OZG-3961 add organisationsEinheitId Mapper PoC

de87e75f · OZGCloud · fc4cb966 · de87e75f
Commit de87e75f authored 1 year ago by OZGCloud
--- a/src/main/java/de/ozgcloud/operator/keycloak/client/KeycloakClientRemoteService.java
+++ b/src/main/java/de/ozgcloud/operator/keycloak/client/KeycloakClientRemoteService.java
@@ -23,6 +23,9 @@
 */
 package de.ozgcloud.operator.keycloak.client;

+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 import java.util.logging.Level;

 import org.keycloak.admin.client.CreatedResponseUtil;
@@ -30,6 +33,7 @@ import org.keycloak.admin.client.Keycloak;
 import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.ProtocolMapperRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -50,11 +54,44 @@ class KeycloakClientRemoteService {

 	public String createClient(ClientRepresentation client, String realm) {
 		log.log(Level.FINE, "Creating client {0} in realm {1}", new String[] { client.getId(), realm });
+
+		// PoC
+		client.setProtocolMappers(List.of(buildOrganisationsEinheitIdMapper()));
+		//
+
 		var response = getRealm(realm).clients().create(client);
 		KeycloakResultParser.parseCreatedResponse(response);
 		return CreatedResponseUtil.getCreatedId(response);
 	}

+	// PoC
+	ProtocolMapperRepresentation buildOrganisationsEinheitIdMapper() {
+		log.log(Level.FINE, "Build organisationsEinheitId mapper...");
+		var mapper = new ProtocolMapperRepresentation();
+		mapper.setName("organisationseinheitIdMapper");
+		mapper.setProtocol("openid-connect");
+		mapper.setProtocolMapper("oidc-usermodel-attribute-mapper");
+		mapper.setConfig(buildOrganisationsEinheitIdMapperConfig());
+
+		return mapper;
+	}
+
+	Map<String, String> buildOrganisationsEinheitIdMapperConfig() {
+		var config = new HashMap<String, String>();
+
+		config.put("access.token.claim", "true");
+		config.put("aggregate.attrs", "true");
+		config.put("claim.name", "organisationseinheitId");
+		config.put("id.token.claim", "true");
+		config.put("jsonType.label", "int");
+		config.put("multivalued", "true");
+		config.put("user.attribute", "organisationseinheitId");
+		config.put("userinfo.token.claim", "true");
+
+		return config;
+	}
+	//
+
 	public void updateClientRole(RoleRepresentation role, String clientId, String realm) {
 		getClientResource(realm, clientId).roles().get(role.getName()).update(role);
 	}