Change order of authnauthorities (current IdP last in the list)

CHANGELOG.md

@@ -1,4 +1,29 @@
 # Changelog
 All notable changes in keycloak-oidc-authnauthorities-mapper will be documented in this file.
 
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+It is based on Keycloak version 22.
+
+## [1.1.0] - 2025-01-29
+
+### Fixed
+- Change order of authnauthorities (current IdP last in the list)
+
+## [1.0.2] - 2024-07-30
+
+### Fixed
+- AuthnAuthorityRepresentation default constructor
+
+## [1.0.1] - 2024-07-29
+
+### Fixed
+- Fix Provider Id
+
+## [1.0.0] - 2024-07-11
+
+### Added
+- Oidc authnauthorities mapper implementation
+
 

README.md

@@ -1,7 +1,11 @@
 # keycloak-oidc-authnauthorities-mapper
 A pluggable OIDC protocol mapper for keycloak. To be used in eosc installations 
 
-### Installation instructions (versions >= 1.2.0):
+To make the authenticating authorities information available to an OIDC client you need to add this mapper in order to map the authenticating authorities information into a claim (e.g. authnauthorities). 
+This information is constructed as follows: The mapper will obtain the SAML entity ID, OIDC issuer or alias based on the  identity_provider_id  session note. 
+The identity_provider_id will be appended to the end of the list of IdP entity ids contained in the identity_provider_authnAuthorities session  note (if this session note exists).
+
+### Installation instructions :
 
 1. Compile the plugin jar i.e. 'mvn clean install' or just get a built one from the "Releases" link on the right sidebar.
 2. Drop the jar into the folder $KEYCLOAK_BASE/standalone/deployments/ and let all the hot-deploy magic commence.

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>org.keycloak</groupId>
     <artifactId>keycloak-oidc-authnauthorities-mapper</artifactId>
-    <version>1.0.2</version>
+    <version>1.1.0</version>
 
     <properties>
         <keycloak.version>23.0.5</keycloak.version>

src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAuthnAuthoritiesMapper.java

@@ -74,12 +74,6 @@ protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSes
     private LinkedList<AuthnAuthorityRepresentation> getAuthnAuthorities(UserSessionModel userSession) {
         LinkedList<AuthnAuthorityRepresentation> authnAuthorities = new LinkedList<>();
         String previousAauthnAuthorities = userSession.getNote(IDENTITY_PROVIDER_AUTHN_AUTHORITIES);
-        if (userSession.getNote(Details.IDENTITY_PROVIDER) != null) {
-            RealmModel realm = userSession.getRealm();
-            IdentityProviderModel idp = realm.getIdentityProviderByAlias(userSession.getNote(Details.IDENTITY_PROVIDER));
-            //add first authn autohrities
-            authnAuthorities.add(new AuthnAuthorityRepresentation(userSession.getNote(IDENTITY_PROVIDER_ID), getIdPName(idp)));
-        }
         if (previousAauthnAuthorities != null) {
             try {
                 authnAuthorities.addAll(JsonSerialization.readValue(previousAauthnAuthorities, new TypeReference<LinkedList<AuthnAuthorityRepresentation>>() {
@@ -89,6 +83,12 @@ private LinkedList<AuthnAuthorityRepresentation> getAuthnAuthorities(UserSession
                 e.printStackTrace();
             }
         }
+        if (userSession.getNote(Details.IDENTITY_PROVIDER) != null) {
+            RealmModel realm = userSession.getRealm();
+            IdentityProviderModel idp = realm.getIdentityProviderByAlias(userSession.getNote(Details.IDENTITY_PROVIDER));
+            //add first authn autohrities
+            authnAuthorities.add(new AuthnAuthorityRepresentation(userSession.getNote(IDENTITY_PROVIDER_ID), getIdPName(idp)));
+        }
         return authnAuthorities;
     }