Skip to content

Commit

Permalink
Add field session_note to user session protocol mapper. This field ne…
Browse files Browse the repository at this point in the history 
…eds to be written additionally to session_note_label if the protocoll mapper is intended to work correctly, e.g. an Apache mod_auth_openidc client
  • Loading branch information
Clemens Hanel committed Aug 21, 2020
1 parent 02daabb commit a469557
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 0 deletions.
3 changes: 3 additions & 0 deletions docs-old/resources/keycloak_openid_user_session_note_protocol_mapper.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_
client_id = keycloak_openid_client.openid_client.id
claim_name = "foo"
claim_value_type = "String"
session_note = "bar"
session_note_label = "bar"
add_to_id_token = true
add_to_access_token = false
Expand All @@ -54,6 +55,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_
client_scope_id = keycloak_openid_client_scope.client_scope.id
claim_name = "foo"
claim_value_type = "String"
session_note = "bar"
session_note_label = "bar"
add_to_id_token = true
add_to_access_token = false
Expand All @@ -70,6 +72,7 @@ The following arguments are supported:
- `name` - (Required) The display name of this protocol mapper in the GUI.
- `claim_name` - (Required) The name of the claim to insert into a token.
- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `JSON`, `long`, `int`, or `boolean`. Defaults to `String`.
- `session_note` - (Optional) String value being the name of stored user session note within the UserSession.note map.
- `session_note_label` - (Optional) String value being the name of stored user session note within the UserSessionModel.note map.
- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.
- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.
Expand Down
3 changes: 3 additions & 0 deletions keycloak/openid_user_session_note_protocol_mapper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ type OpenIdUserSessionNoteProtocolMapper struct {

ClaimName string
ClaimValueType string
UserSessionNote string
UserSessionNoteLabel string
}

Expand All @@ -31,6 +32,7 @@ func (mapper *OpenIdUserSessionNoteProtocolMapper) convertToGenericProtocolMappe
addToAccessTokenField: strconv.FormatBool(mapper.AddToAccessToken),
claimNameField: mapper.ClaimName,
claimValueTypeField: mapper.ClaimValueType,
userSessionNoteField: mapper.UserSessionNote,
userSessionModelNoteLabelField: mapper.UserSessionNoteLabel,
},
}
Expand Down Expand Up @@ -59,6 +61,7 @@ func (protocolMapper *protocolMapper) convertToOpenIdUserSessionNoteProtocolMapp

ClaimName: protocolMapper.Config[claimNameField],
ClaimValueType: protocolMapper.Config[claimValueTypeField],
UserSessionNote: protocolMapper.Config[userSessionNoteField],
UserSessionNoteLabel: protocolMapper.Config[userSessionModelNoteLabelField],
}, nil
}
Expand Down
1 change: 1 addition & 0 deletions keycloak/protocol_mapper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ var (
userRealmRoleMappingRolePrefixField = "usermodel.realmRoleMapping.rolePrefix"
userClientRoleMappingClientIdField = "usermodel.clientRoleMapping.clientId"
userClientRoleMappingRolePrefixField = "usermodel.clientRoleMapping.rolePrefix"
userSessionNoteField = "user.session.note"
userSessionModelNoteLabelField = "userSession.modelNote.label"
aggregateAttributeValuesField = "aggregate.attrs"
)
Expand Down
7 changes: 7 additions & 0 deletions provider/resource_keycloak_openid_user_session_note_protocol_mapper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,11 @@ func resourceKeycloakOpenIdUserSessionNoteProtocolMapper() *schema.Resource {
Default: "String",
ValidateFunc: validation.StringInSlice([]string{"JSON", "String", "long", "int", "boolean"}, true),
},
"session_note": {
Type: schema.TypeString,
Optional: true,
Description: "String value being the name of stored user session note within the UserSessionModel.note map.",
},
"session_note_label": {
Type: schema.TypeString,
Optional: true,
Expand All @@ -89,6 +94,7 @@ func mapFromDataToOpenIdUserSessionNoteProtocolMapper(data *schema.ResourceData)

ClaimName: data.Get("claim_name").(string),
ClaimValueType: data.Get("claim_value_type").(string),
UserSessionNote: data.Get("session_note").(string),
UserSessionNoteLabel: data.Get("session_note_label").(string),
}
}
Expand All @@ -108,6 +114,7 @@ func mapFromOpenIdUserSessionNoteMapperToData(mapper *keycloak.OpenIdUserSession
data.Set("add_to_access_token", mapper.AddToAccessToken)
data.Set("claim_name", mapper.ClaimName)
data.Set("claim_value_type", mapper.ClaimValueType)
data.Set("session_note", mapper.UserSessionNote)
data.Set("session_note_label", mapper.UserSessionNoteLabel)
}

Expand Down
6 changes: 6 additions & 0 deletions provider/resource_keycloak_openid_user_session_note_protocol_mapper_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_
client_id = "${keycloak_openid_client.openid_client.id}"
claim_name = "foo"
claim_value_type = "String"
session_note = "bar"
session_note_label = "bar"
}`, realmName, clientId, mapperName)
}
Expand All @@ -366,6 +367,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_
client_scope_id = "${keycloak_openid_client_scope.client_scope.id}"
claim_name = "foo"
claim_value_type = "String"
session_note = "bar"
session_note_label = "bar"
}`, realmName, clientScopeId, mapperName)
}
Expand Down Expand Up @@ -405,6 +407,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_
client_id = "${keycloak_openid_client.openid_client.id}"
claim_name = "foo"
claim_value_type = "String"
session_note = "bar"
session_note_label = "%s"
}`, realmName, clientId, mapperName, labelName)
}
Expand All @@ -425,6 +428,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_
client_id = "${keycloak_openid_client.openid_client.id}"
claim_name = "foo"
claim_value_type = "String"
session_note = "bar"
session_note_label = "bar"
}
resource "keycloak_openid_client_scope" "client_scope" {
Expand All @@ -437,6 +441,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_
client_scope_id = "${keycloak_openid_client_scope.client_scope.id}"
claim_name = "foo"
claim_value_type = "String"
session_note = "bar"
session_note_label = "bar"
}`, realmName, clientId, mapperName, clientScopeId, mapperName)
}
Expand All @@ -457,6 +462,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "user_session_note_
client_id = "${keycloak_openid_client.openid_client.id}"
claim_name = "foo"
claim_value_type = "%s"
session_note = "bar"
session_note_label = "bar"
}`, realmName, mapperName, claimValueType)
}

0 comments on commit a469557

Please sign in to comment.