6.4.2. Create a JAR with the scripts to deploy
JAR files are regular ZIP files with a .jar
extension.
In order to make your scripts available to Red Hat Single Sign-On you need to deploy them to the server. For that, you should create a JAR
file with the following structure:
META-INF/keycloak-scripts.json my-script-authenticator.js my-script-policy.js my-script-mapper.js
The META-INF/keycloak-scripts.json
is a file descriptor that provides metadata information about the scripts you want to deploy. It is a JSON file with the following structure:
{ "authenticators": [ { "name": "My Authenticator", "fileName": "my-script-authenticator.js", "description": "My Authenticator from a JS file" } ], "policies": [ { "name": "My Policy", "fileName": "my-script-policy.js", "description": "My Policy from a JS file" } ], "mappers": [ { "name": "My Mapper", "fileName": "my-script-mapper.js", "description": "My Mapper from a JS file" } ] }
This file should reference the different types of script providers that you want to deploy:
authenticators
For OpenID Connect Script Authenticators. You can have one or multiple authenticators in the same JAR file
policies
For JavaScript Policies when using Red Hat Single Sign-On Authorization Services. You can have one or multiple policies in the same JAR file
mappers
For OpenID Connect Script Protocol Mappers. You can have one or multiple mappers in the same JAR file
For each script file in your JAR
file you must have a corresponding entry in META-INF/keycloak-scripts.json
that maps your scripts files to a specific provider type. For that you should provide the following properties for each entry:
name
A friendly name that will be used to show the scripts through the Red Hat Single Sign-On Administration Console. If not provided, the name of the script file will be used instead
description
An optional text that better describes the intend of the script file
fileName
The name of the script file. This property is mandatory and should map to a file within the JAR.