@Override
public void setServiceAccountsEnabled(boolean serviceAccountsEnabled) {
getDelegateForUpdate();
updated.setServiceAccountsEnabled(serviceAccountsEnabled);
}
public void enableServiceAccount(ClientModel client) {
client.setServiceAccountsEnabled(true);
// Add dedicated user for this service account
if (realmManager.getSession().users().getServiceAccount(client) == null) {
String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId();
logger.debugf("Creating service account user '%s'", username);
// Don't use federation for service account user
UserModel user = realmManager.getSession().userStorage().addUser(client.getRealm(), username);
user.setEnabled(true);
user.setEmail(username + "@placeholder.org");
user.setServiceAccountClientLink(client.getId());
}
// Add protocol mappers to retrieve clientId in access token
if (client.getProtocolMapperByName(
OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER)
== null) {
logger.debugf(
"Creating service account protocol mapper '%s' for client '%s'",
ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER, client.getClientId());
ProtocolMapperModel protocolMapper =
UserSessionNoteMapper.createClaimMapper(
ServiceAccountConstants.CLIENT_ID_PROTOCOL_MAPPER,
ServiceAccountConstants.CLIENT_ID,
ServiceAccountConstants.CLIENT_ID,
"String",
false,
"",
true,
true);
client.addProtocolMapper(protocolMapper);
}
// Add protocol mappers to retrieve hostname and IP address of client in access token
if (client.getProtocolMapperByName(
OIDCLoginProtocol.LOGIN_PROTOCOL, ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER)
== null) {
logger.debugf(
"Creating service account protocol mapper '%s' for client '%s'",
ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER, client.getClientId());
ProtocolMapperModel protocolMapper =
UserSessionNoteMapper.createClaimMapper(
ServiceAccountConstants.CLIENT_HOST_PROTOCOL_MAPPER,
ServiceAccountConstants.CLIENT_HOST,
ServiceAccountConstants.CLIENT_HOST,
"String",
false,
"",
true,
true);
client.addProtocolMapper(protocolMapper);
}
if (client.getProtocolMapperByName(
OIDCLoginProtocol.LOGIN_PROTOCOL,
ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER)
== null) {
logger.debugf(
"Creating service account protocol mapper '%s' for client '%s'",
ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER, client.getClientId());
ProtocolMapperModel protocolMapper =
UserSessionNoteMapper.createClaimMapper(
ServiceAccountConstants.CLIENT_ADDRESS_PROTOCOL_MAPPER,
ServiceAccountConstants.CLIENT_ADDRESS,
ServiceAccountConstants.CLIENT_ADDRESS,
"String",
false,
"",
true,
true);
client.addProtocolMapper(protocolMapper);
}
}