org.keycloak.federation.ldap.mappers

Class RoleLDAPFederationMapper

java.lang.Object

org.keycloak.federation.ldap.mappers.AbstractLDAPFederationMapper

org.keycloak.federation.ldap.mappers.RoleLDAPFederationMapper

All Implemented Interfaces:

LDAPFederationMapper, UserFederationMapper, Provider

public class RoleLDAPFederationMapper
extends AbstractLDAPFederationMapper

Map realm roles or roles of particular client to LDAP roles

Author:

Marek Posolda

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	RoleLDAPFederationMapper.LDAPRoleMappingsUserDelegate
static class	RoleLDAPFederationMapper.Mode

Field Summary

Fields

Modifier and Type	Field and Description
static String	CLIENT_ID
static String	MEMBERSHIP_LDAP_ATTRIBUTE
static String	MODE
static String	ROLE_NAME_LDAP_ATTRIBUTE
static String	ROLE_OBJECT_CLASSES
static String	ROLES_DN
static String	USE_REALM_ROLES_MAPPING

Constructor Summary

Constructors

Constructor and Description
RoleLDAPFederationMapper()

Method Summary

Methods

Modifier and Type	Method and Description
void	addRoleMappingInLDAP(UserFederationMapperModel mapperModel, String roleName, LDAPFederationProvider ldapProvider, LDAPObject ldapUser)
void	beforeLDAPQuery(UserFederationMapperModel mapperModel, LDAPIdentityQuery query) Called before LDAP Identity query for retrieve LDAP users was executed.
LDAPObject	createLDAPRole(UserFederationMapperModel mapperModel, String roleName, LDAPFederationProvider ldapProvider)
LDAPIdentityQuery	createRoleQuery(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider)
void	deleteRoleMappingInLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapUser, LDAPObject ldapRole)
protected Set<String>	getExistingMemberships(UserFederationMapperModel mapperModel, LDAPObject ldapRole)
protected List<LDAPObject>	getLDAPRoleMappings(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapUser)
protected String	getMembershipLdapAttribute(UserFederationMapperModel mapperModel)
protected String	getRoleNameLdapAttribute(UserFederationMapperModel mapperModel)
protected Collection<String>	getRoleObjectClasses(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider)
protected String	getRolesDn(UserFederationMapperModel mapperModel)
protected RoleContainerModel	getTargetRoleContainer(UserFederationMapperModel mapperModel, RealmModel realm)
LDAPObject	loadLDAPRoleByName(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, String roleName)
void	onImportUserFromLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate) Called when importing user from LDAP to local keycloak DB.
void	onRegisterUserToLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapUser, UserModel localUser, RealmModel realm) Called when register new user to LDAP - just after user was created in Keycloak DB
UserModel	proxy(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapUser, UserModel delegate, RealmModel realm) Called when invoke proxy on LDAP federation provider
protected void	syncRolesFromLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, RealmModel realm)

Methods inherited from class org.keycloak.federation.ldap.mappers.AbstractLDAPFederationMapper

close, parseBooleanParameter

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ROLES_DN

public static final String ROLES_DN

See Also:

Constant Field Values

ROLE_NAME_LDAP_ATTRIBUTE

public static final String ROLE_NAME_LDAP_ATTRIBUTE

See Also:

Constant Field Values

MEMBERSHIP_LDAP_ATTRIBUTE

public static final String MEMBERSHIP_LDAP_ATTRIBUTE

See Also:

Constant Field Values

ROLE_OBJECT_CLASSES

public static final String ROLE_OBJECT_CLASSES

See Also:

Constant Field Values

USE_REALM_ROLES_MAPPING

public static final String USE_REALM_ROLES_MAPPING

See Also:

Constant Field Values

CLIENT_ID

public static final String CLIENT_ID

See Also:

Constant Field Values

MODE

public static final String MODE

See Also:

Constant Field Values

Constructor Detail

RoleLDAPFederationMapper

public RoleLDAPFederationMapper()

Method Detail

onImportUserFromLDAP

public void onImportUserFromLDAP(UserFederationMapperModel mapperModel,
                        LDAPFederationProvider ldapProvider,
                        LDAPObject ldapUser,
                        UserModel user,
                        RealmModel realm,
                        boolean isCreate)

Description copied from interface: LDAPFederationMapper

Called when importing user from LDAP to local keycloak DB.

isCreate - true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP

onRegisterUserToLDAP

public void onRegisterUserToLDAP(UserFederationMapperModel mapperModel,
                        LDAPFederationProvider ldapProvider,
                        LDAPObject ldapUser,
                        UserModel localUser,
                        RealmModel realm)

Description copied from interface: LDAPFederationMapper

Called when register new user to LDAP - just after user was created in Keycloak DB

syncRolesFromLDAP

protected void syncRolesFromLDAP(UserFederationMapperModel mapperModel,
                     LDAPFederationProvider ldapProvider,
                     RealmModel realm)

createRoleQuery

public LDAPIdentityQuery createRoleQuery(UserFederationMapperModel mapperModel,
                                LDAPFederationProvider ldapProvider)

getTargetRoleContainer

protected RoleContainerModel getTargetRoleContainer(UserFederationMapperModel mapperModel,
                                        RealmModel realm)

getRolesDn

protected String getRolesDn(UserFederationMapperModel mapperModel)

getRoleNameLdapAttribute

protected String getRoleNameLdapAttribute(UserFederationMapperModel mapperModel)

getMembershipLdapAttribute

protected String getMembershipLdapAttribute(UserFederationMapperModel mapperModel)

getRoleObjectClasses

protected Collection<String> getRoleObjectClasses(UserFederationMapperModel mapperModel,
                                      LDAPFederationProvider ldapProvider)

createLDAPRole

public LDAPObject createLDAPRole(UserFederationMapperModel mapperModel,
                        String roleName,
                        LDAPFederationProvider ldapProvider)

addRoleMappingInLDAP

public void addRoleMappingInLDAP(UserFederationMapperModel mapperModel,
                        String roleName,
                        LDAPFederationProvider ldapProvider,
                        LDAPObject ldapUser)

deleteRoleMappingInLDAP

public void deleteRoleMappingInLDAP(UserFederationMapperModel mapperModel,
                           LDAPFederationProvider ldapProvider,
                           LDAPObject ldapUser,
                           LDAPObject ldapRole)

loadLDAPRoleByName

public LDAPObject loadLDAPRoleByName(UserFederationMapperModel mapperModel,
                            LDAPFederationProvider ldapProvider,
                            String roleName)

getExistingMemberships

protected Set<String> getExistingMemberships(UserFederationMapperModel mapperModel,
                                 LDAPObject ldapRole)

getLDAPRoleMappings

protected List<LDAPObject> getLDAPRoleMappings(UserFederationMapperModel mapperModel,
                                   LDAPFederationProvider ldapProvider,
                                   LDAPObject ldapUser)

proxy

public UserModel proxy(UserFederationMapperModel mapperModel,
              LDAPFederationProvider ldapProvider,
              LDAPObject ldapUser,
              UserModel delegate,
              RealmModel realm)

Description copied from interface: LDAPFederationMapper

Called when invoke proxy on LDAP federation provider

Returns:

beforeLDAPQuery

public void beforeLDAPQuery(UserFederationMapperModel mapperModel,
                   LDAPIdentityQuery query)

Description copied from interface: LDAPFederationMapper

Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)