Keycloak create a custom identity provider mapper

问题

i have an open id provider and i use this provider as identity broker of keycloak. I want to map roles (claims) which sent from broker to keycloak (and keycloak will sent mapped roles in its jwt). I want to know how to implement and add a custom mapper to keycloak (like hardcodedmapper, attributemapper in keycloak). Can i do this? Thanks

回答1:

Create your new provider class, I extended the existing org.keycloak.broker.saml.mappers.AttributeToRoleMapper class.

When building your jar ensure you have a folder called services within the jars, META-INF folder.

Within this folder create a simple text file called org.keycloak.broker.provider.IdentityProviderMapper, within that file add the full name of your new provider class, i.e. package.Classname.

Once compiled drop the file in the providers folder below the Keycloak root folder. Restart your container.

回答2:

I had to do something slightly different in order to get my custom mapper working with the latest version of Keycloak (4.8 at time of writing this):

• Created a custom mapper that extends AbstractOIDCProtocolMapper:

  package com.test;
  
  import org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper;
  
  public class MyTestMapper extends AbstractOIDCProtocolMapper {
      ...
  }
  

• In src/main/resources, create a folder structure META-INF/services

• Create a file called org.keycloak.protocol.ProtocolMapper in META-INF/services directory. Its contents should be just one line containing the fully qualified class name of your custom mapper:

  com.test.MyTestMapper
  

• Under the META-INF folder in src/main/resources (one up from services), create a file called jboss-deployment-structure.xml. Depending on what you're doing, you will need to add the appropriate JBoss modules here. For my simple test mapper, I used:

  <?xml version="1.0" encoding="UTF-8"?>
  <jboss-deployment-structure>
      <deployment>
          <dependencies>
              <module name="org.keycloak.keycloak-services" />
          </dependencies>
      </deployment>
  </jboss-deployment-structure>
  

来源：https://stackoverflow.com/questions/46595425/keycloak-create-a-custom-identity-provider-mapper