This module contains extra client mappers to be added to Keycloak. Ultimatly, such mappers should be submitted to be integrated into Keycloak.
Currently, the module contains the following mappers:
- JavaScript mapper for SAML: This mapper is analogous to the OIDC script mapper, allowing the use of JavaScript to add attribute values to SAML tokens.
This module is currently working on 3.4.3.Final.
This is an example with keycloak available at /opt/keycloak
#Create layer in keycloak setup
install -d -v -m755 /opt/keycloak/modules/system/layers/client-mappers -o keycloak -g keycloak
#Setup the module directory
install -d -v -m755 /opt/keycloak/modules/system/layers/client-mappers/io/cloudtrust/keycloak-client-mappers/main/ -o keycloak -g keycloak
#Install jar
install -v -m0755 -o keycloak -g keycloak -D target/keycloak-client-mappers-3.4.3.Final.jar /opt/keycloak/modules/system/layers/client-mappers/io/cloudtrust/keycloak-client-mappers/main/
#Install module file
install -v -m0755 -o keycloak -g keycloak -D module.xml /opt/keycloak/modules/system/layers/client-mappers/io/cloudtrust/keycloak-client-mappers/main/
layers.conf
layers=keycloak,client-mappersstandalone.xml
...
<web-context>auth</web-context>
<providers>
<provider>module:io.cloudtrust.keycloak-client-mappers</provider>
...
</providers>
...It's use is almost analog to the OIDC script mapper: the nashorn javascript engine is used to evaluate the input script, and the last statement is the value that will be returned in the SAML attribute. The sole difference to the OIDC varient is that the JavaScript mapper for SAML can handle Iterables or arrays as a return value: the result will either be multiple attributes, or a single attribute with a grouped value, depending on the value of the Single Group Attribute option.