├── .gitignore
├── README.md
├── pom.xml
└── src
    └── main
        ├── java
            └── CustomOIDCProtocolMapper.java
        └── resources
            └── META-INF
                ├── jboss-deployment-structure.xml
                └── services
                    └── org.keycloak.protocol.ProtocolMapper


/.gitignore:
--------------------------------------------------------------------------------
 1 | HELP.md
 2 | target/
 3 | !.mvn/wrapper/maven-wrapper.jar
 4 | !**/src/main/**
 5 | !**/src/test/**
 6 | 
 7 | ### STS ###
 8 | .apt_generated
 9 | .classpath
10 | .factorypath
11 | .project
12 | .settings
13 | .springBeans
14 | .sts4-cache
15 | 
16 | ### IntelliJ IDEA ###
17 | .idea
18 | *.iws
19 | *.iml
20 | *.ipr
21 | 
22 | ### NetBeans ###
23 | /nbproject/private/
24 | /nbbuild/
25 | /dist/
26 | /nbdist/
27 | /.nb-gradle/
28 | build/
29 | 
30 | ### VS Code ###
31 | .vscode/
32 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # KeycloakCustomProtocolMapper
 2 | 
 3 | implement a CustomProtocolMapper class based on AbstractOIDCProtocolMapper
 4 | 
 5 | META-INF/services File with the name org.keycloak.protocol.ProtocolMapper must be available and contains the name of mapper
 6 | 
 7 | jboss-deployment-structure.xml need to be available to use keycloak built in classes
 8 | 
 9 | Jar File is deployed in /opt/jboss/keycloak/standalone/deployments/
10 | 
11 | custom Mapper
12 | use POM.xml and resolve dependencies
13 | Extend AbstractOIDCProtocolMapper and need to implement all abstract methods. If want to have a SAML Protocol Mapper then it's another base class (AbstractSAMLProtocolMapper)
14 | one relevant method is transformAccessToken -can implement logic here.
15 | 
16 | Services File
17 | The services File is important for keycloak to find the custom-Implementation.
18 | Place a file with the fileName org.keycloak.protocol.ProtocolMapper inside \src\main\resources\META-INF\services\
19 | 
20 | Inside this file write to Name of your custom Provider - then keycloak knows that this class is available as Protocol Mapper
21 | can add multiple file names
22 | 
23 | CustomOIDCProtocolMapper
24 | 
25 | Deployment Structure XML
26 | In custom mapper use files from keycloak. In order to use them it's needed to inform jboss about this dependency. Therefore create a file jboss-deployment-structure.xml inside \src\main\resources\META-INF\ Content:
27 | 
28 | Build and deploy your Extension
29 | Build a jar File of the Extension (mvn clean package) - and place the jar in /opt/jboss/keycloak/standalone/deployments/ and restart keycloak
30 | 
31 | create a Mapper in keycloak admin ui and select getDisplayType given in the code
32 | 


--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project xmlns="http://maven.apache.org/POM/4.0.0"
 3 |          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 5 |     <modelVersion>4.0.0</modelVersion>
 6 | 
 7 |     <groupId>net.cake.keycloak.custom</groupId>
 8 |     <artifactId>keycloak-customProtocolMapper</artifactId>
 9 |     <version>1.0-SNAPSHOT</version>
10 |     <packaging>jar</packaging>
11 | 
12 |     <properties>
13 |         <keycloak.version>8.0.0</keycloak.version>
14 |     </properties>
15 | 
16 |     <dependencies>
17 |         <!-- provided keycloak dependencies -->
18 |         <dependency>
19 |             <groupId>org.keycloak</groupId>
20 |             <artifactId>keycloak-core</artifactId>
21 |             <version>${keycloak.version}</version>
22 |             <scope>provided</scope>
23 |         </dependency>
24 |         <dependency>
25 |             <groupId>org.keycloak</groupId>
26 |             <artifactId>keycloak-server-spi</artifactId>
27 |             <version>${keycloak.version}</version>
28 |             <scope>provided</scope>
29 |         </dependency>
30 |         <dependency>
31 |             <groupId>org.keycloak</groupId>
32 |             <artifactId>keycloak-server-spi-private</artifactId>
33 |             <version>${keycloak.version}</version>
34 |             <scope>provided</scope>
35 |         </dependency>
36 |         <dependency>
37 |             <groupId>org.keycloak</groupId>
38 |             <artifactId>keycloak-services</artifactId>
39 |             <version>${keycloak.version}</version>
40 |             <scope>provided</scope>
41 |         </dependency>
42 | 
43 |         <dependency>
44 |             <groupId>org.keycloak</groupId>
45 |             <artifactId>keycloak-saml-core</artifactId>
46 |             <version>${keycloak.version}</version>
47 |             <scope>provided</scope>
48 |         </dependency>
49 |         <dependency>
50 |             <groupId>org.keycloak</groupId>
51 |             <artifactId>keycloak-saml-adapter-core</artifactId>
52 |             <version>${keycloak.version}</version>
53 |             <scope>provided</scope>
54 |         </dependency>
55 | 
56 |         <dependency>
57 |             <groupId>org.keycloak</groupId>
58 |             <artifactId>keycloak-saml-adapter-api-public</artifactId>
59 |             <version>${keycloak.version}</version>
60 |             <scope>provided</scope>
61 |         </dependency>
62 |         <dependency>
63 |             <groupId>org.keycloak</groupId>
64 |             <artifactId>keycloak-saml-core-public</artifactId>
65 |             <version>${keycloak.version}</version>
66 |             <scope>provided</scope>
67 |         </dependency>
68 | 
69 |     </dependencies>
70 | 
71 |     <build>
72 |         <plugins>
73 |             <plugin>
74 |                 <groupId>org.apache.maven.plugins</groupId>
75 |                 <artifactId>maven-compiler-plugin</artifactId>
76 |                 <version>3.7.0</version>
77 |                 <configuration>
78 |                     <forceJavacCompilerUse>true</forceJavacCompilerUse>
79 |                     <source>1.8</source>
80 |                     <target>1.8</target>
81 |                 </configuration>
82 |             </plugin>
83 |             <plugin>
84 |                 <groupId>org.apache.maven.plugins</groupId>
85 |                 <artifactId>maven-shade-plugin</artifactId>
86 |                 <version>3.1.0</version>
87 |                 <executions>
88 |                     <!-- Run shade goal on package phase -->
89 |                     <execution>
90 |                         <phase>package</phase>
91 |                         <goals>
92 |                             <goal>shade</goal>
93 |                         </goals>
94 |                     </execution>
95 |                 </executions>
96 |             </plugin>
97 |         </plugins>
98 |     </build>
99 | </project>


--------------------------------------------------------------------------------
/src/main/java/CustomOIDCProtocolMapper.java:
--------------------------------------------------------------------------------
  1 | import org.keycloak.models.ClientSessionContext;
  2 | import org.keycloak.models.KeycloakSession;
  3 | import org.keycloak.models.ProtocolMapperModel;
  4 | import org.keycloak.models.UserSessionModel;
  5 | import org.keycloak.protocol.oidc.OIDCLoginProtocol;
  6 | import org.keycloak.protocol.oidc.mappers.*;
  7 | import org.keycloak.provider.ProviderConfigProperty;
  8 | import org.keycloak.representations.AccessToken;
  9 | 
 10 | import java.util.ArrayList;
 11 | import java.util.HashMap;
 12 | import java.util.List;
 13 | import java.util.Map;
 14 | 
 15 | public class CustomOIDCProtocolMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper {
 16 | 
 17 |     public static final String PROVIDER_ID = "oidc-customprotocolmapper";
 18 | 
 19 |     private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
 20 | 
 21 |     /**
 22 |      * Maybe you want to have config fields for your Mapper
 23 |      */
 24 |     /*
 25 |     static {
 26 |         ProviderConfigProperty property;
 27 |         property = new ProviderConfigProperty();
 28 |         property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
 29 |         property.setLabel(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_LABEL);
 30 |         property.setHelpText(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_HELP_TEXT);
 31 |         property.setType(ProviderConfigProperty.STRING_TYPE);
 32 |         configProperties.add(property);
 33 | 
 34 |         property = new ProviderConfigProperty();
 35 |         property.setName(ProtocolMapperUtils.MULTIVALUED);
 36 |         property.setLabel(ProtocolMapperUtils.MULTIVALUED_LABEL);
 37 |         property.setHelpText(ProtocolMapperUtils.MULTIVALUED_HELP_TEXT);
 38 |         property.setType(ProviderConfigProperty.BOOLEAN_TYPE);
 39 |         configProperties.add(property);
 40 | 
 41 |     }
 42 |      */
 43 |     @Override
 44 |     public List<ProviderConfigProperty> getConfigProperties() {
 45 |         return configProperties;
 46 |     }
 47 | 
 48 |     @Override
 49 |     public String getDisplayCategory() {
 50 |         return TOKEN_MAPPER_CATEGORY;
 51 |     }
 52 | 
 53 |     @Override
 54 |     public String getDisplayType() {
 55 |         return "ohhhhhh noooooooooooo";
 56 |     }
 57 | 
 58 |     @Override
 59 |     public String getId() {
 60 |         return PROVIDER_ID;
 61 |     }
 62 | 
 63 |     @Override
 64 |     public String getHelpText() {
 65 |         return "some help text";
 66 |     }
 67 | 
 68 | //    public IDToken transformAccessToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession keycloakSession,
 69 | //                                            UserSessionModel userSession, ClientSessionContext clientSessionCtx) {
 70 | ////IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession, ClientSessionContext clientSessionCtx
 71 | //        token.getOtherClaims().put("stackoverflowCustomToken", "stackoverflow");
 72 | ////        token.getOtherClaims().
 73 | //        // call profile API and enrich with permission claims
 74 | ////        setClaim(token, mappingModel, userSession);
 75 | //        setClaim(token, mappingModel, userSession, keycloakSession,clientSessionCtx);
 76 | //        return token;
 77 | //    }
 78 | 
 79 |     public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession keycloakSession,
 80 |                                             UserSessionModel userSession, ClientSessionContext clientSessionCtx) {
 81 | 
 82 |         token.getOtherClaims().put("supiri", "token_supiri");
 83 | 
 84 |         setClaim(token, mappingModel, userSession, keycloakSession, clientSessionCtx);
 85 |         return token;
 86 |     }
 87 | 
 88 | //    public static ProtocolMapperModel create(String name, boolean accessToken, boolean idToken, boolean userInfo) {
 89 | //        ProtocolMapperModel mapper = new ProtocolMapperModel();
 90 | //        mapper.setName(name);
 91 | //        mapper.setProtocolMapper(PROVIDER_ID);
 92 | //        mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
 93 | //        Map<String, String> config = new HashMap<String, String>();
 94 | //        config.put("id.token.claim", "true");
 95 | //        config.put("access.token.claim", "true");
 96 | //        mapper.setConfig(config);
 97 | //        return mapper;
 98 | //    }
 99 | 
100 |     public static ProtocolMapperModel create(String name,
101 |                                              boolean accessToken, boolean idToken, boolean userInfo) {
102 |         ProtocolMapperModel mapper = new ProtocolMapperModel();
103 |         mapper.setName(name);
104 |         mapper.setProtocolMapper(PROVIDER_ID);
105 |         mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
106 |         Map<String, String> config = new HashMap<String, String>();
107 | //        config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, hardcodedName);
108 | //        config.put(CLAIM_VALUE, hardcodedValue);
109 | //        config.put(OIDCAttributeMapperHelper.JSON_TYPE, claimType);
110 |         config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
111 |         config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
112 |         mapper.setConfig(config);
113 |         return mapper;
114 |     }
115 | 
116 | }
117 | 


--------------------------------------------------------------------------------
/src/main/resources/META-INF/jboss-deployment-structure.xml:
--------------------------------------------------------------------------------
1 | <jboss-deployment-structure>
2 |     <deployment>
3 |         <dependencies>
4 |             <module name="org.keycloak.keycloak-services" />
5 |         </dependencies>
6 |     </deployment>
7 | </jboss-deployment-structure>


--------------------------------------------------------------------------------
/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper:
--------------------------------------------------------------------------------
1 | CustomOIDCProtocolMapper


--------------------------------------------------------------------------------