Elytron custom Mapped Role Mapper using a properties file

Overview

This project provides a custom-mapped role mapper that can use a properties file in order to "transform" Realm roles to Application roles.

The use case for this mapper is take groups from the JBoss / Wildfly realm into Application roles by using a properties file.

In the same use case of Mapped Role Mapper, however, a property file is used as a source.

This was tested with JBoss EAP 8 and Wildfly 28.

Installation

To use this custom role mapper in your JBoss / Wildfly instance, follow these steps:

1. Download the JAR

   https://github.com/gabrielpadilh4/custom-properties-mapped-role-mapper/releases/tag/v1.0.0

2. Install the artifact as a module in JBoss / Wildfly

   With the server stopped, add the module:

   $JBOSS_HOME/jboss-cli.sh
   module add --name=org.example.custom-properties-mapped-role-mapper --resources=<DOWNLOAD DIRECTORY>/custom-properties-mapped-role-mapper-1.0.0.jar --dependencies=org.wildfly.security.elytron

3. Configure the custom role mapper

   /subsystem=elytron/custom-role-mapper=CustomPropertiesMappedRoleMapper:add(class-name=org.example.CustomPropertiesMappedRoleMapper, module=org.example.custom-properties-mapped-role-mapper,configuration={ROLE_PROPERTIES=>/jboss/standalone/configuration/rolesMapping-roles.properties})

   Replace the properties file with the full path of your own properties.

4. Use the custom role mapper in the security domain

   /subsystem=elytron/security-domain=YOUR-APPLICATION-DOMAIN:write-attribute(name=role-mapper,value=CustomPropertiesMappedRoleMapper)

Use case

I have a security domain configured to use LDAP as authentication, LDAP also provides the groups for my users, however, i need to transform the LDAP roles into Application roles since it has a different name.

A user jbrown is assigned to groups ldap-user,ldap-admin and EA. Users assigned with role EA in LDAP, should have the roles NavigatorUser, AdminUser in my application.

The content of my rolesMapping-roles.properties has the following:

#LDAP GROUP,APP ROLES
EA=NavigatorUser,AdminUser

In JBoss / Wildfly, the following line represents the end result of the custom role mapper:

2024-07-03 22:46:43,536 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [jbrown] -> decoded roles [ldap-user, ldap-admin, EA] -> domain decoded roles [] -> realm mapped roles [ldap-user, ldap-admin, EA] -> domain mapped roles [ldap-user, ldap-admin, EA, NavigatorUser, AdminUser]

As we can see, the realm mapped roles are ldap-user, ldap-admin, EA that once passes by the custom role mapper turns into ldap-user, ldap-admin, EA, NavigatorUser, AdminUser.

The roles NavigatorUser, AdminUser have been added since the user is part of group EA in LDAP.

Compile the code

1. Clone the Repository:

   git clone https://github.com/gabrielpadilh4/custom-properties-mapped-role-mapper.git

2. Compile the project

   mvn clean install