Example 1 with UserConsentRepresentation
use of org.keycloak.representations.idm.UserConsentRepresentation in project keycloak by keycloak.
the class RepresentationToModel method importFederatedUser.
public static void importFederatedUser(KeycloakSession session, RealmModel newRealm, UserRepresentation userRep) {
UserFederatedStorageProvider federatedStorage = session.userFederatedStorage();
if (userRep.getAttributes() != null) {
for (Map.Entry<String, List<String>> entry : userRep.getAttributes().entrySet()) {
String key = entry.getKey();
List<String> value = entry.getValue();
if (value != null) {
federatedStorage.setAttribute(newRealm, userRep.getId(), key, new LinkedList<>(value));
}
}
}
if (userRep.getRequiredActions() != null) {
for (String action : userRep.getRequiredActions()) {
federatedStorage.addRequiredAction(newRealm, userRep.getId(), action);
}
}
if (userRep.getCredentials() != null) {
for (CredentialRepresentation cred : userRep.getCredentials()) {
federatedStorage.createCredential(newRealm, userRep.getId(), toModel(cred));
}
}
createFederatedRoleMappings(federatedStorage, userRep, newRealm);
if (userRep.getGroups() != null) {
for (String path : userRep.getGroups()) {
GroupModel group = KeycloakModelUtils.findGroupByPath(newRealm, path);
if (group == null) {
throw new RuntimeException("Unable to find group specified by path: " + path);
}
federatedStorage.joinGroup(newRealm, userRep.getId(), group);
}
}
if (userRep.getFederatedIdentities() != null) {
for (FederatedIdentityRepresentation identity : userRep.getFederatedIdentities()) {
FederatedIdentityModel mappingModel = new FederatedIdentityModel(identity.getIdentityProvider(), identity.getUserId(), identity.getUserName());
federatedStorage.addFederatedIdentity(newRealm, userRep.getId(), mappingModel);
}
}
if (userRep.getClientConsents() != null) {
for (UserConsentRepresentation consentRep : userRep.getClientConsents()) {
UserConsentModel consentModel = toModel(newRealm, consentRep);
federatedStorage.addConsent(newRealm, userRep.getId(), consentModel);
}
}
if (userRep.getNotBefore() != null) {
federatedStorage.setNotBeforeForUser(newRealm, userRep.getId(), userRep.getNotBefore());
}
}
Also used :
FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel)
GroupModel(org.keycloak.models.GroupModel)
ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)
UserConsentModel(org.keycloak.models.UserConsentModel)
UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
UserFederatedStorageProvider(org.keycloak.storage.federated.UserFederatedStorageProvider)
ArrayList(java.util.ArrayList)
List(java.util.List)
LinkedList(java.util.LinkedList)
Map(java.util.Map)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
HashMap(java.util.HashMap)
FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation)
Example 2 with UserConsentRepresentation
use of org.keycloak.representations.idm.UserConsentRepresentation in project keycloak by keycloak.
the class ExportUtils method exportFederatedUser.
/**
* Full export of user data stored in federated storage (including role mappings and credentials)
*
* @param id
* @return fully exported user representation
*/
public static UserRepresentation exportFederatedUser(KeycloakSession session, RealmModel realm, String id, ExportOptions options) {
UserRepresentation userRep = new UserRepresentation();
userRep.setId(id);
MultivaluedHashMap<String, String> attributes = session.userFederatedStorage().getAttributes(realm, id);
if (attributes.size() > 0) {
Map<String, List<String>> attrs = new HashMap<>();
attrs.putAll(attributes);
userRep.setAttributes(attrs);
}
List<String> requiredActions = session.userFederatedStorage().getRequiredActionsStream(realm, id).collect(Collectors.toList());
if (requiredActions.size() > 0) {
userRep.setRequiredActions(requiredActions);
}
// Social links
List<FederatedIdentityRepresentation> socialLinkReps = session.userFederatedStorage().getFederatedIdentitiesStream(id, realm).map(ExportUtils::exportSocialLink).collect(Collectors.toList());
if (socialLinkReps.size() > 0) {
userRep.setFederatedIdentities(socialLinkReps);
}
// Role mappings
if (options.isGroupsAndRolesIncluded()) {
Set<RoleModel> roles = session.userFederatedStorage().getRoleMappingsStream(realm, id).collect(Collectors.toSet());
List<String> realmRoleNames = new ArrayList<>();
Map<String, List<String>> clientRoleNames = new HashMap<>();
for (RoleModel role : roles) {
if (role.getContainer() instanceof RealmModel) {
realmRoleNames.add(role.getName());
} else {
ClientModel client = (ClientModel) role.getContainer();
String clientId = client.getClientId();
List<String> currentClientRoles = clientRoleNames.get(clientId);
if (currentClientRoles == null) {
currentClientRoles = new ArrayList<>();
clientRoleNames.put(clientId, currentClientRoles);
}
currentClientRoles.add(role.getName());
}
}
if (realmRoleNames.size() > 0) {
userRep.setRealmRoles(realmRoleNames);
}
if (clientRoleNames.size() > 0) {
userRep.setClientRoles(clientRoleNames);
}
}
// Credentials
List<CredentialRepresentation> credReps = session.userFederatedStorage().getStoredCredentialsStream(realm, id).map(ExportUtils::exportCredential).collect(Collectors.toList());
userRep.setCredentials(credReps);
// Grants
List<UserConsentRepresentation> consentReps = session.users().getConsentsStream(realm, id).map(ModelToRepresentation::toRepresentation).collect(Collectors.toList());
if (consentReps.size() > 0) {
userRep.setClientConsents(consentReps);
}
// Not Before
int notBefore = session.userFederatedStorage().getNotBeforeOfUser(realm, userRep.getId());
userRep.setNotBefore(notBefore);
if (options.isGroupsAndRolesIncluded()) {
List<String> groups = session.userFederatedStorage().getGroupsStream(realm, id).map(ModelToRepresentation::buildGroupPath).collect(Collectors.toList());
userRep.setGroups(groups);
}
return userRep;
}
Also used :
HashMap(java.util.HashMap)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
ArrayList(java.util.ArrayList)
RoleModel(org.keycloak.models.RoleModel)
UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation)
RealmModel(org.keycloak.models.RealmModel)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
ClientModel(org.keycloak.models.ClientModel)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Example 3 with UserConsentRepresentation
use of org.keycloak.representations.idm.UserConsentRepresentation in project keycloak by keycloak.
the class ExportUtils method exportUser.
/**
* Full export of user (including role mappings and credentials)
*
* @param user
* @return fully exported user representation
*/
public static UserRepresentation exportUser(KeycloakSession session, RealmModel realm, UserModel user, ExportOptions options, boolean internal) {
UserRepresentation userRep = ModelToRepresentation.toRepresentation(session, realm, user);
// Social links
List<FederatedIdentityRepresentation> socialLinkReps = session.users().getFederatedIdentitiesStream(realm, user).map(ExportUtils::exportSocialLink).collect(Collectors.toList());
if (socialLinkReps.size() > 0) {
userRep.setFederatedIdentities(socialLinkReps);
}
// Role mappings
if (options.isGroupsAndRolesIncluded()) {
Set<RoleModel> roles = user.getRoleMappingsStream().collect(Collectors.toSet());
List<String> realmRoleNames = new ArrayList<>();
Map<String, List<String>> clientRoleNames = new HashMap<>();
for (RoleModel role : roles) {
if (role.getContainer() instanceof RealmModel) {
realmRoleNames.add(role.getName());
} else {
ClientModel client = (ClientModel) role.getContainer();
String clientId = client.getClientId();
List<String> currentClientRoles = clientRoleNames.get(clientId);
if (currentClientRoles == null) {
currentClientRoles = new ArrayList<>();
clientRoleNames.put(clientId, currentClientRoles);
}
currentClientRoles.add(role.getName());
}
}
if (realmRoleNames.size() > 0) {
userRep.setRealmRoles(realmRoleNames);
}
if (clientRoleNames.size() > 0) {
userRep.setClientRoles(clientRoleNames);
}
}
// Credentials - extra security, do not export credentials if service accounts
if (internal) {
List<CredentialRepresentation> credReps = session.userCredentialManager().getStoredCredentialsStream(realm, user).map(ExportUtils::exportCredential).collect(Collectors.toList());
userRep.setCredentials(credReps);
}
userRep.setFederationLink(user.getFederationLink());
// Grants
List<UserConsentRepresentation> consentReps = session.users().getConsentsStream(realm, user.getId()).map(ModelToRepresentation::toRepresentation).collect(Collectors.toList());
if (consentReps.size() > 0) {
userRep.setClientConsents(consentReps);
}
// Not Before
int notBefore = session.users().getNotBeforeOfUser(realm, user);
userRep.setNotBefore(notBefore);
// Service account
if (user.getServiceAccountClientLink() != null) {
String clientInternalId = user.getServiceAccountClientLink();
ClientModel client = realm.getClientById(clientInternalId);
if (client != null) {
userRep.setServiceAccountClientId(client.getClientId());
}
}
if (options.isGroupsAndRolesIncluded()) {
List<String> groups = user.getGroupsStream().map(ModelToRepresentation::buildGroupPath).collect(Collectors.toList());
userRep.setGroups(groups);
}
return userRep;
}
Also used :
HashMap(java.util.HashMap)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
ArrayList(java.util.ArrayList)
RoleModel(org.keycloak.models.RoleModel)
UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation)
RealmModel(org.keycloak.models.RealmModel)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
ClientModel(org.keycloak.models.ClientModel)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Example 4 with UserConsentRepresentation
use of org.keycloak.representations.idm.UserConsentRepresentation in project keycloak by keycloak.
the class UserResource method toConsent.
private Map<String, Object> toConsent(UserConsentModel consent, Set<ClientModel> offlineClients) {
UserConsentRepresentation rep = ModelToRepresentation.toRepresentation(consent);
Map<String, Object> currentRep = new HashMap<>();
currentRep.put("clientId", consent.getClient().getClientId());
currentRep.put("grantedClientScopes", rep.getGrantedClientScopes());
currentRep.put("createdDate", rep.getCreatedDate());
currentRep.put("lastUpdatedDate", rep.getLastUpdatedDate());
List<Map<String, String>> additionalGrants = new LinkedList<>();
if (offlineClients.contains(consent.getClient())) {
Map<String, String> offlineTokens = new HashMap<>();
offlineTokens.put("client", consent.getClient().getId());
offlineTokens.put("key", "Offline Token");
additionalGrants.add(offlineTokens);
}
currentRep.put("additionalGrants", additionalGrants);
return currentRep;
}
Also used :
HashMap(java.util.HashMap)
Map(java.util.Map)
HashMap(java.util.HashMap)
LinkedList(java.util.LinkedList)
UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation)
Example 5 with UserConsentRepresentation
use of org.keycloak.representations.idm.UserConsentRepresentation in project keycloak by keycloak.
the class RepresentationToModel method createUser.
// Users
public static UserModel createUser(KeycloakSession session, RealmModel newRealm, UserRepresentation userRep) {
convertDeprecatedSocialProviders(userRep);
// Import users just to user storage. Don't federate
UserModel user = session.userLocalStorage().addUser(newRealm, userRep.getId(), userRep.getUsername(), false, false);
user.setEnabled(userRep.isEnabled() != null && userRep.isEnabled());
user.setCreatedTimestamp(userRep.getCreatedTimestamp());
user.setEmail(userRep.getEmail());
if (userRep.isEmailVerified() != null)
user.setEmailVerified(userRep.isEmailVerified());
user.setFirstName(userRep.getFirstName());
user.setLastName(userRep.getLastName());
user.setFederationLink(userRep.getFederationLink());
if (userRep.getAttributes() != null) {
for (Map.Entry<String, List<String>> entry : userRep.getAttributes().entrySet()) {
List<String> value = entry.getValue();
if (value != null) {
user.setAttribute(entry.getKey(), new ArrayList<>(value));
}
}
}
if (userRep.getRequiredActions() != null) {
for (String requiredAction : userRep.getRequiredActions()) {
try {
user.addRequiredAction(UserModel.RequiredAction.valueOf(requiredAction.toUpperCase()));
} catch (IllegalArgumentException iae) {
user.addRequiredAction(requiredAction);
}
}
}
createCredentials(userRep, session, newRealm, user, false);
createFederatedIdentities(userRep, session, newRealm, user);
createRoleMappings(userRep, user, newRealm);
if (userRep.getClientConsents() != null) {
for (UserConsentRepresentation consentRep : userRep.getClientConsents()) {
UserConsentModel consentModel = toModel(newRealm, consentRep);
session.users().addConsent(newRealm, user.getId(), consentModel);
}
}
if (userRep.getNotBefore() != null) {
session.users().setNotBeforeForUser(newRealm, user, userRep.getNotBefore());
}
if (userRep.getServiceAccountClientId() != null) {
String clientId = userRep.getServiceAccountClientId();
ClientModel client = newRealm.getClientByClientId(clientId);
if (client == null) {
throw new RuntimeException("Unable to find client specified for service account link. Client: " + clientId);
}
user.setServiceAccountClientLink(client.getId());
}
createGroups(userRep, newRealm, user);
return user;
}
Also used :
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
ArrayList(java.util.ArrayList)
List(java.util.List)
LinkedList(java.util.LinkedList)
ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)
Map(java.util.Map)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
HashMap(java.util.HashMap)
UserConsentModel(org.keycloak.models.UserConsentModel)
UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation)
Aggregations
HashMap (java.util.HashMap)5
LinkedList (java.util.LinkedList)5
UserConsentRepresentation (org.keycloak.representations.idm.UserConsentRepresentation)5
ArrayList (java.util.ArrayList)4
List (java.util.List)4
MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)4
Map (java.util.Map)3
ClientModel (org.keycloak.models.ClientModel)3
CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)3
FederatedIdentityRepresentation (org.keycloak.representations.idm.FederatedIdentityRepresentation)3
RealmModel (org.keycloak.models.RealmModel)2
RoleModel (org.keycloak.models.RoleModel)2
UserConsentModel (org.keycloak.models.UserConsentModel)2
ArtifactBindingUtils.computeArtifactBindingIdentifierString (org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)2
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)2
FederatedIdentityModel (org.keycloak.models.FederatedIdentityModel)1
GroupModel (org.keycloak.models.GroupModel)1
UserModel (org.keycloak.models.UserModel)1
UserFederatedStorageProvider (org.keycloak.storage.federated.UserFederatedStorageProvider)1
