Example 26 with ComponentModel
use of org.keycloak.component.ComponentModel in project keycloak by keycloak.
the class ClientStorageManager method getStorageProvider.
public static ClientStorageProvider getStorageProvider(KeycloakSession session, RealmModel realm, String componentId) {
ComponentModel model = realm.getComponent(componentId);
if (model == null)
return null;
ClientStorageProviderModel storageModel = new ClientStorageProviderModel(model);
ClientStorageProviderFactory factory = (ClientStorageProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(ClientStorageProvider.class, model.getProviderId());
if (factory == null) {
throw new ModelException("Could not find ClientStorageProviderFactory for: " + model.getProviderId());
}
return getStorageProviderInstance(session, storageModel, factory);
}
Also used :
ClientStorageProvider(org.keycloak.storage.client.ClientStorageProvider)
ModelException(org.keycloak.models.ModelException)
ClientStorageProviderFactory(org.keycloak.storage.client.ClientStorageProviderFactory)
ComponentModel(org.keycloak.component.ComponentModel)
ClientStorageProviderModel(org.keycloak.storage.client.ClientStorageProviderModel)
Example 27 with ComponentModel
use of org.keycloak.component.ComponentModel in project keycloak by keycloak.
the class RoleStorageManager method getStorageProvider.
public static RoleStorageProvider getStorageProvider(KeycloakSession session, RealmModel realm, String componentId) {
ComponentModel model = realm.getComponent(componentId);
if (model == null)
return null;
RoleStorageProviderModel storageModel = new RoleStorageProviderModel(model);
RoleStorageProviderFactory factory = (RoleStorageProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(RoleStorageProvider.class, model.getProviderId());
if (factory == null) {
throw new ModelException("Could not find RoletStorageProviderFactory for: " + model.getProviderId());
}
return getStorageProviderInstance(session, storageModel, factory);
}
Also used :
RoleStorageProviderFactory(org.keycloak.storage.role.RoleStorageProviderFactory)
ModelException(org.keycloak.models.ModelException)
ComponentModel(org.keycloak.component.ComponentModel)
RoleStorageProvider(org.keycloak.storage.role.RoleStorageProvider)
RoleStorageProviderModel(org.keycloak.storage.role.RoleStorageProviderModel)
Example 28 with ComponentModel
use of org.keycloak.component.ComponentModel in project keycloak by keycloak.
the class LDAPIdentityStoreRegistry method getLdapStore.
public LDAPIdentityStore getLdapStore(KeycloakSession session, ComponentModel ldapModel, Map<ComponentModel, LDAPConfigDecorator> configDecorators) {
LDAPIdentityStoreContext context = ldapStores.get(ldapModel.getId());
// Ldap config might have changed for the realm. In this case, we must re-initialize
MultivaluedHashMap<String, String> configModel = ldapModel.getConfig();
LDAPConfig ldapConfig = new LDAPConfig(configModel);
for (Map.Entry<ComponentModel, LDAPConfigDecorator> entry : configDecorators.entrySet()) {
ComponentModel mapperModel = entry.getKey();
LDAPConfigDecorator decorator = entry.getValue();
decorator.updateLDAPConfig(ldapConfig, mapperModel);
}
if (context == null || !ldapConfig.equals(context.config)) {
logLDAPConfig(session, ldapModel, ldapConfig);
LDAPIdentityStore store = createLdapIdentityStore(session, ldapConfig);
context = new LDAPIdentityStoreContext(ldapConfig, store);
ldapStores.put(ldapModel.getId(), context);
}
return context.store;
}
Also used :
LDAPIdentityStore(org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore)
ComponentModel(org.keycloak.component.ComponentModel)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
LDAPConfigDecorator(org.keycloak.storage.ldap.mappers.LDAPConfigDecorator)
Example 29 with ComponentModel
use of org.keycloak.component.ComponentModel in project keycloak by keycloak.
the class LDAPStorageProviderFactory method onCreate.
// Best effort to create appropriate mappers according to our LDAP config
@Override
public void onCreate(KeycloakSession session, RealmModel realm, ComponentModel model) {
LDAPConfig ldapConfig = new LDAPConfig(model.getConfig());
boolean activeDirectory = ldapConfig.isActiveDirectory();
UserStorageProvider.EditMode editMode = ldapConfig.getEditMode();
String readOnly = String.valueOf(editMode == UserStorageProvider.EditMode.READ_ONLY || editMode == UserStorageProvider.EditMode.UNSYNCED);
String usernameLdapAttribute = ldapConfig.getUsernameLdapAttribute();
boolean syncRegistrations = Boolean.valueOf(model.getConfig().getFirst(LDAPConstants.SYNC_REGISTRATIONS));
String alwaysReadValueFromLDAP = String.valueOf(editMode == UserStorageProvider.EditMode.READ_ONLY || editMode == UserStorageProvider.EditMode.WRITABLE);
ComponentModel mapperModel;
mapperModel = KeycloakModelUtils.createComponentModel("username", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, UserModel.USERNAME, UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, usernameLdapAttribute, UserAttributeLDAPStorageMapper.READ_ONLY, readOnly, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "false", UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true");
realm.addComponentModel(mapperModel);
// CN is typically used as RDN for Active Directory deployments
if (ldapConfig.getRdnLdapAttribute().equalsIgnoreCase(LDAPConstants.CN)) {
if (usernameLdapAttribute.equalsIgnoreCase(LDAPConstants.CN)) {
// For AD deployments with "cn" as username, we will map "givenName" to first name
mapperModel = KeycloakModelUtils.createComponentModel("first name", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, UserModel.FIRST_NAME, UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, LDAPConstants.GIVENNAME, UserAttributeLDAPStorageMapper.READ_ONLY, readOnly, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, alwaysReadValueFromLDAP, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true");
realm.addComponentModel(mapperModel);
} else {
if (editMode == UserStorageProvider.EditMode.WRITABLE) {
// For AD deployments with "sAMAccountName" as username and writable, we need to map "cn" as username as well (this is needed so we can register new users from KC into LDAP) and we will map "givenName" to first name.
mapperModel = KeycloakModelUtils.createComponentModel("first name", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, UserModel.FIRST_NAME, UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, LDAPConstants.GIVENNAME, UserAttributeLDAPStorageMapper.READ_ONLY, readOnly, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, alwaysReadValueFromLDAP, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true");
realm.addComponentModel(mapperModel);
mapperModel = KeycloakModelUtils.createComponentModel("username-cn", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, UserModel.USERNAME, UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, LDAPConstants.CN, UserAttributeLDAPStorageMapper.READ_ONLY, readOnly, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "false", UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true");
realm.addComponentModel(mapperModel);
} else {
// For read-only LDAP, we map "cn" as full name
mapperModel = KeycloakModelUtils.createComponentModel("full name", model.getId(), FullNameLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), FullNameLDAPStorageMapper.LDAP_FULL_NAME_ATTRIBUTE, LDAPConstants.CN, FullNameLDAPStorageMapper.READ_ONLY, readOnly, FullNameLDAPStorageMapper.WRITE_ONLY, "false");
realm.addComponentModel(mapperModel);
}
}
} else {
mapperModel = KeycloakModelUtils.createComponentModel("first name", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, UserModel.FIRST_NAME, UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, LDAPConstants.CN, UserAttributeLDAPStorageMapper.READ_ONLY, readOnly, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, alwaysReadValueFromLDAP, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true");
realm.addComponentModel(mapperModel);
}
mapperModel = KeycloakModelUtils.createComponentModel("last name", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, UserModel.LAST_NAME, UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, LDAPConstants.SN, UserAttributeLDAPStorageMapper.READ_ONLY, readOnly, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, alwaysReadValueFromLDAP, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true");
realm.addComponentModel(mapperModel);
mapperModel = KeycloakModelUtils.createComponentModel("email", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, UserModel.EMAIL, UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, LDAPConstants.EMAIL, UserAttributeLDAPStorageMapper.READ_ONLY, readOnly, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "false", UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "false");
realm.addComponentModel(mapperModel);
String createTimestampLdapAttrName = activeDirectory ? "whenCreated" : LDAPConstants.CREATE_TIMESTAMP;
String modifyTimestampLdapAttrName = activeDirectory ? "whenChanged" : LDAPConstants.MODIFY_TIMESTAMP;
// map createTimeStamp as read-only
mapperModel = KeycloakModelUtils.createComponentModel("creation date", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, LDAPConstants.CREATE_TIMESTAMP, UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, createTimestampLdapAttrName, UserAttributeLDAPStorageMapper.READ_ONLY, "true", UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, alwaysReadValueFromLDAP, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "false");
realm.addComponentModel(mapperModel);
// map modifyTimeStamp as read-only
mapperModel = KeycloakModelUtils.createComponentModel("modify date", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, LDAPConstants.MODIFY_TIMESTAMP, UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, modifyTimestampLdapAttrName, UserAttributeLDAPStorageMapper.READ_ONLY, "true", UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, alwaysReadValueFromLDAP, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "false");
realm.addComponentModel(mapperModel);
// MSAD specific mapper for account state propagation
if (activeDirectory) {
mapperModel = KeycloakModelUtils.createComponentModel("MSAD account controls", model.getId(), MSADUserAccountControlStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName());
realm.addComponentModel(mapperModel);
}
String allowKerberosCfg = model.getConfig().getFirst(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION);
if (Boolean.valueOf(allowKerberosCfg)) {
CredentialHelper.setOrReplaceAuthenticationRequirement(session, realm, CredentialRepresentation.KERBEROS, AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.DISABLED);
}
// random "userPassword" every time when creating user. Otherwise users won't be able to register and login
if (!activeDirectory && syncRegistrations && ldapConfig.useExtendedPasswordModifyOp()) {
mapperModel = KeycloakModelUtils.createComponentModel("random initial password", model.getId(), HardcodedLDAPAttributeMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), HardcodedLDAPAttributeMapper.LDAP_ATTRIBUTE_NAME, LDAPConstants.USER_PASSWORD_ATTRIBUTE, HardcodedLDAPAttributeMapper.LDAP_ATTRIBUTE_VALUE, HardcodedLDAPAttributeMapper.RANDOM_ATTRIBUTE_VALUE);
realm.addComponentModel(mapperModel);
}
}
Also used :
UserStorageProvider(org.keycloak.storage.UserStorageProvider)
ComponentModel(org.keycloak.component.ComponentModel)
Example 30 with ComponentModel
use of org.keycloak.component.ComponentModel in project keycloak by keycloak.
the class LDAPStorageProviderFactory method create.
@Override
public LDAPStorageProvider create(KeycloakSession session, ComponentModel model) {
Map<ComponentModel, LDAPConfigDecorator> configDecorators = getLDAPConfigDecorators(session, model);
LDAPIdentityStore ldapIdentityStore = this.ldapStoreRegistry.getLdapStore(session, model, configDecorators);
return new LDAPStorageProvider(this, session, model, ldapIdentityStore);
}
Also used :
LDAPIdentityStore(org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPConfigDecorator(org.keycloak.storage.ldap.mappers.LDAPConfigDecorator)
Aggregations
ComponentModel (org.keycloak.component.ComponentModel)155
RealmModel (org.keycloak.models.RealmModel)74
Test (org.junit.Test)52
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)46
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)34
UserModel (org.keycloak.models.UserModel)29
HashMap (java.util.HashMap)22
UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)22
GroupModel (org.keycloak.models.GroupModel)21
MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)18
SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)18
ComponentValidationException (org.keycloak.component.ComponentValidationException)16
UserStorageProvider (org.keycloak.storage.UserStorageProvider)16
LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)15
GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)15
Path (javax.ws.rs.Path)14
DeclarativeUserProfileProvider (org.keycloak.userprofile.DeclarativeUserProfileProvider)13
ModelException (org.keycloak.models.ModelException)11
UPAttribute (org.keycloak.userprofile.config.UPAttribute)11
UPConfig (org.keycloak.userprofile.config.UPConfig)11
