Saving a list of user groups in claims#
The AddGroupsToToken procedure records a list of user groups in the grps statement. For this procedure to work, the conditions must be met:
memberOfattribute is configured to display the user’s groups;session statement
grps(see Adding attributes to an identity token) was added to the configuration file.
When logging into the application, it will check if the user has groups in the memberOf attribute, and if they are present there, they will be added to the grps statement.
public class AddGroupsToToken implements Strategy {
private final Logger logger = LoggerFactory.getLogger("com.identityblitz.idp.flow.dynamic");
@Override public StrategyBeginState begin(final Context ctx) {
if ("login".equals(ctx.prompt())){
List<String> methods = new ArrayList<String>(Arrays.asList(ctx.availableMethods()));
methods.remove("cls");
return StrategyState.MORE(methods.toArray(new String[0]), true);
} else {
if(ctx.claims("subjectId") != null)
return StrategyState.ENOUGH();
else
return StrategyState.MORE(new String[]{});
}
}
@Override public StrategyState next(final Context ctx) {
Integer reqFactor = (ctx.user() == null) ? null : ctx.user().requiredFactor();
if(reqFactor == null || reqFactor == ctx.justCompletedFactor()) {
List<String> grps = new ArrayList<String>();
int groupListIdx = 0;
while (groupListIdx > -1) {
String group = ctx.claims("memberOf.[" + groupListIdx + "]");
logger.debug("### group [" + groupListIdx + "] = " + group);
if (group == null) {
groupListIdx = -1;
} else {
grps.add(ctx.claims("memberOf.[" + groupListIdx + "]"));
groupListIdx ++;
}
}
LClaimsBuilder claimsBuilder = ctx.claimsBuilder();
if (grps.size() > 0) {
claimsBuilder.addClaim("grps", grps);
}
LClaims claims = claimsBuilder.build();
return StrategyState.ENOUGH_BUILDER()
.withClaims(claims)
.build();
} else
return StrategyState.MORE(new String[]{});
}
}