Marco
Reputation: 93
Cannot get keycloak protocol mapper to invoke when retrieving a token
Keycloak 7.3.0GA Server
Using Library keycloak-services 3.4.3
Our team is having trouble getting our Keycloak protocol mapper to invoke during a token call:
- The mapper is registered at startup and is available in the list of mappers for our clients
- We add the mapper in the KC UI for our client
- When I try the "Evaluate" tab, the custom mapper (Stackoverflow Custom Mapper) does show in the list as one of the "Effective Protocol Mappers"
- However the mapper does not seem to be invoked from the Java side, I see nothing in my logs
- At this point we're just hoping to see our log statement for
transformAccessTokenand the test claim we've added
Evaluate Tab: Evaluate Tab Image
Java Code:
public class SoamProtocolMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper{
public static final String PROVIDER_ID = "oidc-customprotocolmapper";
private static Logger logger = Logger.getLogger(SoamProtocolMapper.class);
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
@Override
public List<ProviderConfigProperty> getConfigProperties() {
logger.info("SOAM: inside getConfigProperties");
return configProperties;
}
@Override
public String getDisplayCategory() {
logger.info("SOAM: inside getDisplayCategory");
return TOKEN_MAPPER_CATEGORY;
}
@Override
public String getDisplayType() {
logger.info("SOAM: inside getDisplayType");
return "Stackoverflow Custom Protocol Mapper";
}
@Override
public String getId() {
logger.info("SOAM: inside getId");
return PROVIDER_ID;
}
@Override
public String getHelpText() {
logger.info("SOAM: inside getHelpText");
return "some help text";
}
@Override
public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
logger.info("SOAM: inside transformAccessToken");
token.getOtherClaims().put("stackoverflowCustomToken", "stackoverflow");
setClaim(token, mappingModel, userSession, session);
return token;
}
public static ProtocolMapperModel create(String name, boolean accessToken, boolean idToken, boolean userInfo) {
logger.info("SOAM: inside create");
ProtocolMapperModel mapper = new ProtocolMapperModel();
mapper.setName(name);
mapper.setProtocolMapper(PROVIDER_ID);
mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<String, String>();
mapper.setConfig(config);
return mapper;
}}
Anything helps - thanks!
Upvotes: 4
Views: 2716
Answers (1)
Marco
Reputation: 93
Answering my own question. There was a couple of lines of code missing in the static and create initialization methods. Here is a working example:
package com.github.bcgov.keycloak.soam;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
import org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper;
import org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.IDToken;
/**
* SOAM Protocol Mapper
*/
public class SoamProtocolMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper {
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
OIDCAttributeMapperHelper.addTokenClaimNameConfig(configProperties);
OIDCAttributeMapperHelper.addIncludeInTokensConfig(configProperties, SoamProtocolMapper.class);
}
public static final String PROVIDER_ID = "oidc-soam-mapper";
public List<ProviderConfigProperty> getConfigProperties() {
return configProperties;
}
@Override
public String getId() {
return PROVIDER_ID;
}
@Override
public String getDisplayType() {
return "Soam Protocol Mapper";
}
@Override
public String getDisplayCategory() {
return TOKEN_MAPPER_CATEGORY;
}
@Override
public String getHelpText() {
return "Map SOAM claims";
}
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
token.getOtherClaims().put("test_claim", "Working!");
}
public static ProtocolMapperModel create(String name,
String tokenClaimName,
boolean consentRequired, String consentText,
boolean accessToken, boolean idToken) {
ProtocolMapperModel mapper = new ProtocolMapperModel();
mapper.setName(name);
mapper.setProtocolMapper(PROVIDER_ID);
mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
mapper.setConsentRequired(consentRequired);
mapper.setConsentText(consentText);
Map<String, String> config = new HashMap<String, String>();
config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, tokenClaimName);
if (accessToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
if (idToken) config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
mapper.setConfig(config);
return mapper;
}
}
Upvotes: 3
Related Questions
- Unable to get the access token from KeyCloak
- KeyCloak User validation and getting token
- Keycloak impersonate with token-exchange
- Access the keycloak API from postman
- Keycloak Protocol Mapper that adds claim to JWT gets Null Pointer Exception
- Keycloak unable to get access token
- Proper way to enrich Keycloak token via external service
- Keycloak error invalid_client Bearer only not allowed
- Generate token with Keycloak
- Keycloak exception "Cannot access delegate without a transaction"