public static void syncRolesFromLDAP(
RealmModel realm,
LDAPFederationProvider ldapProvider,
UserFederationProviderModel providerModel) {
UserFederationMapperModel mapperModel =
realm.getUserFederationMapperByName(providerModel.getId(), "realmRolesMapper");
RoleLDAPFederationMapper roleMapper = getRoleMapper(mapperModel, ldapProvider, realm);
roleMapper.syncDataFromFederationProviderToKeycloak();
mapperModel = realm.getUserFederationMapperByName(providerModel.getId(), "financeRolesMapper");
roleMapper = getRoleMapper(mapperModel, ldapProvider, realm);
roleMapper.syncDataFromFederationProviderToKeycloak();
}
public static void addOrUpdateGroupMapper(
RealmModel realm,
UserFederationProviderModel providerModel,
LDAPGroupMapperMode mode,
String descriptionAttrName,
String... otherConfigOptions) {
UserFederationMapperModel mapperModel =
realm.getUserFederationMapperByName(providerModel.getId(), "groupsMapper");
if (mapperModel != null) {
mapperModel.getConfig().put(GroupMapperConfig.MODE, mode.toString());
updateGroupMapperConfigOptions(mapperModel, otherConfigOptions);
realm.updateUserFederationMapper(mapperModel);
} else {
String baseDn = providerModel.getConfig().get(LDAPConstants.BASE_DN);
mapperModel =
KeycloakModelUtils.createUserFederationMapperModel(
"groupsMapper",
providerModel.getId(),
GroupLDAPFederationMapperFactory.PROVIDER_ID,
GroupMapperConfig.GROUPS_DN,
"ou=Groups," + baseDn,
GroupMapperConfig.MAPPED_GROUP_ATTRIBUTES,
descriptionAttrName,
GroupMapperConfig.PRESERVE_GROUP_INHERITANCE,
"true",
GroupMapperConfig.MODE,
mode.toString());
updateGroupMapperConfigOptions(mapperModel, otherConfigOptions);
realm.addUserFederationMapper(mapperModel);
}
}
public static void addOrUpdateRoleLDAPMappers(
RealmModel realm,
UserFederationProviderModel providerModel,
RoleLDAPFederationMapper.Mode mode) {
UserFederationMapperModel mapperModel =
realm.getUserFederationMapperByName(providerModel.getId(), "realmRolesMapper");
if (mapperModel != null) {
mapperModel.getConfig().put(RoleLDAPFederationMapper.MODE, mode.toString());
realm.updateUserFederationMapper(mapperModel);
} else {
String baseDn = providerModel.getConfig().get(LDAPConstants.BASE_DN);
mapperModel =
KeycloakModelUtils.createUserFederationMapperModel(
"realmRolesMapper",
providerModel.getId(),
RoleLDAPFederationMapperFactory.PROVIDER_ID,
RoleLDAPFederationMapper.ROLES_DN,
"ou=RealmRoles," + baseDn,
RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING,
"true",
RoleLDAPFederationMapper.MODE,
mode.toString());
realm.addUserFederationMapper(mapperModel);
}
mapperModel = realm.getUserFederationMapperByName(providerModel.getId(), "financeRolesMapper");
if (mapperModel != null) {
mapperModel.getConfig().put(RoleLDAPFederationMapper.MODE, mode.toString());
realm.updateUserFederationMapper(mapperModel);
} else {
String baseDn = providerModel.getConfig().get(LDAPConstants.BASE_DN);
mapperModel =
KeycloakModelUtils.createUserFederationMapperModel(
"financeRolesMapper",
providerModel.getId(),
RoleLDAPFederationMapperFactory.PROVIDER_ID,
RoleLDAPFederationMapper.ROLES_DN,
"ou=FinanceRoles," + baseDn,
RoleLDAPFederationMapper.USE_REALM_ROLES_MAPPING,
"false",
RoleLDAPFederationMapper.CLIENT_ID,
"finance",
RoleLDAPFederationMapper.MODE,
mode.toString());
realm.addUserFederationMapper(mapperModel);
}
}
public static void createLDAPRole(
KeycloakSession session,
RealmModel appRealm,
UserFederationProviderModel ldapModel,
String mapperName,
String roleName) {
UserFederationMapperModel mapperModel =
appRealm.getUserFederationMapperByName(ldapModel.getId(), mapperName);
LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
getRoleMapper(mapperModel, ldapProvider, appRealm).createLDAPRole(roleName);
}
public static void removeAllLDAPGroups(
KeycloakSession session,
RealmModel appRealm,
UserFederationProviderModel ldapModel,
String mapperName) {
UserFederationMapperModel mapperModel =
appRealm.getUserFederationMapperByName(ldapModel.getId(), mapperName);
LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
LDAPQuery roleQuery = getGroupMapper(mapperModel, ldapProvider, appRealm).createGroupQuery();
List<LDAPObject> ldapRoles = roleQuery.getResultList();
for (LDAPObject ldapRole : ldapRoles) {
ldapProvider.getLdapIdentityStore().remove(ldapRole);
}
}
public static LDAPObject createLDAPGroup(
KeycloakSession session,
RealmModel appRealm,
UserFederationProviderModel ldapModel,
String groupName,
String... additionalAttrs) {
UserFederationMapperModel mapperModel =
appRealm.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
Map<String, Set<String>> additAttrs = new HashMap<>();
for (int i = 0; i < additionalAttrs.length; i += 2) {
String attrName = additionalAttrs[i];
String attrValue = additionalAttrs[i + 1];
additAttrs.put(attrName, Collections.singleton(attrValue));
}
return getGroupMapper(mapperModel, ldapProvider, appRealm)
.createLDAPGroup(groupName, additAttrs);
}
