package org.keycloak.protocol.cas; import org.jboss.logging.Logger; import org.keycloak.events.EventBuilder; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ProtocolMapperModel; import org.keycloak.models.RealmModel; import org.keycloak.protocol.AbstractLoginProtocolFactory; import org.keycloak.protocol.LoginProtocol; import org.keycloak.protocol.cas.mappers.FullNameMapper; import org.keycloak.protocol.cas.mappers.UserAttributeMapper; import org.keycloak.protocol.cas.mappers.UserPropertyMapper; import org.keycloak.representations.idm.ClientRepresentation; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; public class CASLoginProtocolFactory extends AbstractLoginProtocolFactory { private static final Logger logger = Logger.getLogger(CASLoginProtocolFactory.class); public static final String EMAIL = "email"; public static final String EMAIL_VERIFIED = "email verified"; public static final String GIVEN_NAME = "given name"; public static final String FAMILY_NAME = "family name"; public static final String FULL_NAME = "full name"; public static final String LOCALE = "locale"; public static final String EMAIL_CONSENT_TEXT = "${email}"; public static final String EMAIL_VERIFIED_CONSENT_TEXT = "${emailVerified}"; public static final String GIVEN_NAME_CONSENT_TEXT = "${givenName}"; public static final String FAMILY_NAME_CONSENT_TEXT = "${familyName}"; public static final String FULL_NAME_CONSENT_TEXT = "${fullName}"; public static final String LOCALE_CONSENT_TEXT = "${locale}"; @Override public LoginProtocol create(KeycloakSession session) { return new CASLoginProtocol().setSession(session); } @Override public Map<String, ProtocolMapperModel> getBuiltinMappers() { return builtins; } static Map<String, ProtocolMapperModel> builtins = new HashMap<>(); static List<ProtocolMapperModel> defaultBuiltins = new ArrayList<>(); static { ProtocolMapperModel model; model = UserPropertyMapper.create(EMAIL, "email", "mail", "String"); builtins.put(EMAIL, model); defaultBuiltins.add(model); model = UserPropertyMapper.create(GIVEN_NAME, "firstName", "givenName", "String"); builtins.put(GIVEN_NAME, model); defaultBuiltins.add(model); model = UserPropertyMapper.create(FAMILY_NAME, "lastName", "sn", "String"); builtins.put(FAMILY_NAME, model); defaultBuiltins.add(model); model = UserPropertyMapper.create(EMAIL_VERIFIED, "emailVerified", "emailVerified", "boolean"); builtins.put(EMAIL_VERIFIED, model); model = UserAttributeMapper.create(LOCALE, "locale", "locale", "String", false); builtins.put(LOCALE, model); model = FullNameMapper.create(FULL_NAME, "cn"); builtins.put(FULL_NAME, model); defaultBuiltins.add(model); } @Override protected void createDefaultClientScopesImpl(RealmModel newRealm) { // no-op } @Override protected void addDefaults(ClientModel client) { for (ProtocolMapperModel model : defaultBuiltins) client.addProtocolMapper(model); } @Override public Object createProtocolEndpoint(KeycloakSession session, EventBuilder event) { return new CASLoginProtocolService(session, event); } @Override public String getId() { return CASLoginProtocol.LOGIN_PROTOCOL; } @Override public void setupClientDefaults(ClientRepresentation rep, ClientModel newClient) { if (rep.getRootUrl() != null && (rep.getRedirectUris() == null || rep.getRedirectUris().isEmpty())) { String root = rep.getRootUrl(); if (root.endsWith("/")) root = root + "*"; else root = root + "/*"; newClient.addRedirectUri(root); } if (rep.getAdminUrl() == null && rep.getRootUrl() != null) { newClient.setManagementUrl(rep.getRootUrl()); } } }