如何在Keycloak中注册自定义ProtocolMapper? [英] How to register a custom ProtocolMapper in Keycloak?
问题描述
我正努力在Keycloak中注册自定义ProtocolMapper.我想根据令牌请求从数据库中添加一些数据.因此,我遵循了给出的想法.Keycloak从数据库/外部源添加了额外的声明.
I'm struggling with registering a custom ProtocolMapper in Keycloak. I would like to add some data from my database on token request. So i followed the idea given in Keycloak add extra claims from database / external source.
我实现了ProtocolMapper接口并添加了文件
I implemented the ProtocolMapper interface and added the file
META-INF/services/org.keycloak.protocol.ProtocolMapper
META-INF/services/org.keycloak.protocol.ProtocolMapper
包含对我班级的引用.到目前为止,一切都很顺利,Keycloak意识到了新的实现.我也可以通过管理控制台对其进行配置.
containing the reference to my class. So far so good and Keycloak recognizes the new implementation. I'm also able to configure it via the admin console.
要向令牌添加一些数据,我想我还必须添加一个/某些接口
To add some data to the token I think I must also add one/some of the interfaces
org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper
org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper
并根据接口实现方法.
现在的问题是,一旦添加接口,我就会收到以下日志消息:
The problem now is that as soon as I add the interface I get the following log message:
08:55:07,292 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service jboss.deployment.unit."keycloak-spi.jar".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."keycloak-spi.jar".POST_MODULE
: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "keycloak-spi.jar"
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:172)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NoClassDefFoundError: Failed to link at/lotterien/jam/keycloak/spi/JamAuthorizationInfoProtocolMapper (Module "deployment.keycloak-spi.jar" from Service Module Loader): org/keycloak/protocol/oidc/mappers/UserInfoTokenMapper
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:446)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:274)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:77)
at org.jboss.modules.Module.loadModuleClass(Module.java:713)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Unknown Source)
at java.util.ServiceLoader$LazyIterator.nextService(Unknown Source)
at java.util.ServiceLoader$LazyIterator.next(Unknown Source)
at java.util.ServiceLoader$1.next(Unknown Source)
at org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:60)
at org.keycloak.provider.ProviderManager.load(ProviderManager.java:92)
at org.keycloak.services.DefaultKeycloakSessionFactory.loadFactories(DefaultKeycloakSessionFactory.java:214)
at org.keycloak.services.DefaultKeycloakSessionFactory.deploy(DefaultKeycloakSessionFactory.java:115)
at org.keycloak.provider.ProviderManagerRegistry.deploy(ProviderManagerRegistry.java:42)
at org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor.deploy(KeycloakProviderDeploymentProcessor.java:55)
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:165)
... 5 more
为什么Keycloak找不到自己的接口?不应该直接使用它吗?
Why does Keycloak not find its own interface? Shouldn't it be provided out of the box?
我想让它起作用吗?
编辑1
我还有一点.我添加了文件
I got a little bit further. I added a file
META-INF/jboss-deployment-structure.xml
META-INF/jboss-deployment-structure.xml
有内容
<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.keycloak.keycloak-services"/>
</dependencies>
</deployment>
</jboss-deployment-structure>
现在异常消失了.
不幸的是,我的类中的方法 transformUserInfoToken()仍未在令牌请求中调用.
Unfortunately the method transformUserInfoToken() in my class is still not called on token request.
任何人都可以把我带到正确的方向吗?
Can anyone put me in the right direction please?
推荐答案
终于可以了.即使仍然存在未解决的问题,我也可以实现所需的功能.
It finally works. Even there are still open questions I could implement the needed functionality.
我必须实现接口
org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper
org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper
(而不是org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper)
现在,对URL http://<host>:<port>/auth/realms/testrealm/protocol/openid-connect/token
我认为问题出在我对术语AccessToken,UserInfo和IDToken的误解.我认为这三个都是生成的令牌的一部分.但是,似乎 OIDCAccessTokenMapper 是将其他信息添加到访问令牌中的唯一方法.
I think the problem came from my misunderstanding of the terms AccessToken, UserInfo and IDToken. I thought all three are part of the token generated. But it seems the OIDCAccessTokenMapper is the only way to get additional information into the access token.
对我来说,还有一个悬而未决的问题是UserInfo和IDToken将出现在哪里.也许有人可以给出答案.
The remaining open question for me is where the UserInfo and the IDToken would appear. Maybe somebody can give an answer for that.
这篇关于如何在Keycloak中注册自定义ProtocolMapper?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
