我需要在 Keycloak 中创建一个 Script Mapper 类型的协议映射器。该脚本应该获取用户属性,检查其大小,并将其放在令牌上。我没有找到有关如何创建脚本的文档或示例。从我收集到的零碎信息来看,我想脚本需要看起来像这样:
var value = user.getAttribute("myAttribute");
if (value.length > LIMIT) {
value = value.substring(0,LIMIT);
}
token.setOtherClaims("myAttribute",value);
- 这是正确的吗?我编造了 user.getAttribute("myAttribute")。是否有文档来源可以让我找到如何获取 Keycloak 用户属性?
- 脚本需要返回什么吗?
任何帮助都会受到欢迎。
脚本映射器的魔力可以通过查看这里的 keycloak 源代码来理解:Source https://github.com/keycloak/keycloak/blob/2a4cee60440be6767e0f1e9155cebfa381cfb776/services/src/main/java/org/keycloak/protocol/oidc/mappers/ScriptBasedOIDCProtocolMapper.java#L143
该脚本可以通过使用这样的导出变量返回一些内容
exports = "Claim Value"
不同类型:
- user: Source https://github.com/keycloak/keycloak/blob/master/server-spi/src/main/java/org/keycloak/models/UserModel.java JavaDoc https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/models/UserModel.html
- realm: Source https://github.com/keycloak/keycloak/blob/master/server-spi/src/main/java/org/keycloak/models/RealmModel.java JavaDoc https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/models/RealmModel.html
- token: Source https://github.com/keycloak/keycloak/blob/master/core/src/main/java/org/keycloak/representations/IDToken.java JavaDoc https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/representations/IDToken.html
- 用户会话:Source https://github.com/keycloak/keycloak/blob/master/server-spi/src/main/java/org/keycloak/models/UserSessionModel.java JavaDoc https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/models/UserSessionModel.html
- keycloak会话:Source https://github.com/keycloak/keycloak/blob/master/server-spi/src/main/java/org/keycloak/models/KeycloakSession.java JavaDoc https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/models/KeycloakSession.html
这是一个示例脚本:
// you can set standard fields in token
token.setAcr("test value");
// you can set claims in the token
token.getOtherClaims().put("claimName", "claim value");
// multi-valued claim (thanks to @ErwinRooijakkers)
token.getOtherClaims().put('foo', Java.to(['bars'], "java.lang.String[]"))
// work with variables and return multivalued token value
var ArrayList = Java.type("java.util.ArrayList");
var roles = new ArrayList();
var client = keycloakSession.getContext().getClient();
var forEach = Array.prototype.forEach;
forEach.call(user.getClientRoleMappings(client).toArray(), function(roleModel) {
roles.add(roleModel.getName());
});
exports = roles;
希望能帮助到你!
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)