{([^}]+)\\}");
protected String computeAttributeValue(String template, String value) {
Matcher matcher = substitution.matcher(template);
StringBuffer sb = new StringBuffer();
while (matcher.find()) {
String token = matcher.group(1);
if (token.equals(VALUE)) {
matcher.appendReplacement(sb, value);
} else {
matcher.appendReplacement(sb, token);
}
}
matcher.appendTail(sb);
return sb.toString();
}
@Override
public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm) {
String template = getTemplate();
String userModelAttrName = getUserModelAttribute();
String ldapAttrName = getLdapAttributeName();
boolean isMandatoryInLdap = parseBooleanParameter(mapperModel, IS_MANDATORY_IN_LDAP);
Property<Object> userModelProperty = userModelProperties.get(userModelAttrName.toLowerCase());
if (userModelProperty != null) {
// we have java property on UserModel. Assuming we support just properties of simple types
Object attrValue = userModelProperty.getValue(localUser);
if (attrValue == null) {
if (isMandatoryInLdap) {
ldapUser.setSingleAttribute(ldapAttrName, LDAPConstants.EMPTY_ATTRIBUTE_VALUE);
} else {
ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<String>());
}
} else {
ldapUser.setSingleAttribute(ldapAttrName, computeAttributeValue(template, attrValue.toString()));
}
} else {
// we don't have java property. Let's set attribute
List<String> attrValues = localUser.getAttribute(userModelAttrName);
if (attrValues.size() == 0) {
if (isMandatoryInLdap) {
ldapUser.setSingleAttribute(ldapAttrName, LDAPConstants.EMPTY_ATTRIBUTE_VALUE);
} else {
ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<String>());
}
} else {
UserAttributeTemplatedLDAPStorageMapper.logger
.trace("Computing value from template for all the elements in the list");
List<String> newList = attrValues.stream().map(e -> computeAttributeValue(template, e))
.collect(Collectors.toList());
ldapUser.setAttribute(ldapAttrName, new LinkedHashSet<>(newList));
}
}
if (isReadOnly()) {
ldapUser.addReadOnlyAttributeName(ldapAttrName);
}
}
// throw ModelDuplicateException if there is different user in model with same email
protected void checkDuplicateEmail(String userModelAttrName, String email, RealmModel realm,
KeycloakSession session, UserModel user) {
if (email == null || realm.isDuplicateEmailsAllowed())
return;
if (UserModel.EMAIL.equalsIgnoreCase(userModelAttrName)) {
// lowercase before search
email = KeycloakModelUtils.toLowerCaseSafe(email);
UserModel that = session.userLocalStorage().getUserByEmail(email, realm);
if (that != null && !that.getId().equals(user.getId())) {
session.getTransactionManager().setRollbackOnly();
String exceptionMessage = String.format(
"Can't import user '%s' from LDAP because email '%s' already exists in Keycloak. Existing user with this email is '%s'",
user.getUsername(), email, that.getUsername());
throw new ModelDuplicateException(exceptionMessage, UserModel.EMAIL);
}
}
}
protected void checkDuplicateUsername(String userModelAttrName, String username, RealmModel realm,
KeycloakSession session, UserModel user) {
// only if working in USERNAME attribute
if (UserModel.USERNAME.equalsIgnoreCase(userModelAttrName)) {
if (username == null || username.isEmpty()) {
throw new ModelException("Cannot set an empty username");
}
boolean usernameChanged = !username.equals(user.getUsername());
if (realm.isEditUsernameAllowed() && usernameChanged) {
UserModel that = session.users().getUserByUsername(username, realm);
if (that != null && !that.getId().equals(user.getId())) {
throw new ModelDuplicateException(
String.format(
"Cannot change the username to '%s' because the username already exists in keycloak",
username),
UserModel.USERNAME);
}
} else if (usernameChanged) {
throw new ModelException(
"Cannot change username if the realm is not configured to allow edit the usernames");
}
}
}
@Override
public UserModel proxy(final LDAPObject ldapUser, UserModel delegate, RealmModel realm) {
// Don't update attribute in LDAP later. It's supposed to be written just at registration time
String ldapAttrName = mapperModel.get(LDAP_ATTRIBUTE);
ldapUser.addReadOnlyAttributeName(ldapAttrName);
return delegate;
}
@Override
public void beforeLDAPQuery(LDAPQuery query) {
String ldapAttrName = getLdapAttributeName();
// Add mapped attribute to returning ldap attributes
query.addReturningLdapAttribute(ldapAttrName);
if (isReadOnly()) {
query.addReturningReadOnlyLdapAttribute(ldapAttrName);
}
}
private String getTemplate() {
return mapperModel.getConfig().getFirst(TEMPLATE_ATTRIBUTE);
}
private String getUserModelAttribute() {
return mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE);
}
String getLdapAttributeName() {
return mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE);
}
private boolean isReadOnly() {
return parseBooleanParameter(mapperModel, READ_ONLY);
}
protected void setPropertyOnUserModel(Property<Object> userModelProperty, UserModel user, String ldapAttrValue) {
if (ldapAttrValue == null) {
userModelProperty.setValue(user, null);
} else {
Class<Object> clazz = userModelProperty.getJavaClass();
if (String.class.equals(clazz)) {
userModelProperty.setValue(user, ldapAttrValue);
} else if (Boolean.class.equals(clazz) || boolean.class.equals(clazz)) {
Boolean boolVal = Boolean.valueOf(ldapAttrValue);
userModelProperty.setValue(user, boolVal);
} else {
logger.warnf("Don't know how to set the property '%s' on user '%s' . Value of LDAP attribute is '%s' ",
userModelProperty.getName(), user.getUsername(), ldapAttrValue.toString());
}
}
}
}

142
src/main/java/org/gcube/keycloak/storage/ldap/mappers/UserAttributeTemplatedLDAPStorageMapperFactory.java
Unescape Escape View File

@ -0,0 +1,142 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.gcube.keycloak.storage.ldap.mappers;
import java.util.List;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.storage.ldap.LDAPConfig;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.LDAPConfigDecorator;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
* @author <a href="mailto:mauro.mugnaini@nubisware.com">Mauro Mugnaini</a>
*/
public class UserAttributeTemplatedLDAPStorageMapperFactory extends AbstractLDAPStorageMapperFactory
implements LDAPConfigDecorator {
public static final String PROVIDER_ID = "ua-templated-ldap-mapper";
protected static final List<ProviderConfigProperty> configProperties;
static {
List<ProviderConfigProperty> props = getConfigProps(null);
configProperties = props;
}
static List<ProviderConfigProperty> getConfigProps(ComponentModel p) {
String readOnly = "false";
UserStorageProviderModel parent = new UserStorageProviderModel();
if (p != null) {
parent = new UserStorageProviderModel(p);
LDAPConfig ldapConfig = new LDAPConfig(parent.getConfig());
readOnly = ldapConfig.getEditMode() == UserStorageProvider.EditMode.WRITABLE ? "false" : "true";
}
ProviderConfigurationBuilder config = ProviderConfigurationBuilder.create()
.property().name(UserAttributeTemplatedLDAPStorageMapper.TEMPLATE_ATTRIBUTE)
.label("Template string")
.helpText("Template to be used to compute final value to be set in LDAP. You can user the "
+ UserAttributeTemplatedLDAPStorageMapper.ATTRIBUTE_VALUE
+ " placeholder in the text and it will be replaced by the value read by the model property. "
+ "(e.g. /home/" + UserAttributeTemplatedLDAPStorageMapper.ATTRIBUTE_VALUE)
.type(ProviderConfigProperty.STRING_TYPE)
.add()
.property().name(UserAttributeTemplatedLDAPStorageMapper.USER_MODEL_ATTRIBUTE)
.label("User Model Attribute")
.helpText(
"Name of the UserModel property or attribute you want to map the LDAP attribute into. For example 'firstName', 'lastName, 'email', 'street' etc.")
.type(ProviderConfigProperty.STRING_TYPE)
.add()
.property().name(UserAttributeTemplatedLDAPStorageMapper.LDAP_ATTRIBUTE).label("LDAP Attribute")
.helpText("Name of mapped attribute on LDAP object. For example 'cn', 'sn, 'mail', 'street' etc.")
.type(ProviderConfigProperty.STRING_TYPE)
.add()
.property().name(UserAttributeTemplatedLDAPStorageMapper.READ_ONLY).label("Read Only")
.helpText(
"Read-only attribute is imported from LDAP to UserModel, but it's not saved back to LDAP when user is updated in Keycloak.")
.type(ProviderConfigProperty.BOOLEAN_TYPE)
.defaultValue(readOnly)
.add();
if (parent.isImportEnabled()) {
config.property().name(UserAttributeTemplatedLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP)
.label("Always Read Value From LDAP")
.helpText(
"If on, then during reading of the LDAP attribute value will always used instead of the value from Keycloak DB")
.type(ProviderConfigProperty.BOOLEAN_TYPE).defaultValue("false").add();
}
config.property().name(UserAttributeTemplatedLDAPStorageMapper.IS_MANDATORY_IN_LDAP)
.label("Is Mandatory In LDAP")
.helpText(
"If true, attribute is mandatory in LDAP. Hence if there is no value in Keycloak DB, the empty value will be set to be propagated to LDAP")
.type(ProviderConfigProperty.BOOLEAN_TYPE)
.defaultValue("false").add();
return config.build();
}
@Override
public String getHelpText() {
return "Used to map single attribute from LDAP user to attribute of UserModel in Keycloak DB";
}
@Override
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}
@Override
public String getId() {
return PROVIDER_ID;
}
@Override
public void validateConfiguration(KeycloakSession session, RealmModel realm, ComponentModel config)
throws ComponentValidationException {
checkMandatoryConfigAttribute(UserAttributeTemplatedLDAPStorageMapper.USER_MODEL_ATTRIBUTE,
"User Model Attribute", config);
checkMandatoryConfigAttribute(UserAttributeTemplatedLDAPStorageMapper.LDAP_ATTRIBUTE, "LDAP Attribute",
config);
}
@Override
protected AbstractLDAPStorageMapper createMapper(ComponentModel mapperModel,
LDAPStorageProvider federationProvider) {
return new UserAttributeTemplatedLDAPStorageMapper(mapperModel, federationProvider);
}
@Override
public List<ProviderConfigProperty> getConfigProperties(RealmModel realm, ComponentModel parent) {
return getConfigProps(parent);
}
@Override
public void updateLDAPConfig(LDAPConfig ldapConfig, ComponentModel mapperModel) {
}
}

12
src/main/resources/META-INF/jboss-deployment-structure.xml
Unescape Escape View File

@ -0,0 +1,12 @@
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-ldap-federation"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="org.keycloak.keycloak-services"/>
<module name="org.jboss.logging"/>
</dependencies>
</deployment>
</jboss-deployment-structure>

1
src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
Unescape Escape View File

@ -0,0 +1 @@
org.gcube.keycloak.broker.oidc.mappers.UsernameFromMailMapper

1
src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory
Unescape Escape View File

@ -0,0 +1 @@
org.gcube.keycloak.event.OrchestratorEventPublisherProviderFactory

1
src/main/resources/META-INF/services/org.keycloak.storage.ldap.mappers.LDAPStorageMapperFactory
Unescape Escape View File

@ -0,0 +1 @@
org.gcube.keycloak.storage.ldap.mappers.UserAttributeTemplatedLDAPStorageMapperFactory
Write Preview
Loading…
Cancel
Save