Created
September 25, 2025 16:19
-
-
Save frankvilhelmsen/841ca58139661e07fbf8cd6122d1a182 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package dk.ufst.keycloak.saml; | |
| import org.keycloak.models.KeycloakSession; | |
| import org.keycloak.models.RealmModel; | |
| import org.keycloak.models.UserModel; | |
| import org.keycloak.models.UserSessionModel; | |
| import org.keycloak.broker.provider.BrokeredIdentityContext; | |
| import org.keycloak.broker.provider.util.SimpleHttp; | |
| import org.keycloak.broker.saml.SAMLIdentityProvider; | |
| import org.keycloak.broker.saml.SAMLIdentityProviderFactory; | |
| import org.keycloak.models.FederatedIdentityModel; | |
| import java.util.List; | |
| import java.util.stream.Collectors; | |
| /** | |
| * Helper service til at mappe SAML brokerID eller SessionIndex til Keycloak userId | |
| */ | |
| public class SAMLUserMapper { | |
| private final KeycloakSession session; | |
| private final RealmModel realm; | |
| public SAMLUserMapper(KeycloakSession session, RealmModel realm) { | |
| this.session = session; | |
| this.realm = realm; | |
| } | |
| /** | |
| * Få Keycloak userId ud fra SAML brokerID (fx NameID) | |
| */ | |
| public String getUserIdFromBrokerId(String brokerId, String idpAlias) { | |
| FederatedIdentityModel fid = new FederatedIdentityModel(idpAlias, brokerId, null); | |
| UserModel user = session.users().getUserByFederatedIdentity(realm, fid); | |
| return user != null ? user.getId() : null; | |
| } | |
| /** | |
| * Få Keycloak userId ud fra SAML SessionIndex (fx ved LogoutRequest) | |
| */ | |
| public List<String> getUserIdsFromSessionIndex(String sessionIndex) { | |
| List<UserSessionModel> sessions = session.sessions() | |
| .getUserSessionsStream(realm, null) | |
| .filter(us -> sessionIndex.equals(us.getNote(SAMLIdentityProvider.SAML_SESSION_INDEX))) | |
| .collect(Collectors.toList()); | |
| return sessions.stream() | |
| .map(us -> us.getUser().getId()) | |
| .collect(Collectors.toList()); | |
| } | |
| /** | |
| * Convenience: få userId fra BrokeredIdentityContext (login-flow) | |
| */ | |
| public String getUserIdFromBrokerContext(BrokeredIdentityContext context) { | |
| UserModel user = session.users().getUserByUsername(realm, context.getUsername()); | |
| return user != null ? user.getId() : null; | |
| } | |
| } | |
| // Logout-flow (backchannel) | |
| SAMLUserMapper mapper = new SAMLUserMapper(session, realm); | |
| List<String> userIds = mapper.getUserIdsFromSessionIndex(logoutRequestSessionIndex); | |
| for (String uid : userIds) { | |
| logger.infof("Found Keycloak userId for logout: %s", uid); | |
| // Luk session her | |
| } | |
| # brokerID fra DCS | |
| String userId = mapper.getUserIdFromBrokerId(dcsBrokerId, "saml"); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment