public static void syncRolesFromLDAP( RealmModel realm, LDAPFederationProvider ldapProvider, UserFederationProviderModel providerModel) { UserFederationMapperModel mapperModel = realm.getUserFederationMapperByName(providerModel.getId(), "realmRolesMapper"); RoleLDAPFederationMapper roleMapper = getRoleMapper(mapperModel, ldapProvider, realm); roleMapper.syncDataFromFederationProviderToKeycloak(); mapperModel = realm.getUserFederationMapperByName(providerModel.getId(), "financeRolesMapper"); roleMapper = getRoleMapper(mapperModel, ldapProvider, realm); roleMapper.syncDataFromFederationProviderToKeycloak(); }
public static void addOrUpdateGroupMapper( RealmModel realm, UserFederationProviderModel providerModel, LDAPGroupMapperMode mode, String descriptionAttrName, String... otherConfigOptions) { UserFederationMapperModel mapperModel = realm.getUserFederationMapperByName(providerModel.getId(), "groupsMapper"); if (mapperModel != null) { mapperModel.getConfig().put(GroupMapperConfig.MODE, mode.toString()); updateGroupMapperConfigOptions(mapperModel, otherConfigOptions); realm.updateUserFederationMapper(mapperModel); } else { String baseDn = providerModel.getConfig().get(LDAPConstants.BASE_DN); mapperModel = KeycloakModelUtils.createUserFederationMapperModel( "groupsMapper", providerModel.getId(), GroupLDAPFederationMapperFactory.PROVIDER_ID, GroupMapperConfig.GROUPS_DN, "ou=Groups," + baseDn, GroupMapperConfig.MAPPED_GROUP_ATTRIBUTES, descriptionAttrName, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "true", GroupMapperConfig.MODE, mode.toString()); updateGroupMapperConfigOptions(mapperModel, otherConfigOptions); realm.addUserFederationMapper(mapperModel); } }
public static void addOrUpdateRoleLDAPMappers( RealmModel realm, UserFederationProviderModel providerModel, RoleLDAPFederationMapper.Mode mode) { UserFederationMapperModel mapperModel = realm.getUserFederationMapperByName(providerModel.getId(), "realmRolesMapper"); if (mapperModel != null) { mapperModel.getConfig().put(RoleLDAPFederationMapper.MODE, mode.toString()); realm.updateUserFederationMapper(mapperModel); } else { String baseDn = providerModel.getConfig().get(LDAPConstants.BASE_DN); mapperModel = KeycloakModelUtils.createUserFederationMapperModel( "realmRolesMapper", providerModel.getId(), RoleLDAPFederationMapperFactory.PROVIDER_ID, RoleLDAPFederationMapper.ROLES_DN, "ou=RealmRoles," + baseDn, RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING, "true", RoleLDAPFederationMapper.MODE, mode.toString()); realm.addUserFederationMapper(mapperModel); } mapperModel = realm.getUserFederationMapperByName(providerModel.getId(), "financeRolesMapper"); if (mapperModel != null) { mapperModel.getConfig().put(RoleLDAPFederationMapper.MODE, mode.toString()); realm.updateUserFederationMapper(mapperModel); } else { String baseDn = providerModel.getConfig().get(LDAPConstants.BASE_DN); mapperModel = KeycloakModelUtils.createUserFederationMapperModel( "financeRolesMapper", providerModel.getId(), RoleLDAPFederationMapperFactory.PROVIDER_ID, RoleLDAPFederationMapper.ROLES_DN, "ou=FinanceRoles," + baseDn, RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING, "false", RoleLDAPFederationMapper.CLIENT_ID, "finance", RoleLDAPFederationMapper.MODE, mode.toString()); realm.addUserFederationMapper(mapperModel); } }
public static void createLDAPRole( KeycloakSession session, RealmModel appRealm, UserFederationProviderModel ldapModel, String mapperName, String roleName) { UserFederationMapperModel mapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), mapperName); LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(session, ldapModel); getRoleMapper(mapperModel, ldapProvider, appRealm).createLDAPRole(roleName); }
public static void removeAllLDAPGroups( KeycloakSession session, RealmModel appRealm, UserFederationProviderModel ldapModel, String mapperName) { UserFederationMapperModel mapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), mapperName); LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(session, ldapModel); LDAPQuery roleQuery = getGroupMapper(mapperModel, ldapProvider, appRealm).createGroupQuery(); List<LDAPObject> ldapRoles = roleQuery.getResultList(); for (LDAPObject ldapRole : ldapRoles) { ldapProvider.getLdapIdentityStore().remove(ldapRole); } }
public static LDAPObject createLDAPGroup( KeycloakSession session, RealmModel appRealm, UserFederationProviderModel ldapModel, String groupName, String... additionalAttrs) { UserFederationMapperModel mapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper"); LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(session, ldapModel); Map<String, Set<String>> additAttrs = new HashMap<>(); for (int i = 0; i < additionalAttrs.length; i += 2) { String attrName = additionalAttrs[i]; String attrValue = additionalAttrs[i + 1]; additAttrs.put(attrName, Collections.singleton(attrValue)); } return getGroupMapper(mapperModel, ldapProvider, appRealm) .createLDAPGroup(groupName, additAttrs); }