├── .gitignore
├── LICENSE
├── README.md
├── assets
└── images
│ ├── board.png
│ └── board2.png
├── pom.xml
└── src
└── main
├── config
└── module.xml
├── java
└── fr
│ └── sii
│ └── keycloak
│ ├── JsonRemoteClaim.java
│ └── JsonRemoteClaimException.java
└── resources
└── META-INF
└── services
└── org.keycloak.protocol.ProtocolMapper
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | /*.iml
3 | /target
4 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # JSON Remote claim Mapper for Keycloak
2 |
3 | This module uses the unoffical Protocol Mapper SPI for keycloak.
4 |
5 | It adds a new mapper type which retrieves a JSON claim from a remote HTTP endpoint (e.g. from a REST API).
6 |
7 | ## Compatibility
8 |
9 | This module currently works with Keycloak Keycloak 8.0.0.
10 |
11 | It is compatible with Keycloak >= 4.6.0 , you may just need to change the keycloak version in the ```pom.xml```.
12 |
13 | For version <= 4.5.0, the module will also work but a functionnality will be unavailable (see (1)).
14 |
15 | ## Install
16 |
17 | Start by building the module:
18 |
19 | ```Bash
20 | mvn clean package
21 | ```
22 |
23 | ### Deploy manually
24 |
25 | 1. In keycloak configuration (e.g. standalone.xml), register the module by adding the following provider into the ```urn:jboss:domain:keycloak-server``` subsystem.
26 |
27 | module:fr.sii.keycloak.mapper.json-remote-claim
28 |
29 | 2. Copy Jar and module.xml in the keycloak modules (replace {KEYCLOAK_PATH})
30 |
31 | mkdir -p {KEYCLOAK_PATH}/modules/system/layers/base/fr/sii/keycloak/mapper/json-remote-claim/main/
32 | cp ./target/json-remote-claim.jar {KEYCLOAK_PATH}/modules/system/layers/base/fr/sii/keycloak/mapper/json-remote-claim/main/
33 | cp ./src/main/config/module.xml {KEYCLOAK_PATH}/modules/system/layers/base/fr/sii/keycloak/mapper/json-remote-claim/main/
34 |
35 | 3. Start Keycloak
36 |
37 | ### Deploy in Docker
38 |
39 | To deploy automatically in docker, you can use this solution from Meinert Schwartau:
40 |
41 | https://github.com/mschwartau/keycloak-custom-protocol-mapper-example
42 |
43 | ## Using the module
44 |
45 | To add a JSON claim from a remote HTTP / REST service, you just need to add a mapper from client (or client scope) configuration.
46 |
47 | You will then be able to:
48 |
49 | - Set the URL of the remote service (*URL*)
50 | - Customize the claim path (*Token Claim Name*)
51 | - Send the username as ```username``` query parameter (*Send user name*)
52 | - Send the client_id of the resource as ```client_id``` query parameter (*Send client ID*)
53 | - Add custom query parameters to the request (*Parameters*)
54 | - Add custom HTTP headers to the request (*Headers*)
55 |
56 | For headers and query parameters, use ```=``` to separate key and value. You can add multiple parameters (and headers) by separating them with ```&```.
57 |
58 | ### Screenshots
59 |
60 | 
61 |
62 | 
63 |
64 | ## Functionalities
65 |
66 | - Integration as a protocol mapper in Keycloak dashboard
67 | - Configurable claim path (= claim name)
68 | - Handles any type of JSON object
69 | - Sending username as an option
70 | - Sending client_id as an option
71 | - Custom query parameters
72 | - Custom HTTP headers
73 | - URL configuration
74 | - Error handling: no token delivered if claims are unavailable (error 500 will occur)
75 | - (1) Optimization when multiple tokens in the response: needs a single request (example: access_token and id_token in the response)
76 |
77 | (1) *Only with Keycloak >= 4.6.0*
--------------------------------------------------------------------------------
/assets/images/board.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/groupe-sii/keycloak-json-remote-claim/7e8b326060a0042da699056e10e779f6e7733d3a/assets/images/board.png
--------------------------------------------------------------------------------
/assets/images/board2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/groupe-sii/keycloak-json-remote-claim/7e8b326060a0042da699056e10e779f6e7733d3a/assets/images/board2.png
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
3 |
4 | JSON Remote claim
5 | Keycloak module for mapping remote claims
6 | 4.0.0
7 |
8 | fr.sii.keycloak
9 | json-remote-claim
10 | 1.0.0
11 |
12 | jar
13 |
14 |
15 | UTF-8
16 | 8.0.1
17 | 1.8
18 |
19 |
20 |
21 | ${project.artifactId}
22 |
23 |
24 |
25 |
26 | org.apache.maven.plugins
27 | maven-compiler-plugin
28 | 3.8.0
29 |
30 | ${java.version}
31 | ${java.version}
32 |
33 |
34 |
35 | org.apache.maven.plugins
36 | maven-jar-plugin
37 | 3.1.1
38 |
39 |
40 |
41 | org.keycloak.keycloak-core,org.keycloak.keycloak-server-spi,org.keycloak.keycloak-server-spi-private,org.keycloak.keycloak-services
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 | org.keycloak
53 | keycloak-core
54 | provided
55 | ${keycloak.version}
56 |
57 |
58 | org.keycloak
59 | keycloak-server-spi
60 | provided
61 | ${keycloak.version}
62 |
63 |
64 | org.keycloak
65 | keycloak-server-spi-private
66 | provided
67 | ${keycloak.version}
68 |
69 |
70 | org.keycloak
71 | keycloak-services
72 | provided
73 | ${keycloak.version}
74 |
75 |
76 |
77 |
78 |
--------------------------------------------------------------------------------
/src/main/config/module.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/src/main/java/fr/sii/keycloak/JsonRemoteClaim.java:
--------------------------------------------------------------------------------
1 | package fr.sii.keycloak;
2 |
3 | import com.fasterxml.jackson.databind.JsonNode;
4 | import org.keycloak.models.*;
5 | import org.keycloak.protocol.oidc.mappers.*;
6 | import org.keycloak.provider.ProviderConfigProperty;
7 | import org.keycloak.representations.IDToken;
8 |
9 | import javax.ws.rs.client.Client;
10 | import javax.ws.rs.client.ClientBuilder;
11 | import javax.ws.rs.client.Invocation;
12 | import javax.ws.rs.client.WebTarget;
13 | import javax.ws.rs.core.MediaType;
14 | import javax.ws.rs.core.Response;
15 | import java.util.ArrayList;
16 | import java.util.HashMap;
17 | import java.util.List;
18 | import java.util.Map;
19 | import java.util.stream.Collectors;
20 |
21 | /**
22 | * @author Nicolas Roussel
23 | * @version $Revision: 1 $
24 | */
25 | public class JsonRemoteClaim extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper {
26 |
27 | private static final List configProperties = new ArrayList<>();
28 |
29 | private final static String REMOTE_URL = "remote.url";
30 | private final static String REMOTE_HEADERS = "remote.headers";
31 | private final static String REMOTE_PARAMETERS = "remote.parameters";
32 | private final static String REMOTE_PARAMETERS_USERNAME = "remote.parameters.username";
33 | private final static String REMOTE_PARAMETERS_CLIENTID = "remote.parameters.clientid";
34 |
35 | private static Client client = ClientBuilder.newClient();
36 |
37 | /**
38 | * Inner configuration to cache retrieved authorization for multiple tokens
39 | */
40 | private final static String REMOTE_AUTHORIZATION_ATTR = "remote-authorizations";
41 |
42 | /*
43 | * ID of the token mapper.
44 | * Must be public
45 | */
46 | public final static String PROVIDER_ID = "json-remote-claim";
47 |
48 | static {
49 | OIDCAttributeMapperHelper.addIncludeInTokensConfig(configProperties, JsonRemoteClaim.class);
50 | OIDCAttributeMapperHelper.addTokenClaimNameConfig(configProperties);
51 |
52 | ProviderConfigProperty property;
53 |
54 | // Username
55 | property = new ProviderConfigProperty();
56 | property.setName(REMOTE_PARAMETERS_USERNAME);
57 | property.setLabel("Send user name");
58 | property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
59 | property.setHelpText("Send the username as query parameter (param: username).");
60 | property.setDefaultValue("true");
61 | configProperties.add(property);
62 |
63 | // Client_id
64 | property = new ProviderConfigProperty();
65 | property.setName(REMOTE_PARAMETERS_CLIENTID);
66 | property.setLabel("Send client ID");
67 | property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
68 | property.setHelpText("Send the client_id as query parameter (param: client_id).");
69 | property.setDefaultValue("false");
70 | configProperties.add(property);
71 |
72 | // URL
73 | property = new ProviderConfigProperty();
74 | property.setName(REMOTE_URL);
75 | property.setLabel("URL");
76 | property.setType(ProviderConfigProperty.STRING_TYPE);
77 | property.setHelpText("Full URL of the remote service endpoint.");
78 | configProperties.add(property);
79 |
80 | // Parameters
81 | property = new ProviderConfigProperty();
82 | property.setName(REMOTE_PARAMETERS);
83 | property.setLabel("Parameters");
84 | property.setType(ProviderConfigProperty.STRING_TYPE);
85 | property.setHelpText("List of query parameters to send separated by '&'. Separate parameter name and value by an equals sign '=', the value can contain equals signs (ex: scope=all&full=true).");
86 | configProperties.add(property);
87 |
88 | // Headers
89 | property = new ProviderConfigProperty();
90 | property.setName(REMOTE_HEADERS);
91 | property.setLabel("Headers");
92 | property.setType(ProviderConfigProperty.STRING_TYPE);
93 | property.setHelpText("List of headers to send separated by '&'. Separate header name and value by an equals sign '=', the value can contain equals signs (ex: Authorization=az89d).");
94 | configProperties.add(property);
95 | }
96 |
97 | @Override
98 | public String getDisplayCategory() {
99 | return "Token mapper";
100 | }
101 |
102 | @Override
103 | public String getDisplayType() {
104 | return "JSON Remote claim";
105 | }
106 |
107 | @Override
108 | public String getHelpText() {
109 | return "Retrieve JSON data to include from a remote HTTP endpoint.";
110 | }
111 |
112 | @Override
113 | public List getConfigProperties() {
114 | return configProperties;
115 | }
116 |
117 | @Override
118 | public String getId() {
119 | return PROVIDER_ID;
120 | }
121 |
122 | @Override
123 | protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession, ClientSessionContext clientSessionCtx) {
124 | JsonNode claims = clientSessionCtx.getAttribute(REMOTE_AUTHORIZATION_ATTR, JsonNode.class);
125 | if (claims == null) {
126 | claims = getRemoteAuthorizations(mappingModel, userSession);
127 | clientSessionCtx.setAttribute(REMOTE_AUTHORIZATION_ATTR, claims);
128 | }
129 |
130 | OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claims);
131 | }
132 |
133 | /**
134 | * Deprecated, added for older versions
135 | *
136 | * Caution: This version does not allow to minimize request number
137 | *
138 | * @deprecated override {@link #setClaim(IDToken, ProtocolMapperModel, UserSessionModel, KeycloakSession, ClientSessionContext)} instead.
139 | */
140 | @Override
141 | protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
142 | JsonNode claims = getRemoteAuthorizations(mappingModel, userSession);
143 | OIDCAttributeMapperHelper.mapClaim(token, mappingModel, claims);
144 | }
145 |
146 | private Map getQueryParameters(ProtocolMapperModel mappingModel, UserSessionModel userSession) {
147 | final String configuredParameter = mappingModel.getConfig().get(REMOTE_PARAMETERS);
148 | final boolean sendUsername = "true".equals(mappingModel.getConfig().get(REMOTE_PARAMETERS_USERNAME));
149 | final boolean sendClientID = "true".equals(mappingModel.getConfig().get(REMOTE_PARAMETERS_CLIENTID));
150 |
151 | // Get parameters
152 | final Map formattedParameters = buildMapFromStringConfig(configuredParameter);
153 |
154 | // Get client ID
155 | if (sendClientID) {
156 | String clientID = userSession.getAuthenticatedClientSessions().values().stream()
157 | .map(AuthenticatedClientSessionModel::getClient)
158 | .map(ClientModel::getClientId)
159 | .distinct()
160 | .collect( Collectors.joining( "," ) );
161 | formattedParameters.put("client_id", clientID);
162 | }
163 |
164 | // Get username
165 | if (sendUsername) {
166 | formattedParameters.put("username", userSession.getLoginUsername());
167 | }
168 |
169 | return formattedParameters;
170 | }
171 |
172 | private Map getheaders(ProtocolMapperModel mappingModel, UserSessionModel userSession) {
173 | final String configuredHeaders = mappingModel.getConfig().get(REMOTE_HEADERS);
174 |
175 | // Get headers
176 | return buildMapFromStringConfig(configuredHeaders);
177 | }
178 |
179 | private Map buildMapFromStringConfig(String config) {
180 | final Map map = new HashMap<>();
181 |
182 | //FIXME: using MULTIVALUED_STRING_TYPE would be better but it doesn't seem to work
183 | if (config != null && !"".equals(config.trim())) {
184 | String[] configList = config.trim().split("&");
185 | String[] keyValue;
186 | for (String configEntry : configList) {
187 | keyValue = configEntry.split("=", 2);
188 | if (keyValue.length == 2) {
189 | map.put(keyValue[0], keyValue[1]);
190 | }
191 | }
192 | }
193 |
194 | return map;
195 | }
196 |
197 | private JsonNode getRemoteAuthorizations(ProtocolMapperModel mappingModel, UserSessionModel userSession) {
198 | // Get parameters
199 | Map parameters = getQueryParameters(mappingModel, userSession);
200 | // Get headers
201 | Map headers = getheaders(mappingModel, userSession);
202 |
203 | // Call remote service
204 | Response response;
205 | final String url = mappingModel.getConfig().get(REMOTE_URL);
206 | try {
207 | WebTarget target = client.target(url);
208 | // Build parameters
209 | for (Map.Entry param : parameters.entrySet()) {
210 | target = target.queryParam(param.getKey(), param.getValue());
211 | }
212 | Invocation.Builder builder = target.request(MediaType.APPLICATION_JSON);
213 | // Build headers
214 | for (Map.Entry header : headers.entrySet()) {
215 | builder = builder.header(header.getKey(), header.getValue());
216 | }
217 | // Call
218 | response = builder.get();
219 | } catch(RuntimeException e) {
220 | // exceptions are thrown to prevent token from being delivered without all information
221 | throw new JsonRemoteClaimException("Error when accessing remote claim", url, e);
222 | }
223 |
224 | // Check response status
225 | if (response.getStatus() != 200) {
226 | response.close();
227 | throw new JsonRemoteClaimException("Wrong status received for remote claim - Expected: 200, Received: " + response.getStatus(), url);
228 | }
229 |
230 | // Bind JSON response
231 | try {
232 | return response.readEntity(JsonNode.class);
233 | } catch(RuntimeException e) {
234 | // exceptions are thrown to prevent token from being delivered without all information
235 | throw new JsonRemoteClaimException("Error when parsing response for remote claim", url, e);
236 | } finally {
237 | response.close();
238 | }
239 |
240 | }
241 | }
--------------------------------------------------------------------------------
/src/main/java/fr/sii/keycloak/JsonRemoteClaimException.java:
--------------------------------------------------------------------------------
1 | package fr.sii.keycloak;
2 |
3 | /**
4 | * @author Nicolas Roussel
5 | * @version $Revision: 1 $
6 | */
7 | public class JsonRemoteClaimException extends RuntimeException {
8 |
9 | public JsonRemoteClaimException(String message, String url) {
10 | super(message + " - Configured URL: " + url);
11 | }
12 |
13 | public JsonRemoteClaimException(String message, String url, Throwable cause) {
14 | super(message + " - Configured URL: " + url, cause);
15 | }
16 |
17 | }
--------------------------------------------------------------------------------
/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper:
--------------------------------------------------------------------------------
1 | fr.sii.keycloak.JsonRemoteClaim
2 |
--------------------------------------------------------------------------------