How to deploy a custom validator for a custom user attribute within declarative user profile?

Extending the server
1

Hello,

I have enabled successfully the declarative user profile (Server Administration Guide)
I would like now to “deploy” a custom-made validator. (KC 18.0 embedded wildfly)

I have trouble to understand how I need to package my validator to make it available in the admin console UI.
I did with maven a jar as for a eventListener extension spi with a ProviderFactory and a Provider.

Yet, the validator is not proposed in the console UI as a validator. Deployment seems successful.
I wonder if my packaging is wrong or if there is an extra step required.

By the way I had a look to https://github.com/thomasdarimont/keycloak-extension-playground/blob/master/custom-user-profile-extension/src/main/java/com/github/thomasdarimont/keycloak/userprofile/validator/AgeValidator.java but here it lacks the packaging stage as far as I can see

You can find the code below. I duplicated the code for the out of the box LengthValidator.

image

org.keycloak.validate.ValidatorFactory

lu.lns.keycloak.custom.validator.LengthValidatorProviderFactory

LengthValidatorProviderFactory.java

package lu.lns.keycloak.custom.validator;

import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.validate.Validator;
import org.keycloak.validate.ValidatorFactory;

public class LengthValidatorProviderFactory implements ValidatorFactory {

    @Override
    public Validator create(KeycloakSession session) {
        return new LengthValidatorProvider();
    }

    @Override
    public void init(Config.Scope config) {

    }

    @Override
    public void postInit(KeycloakSessionFactory factory) {

    }

    @Override
    public String getId() {
        return "lns-length-validator";
    }
}

LengthValidatorProvider

package lu.lns.keycloak.custom.validator;

import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;

import org.keycloak.models.KeycloakSession;
import org.keycloak.provider.ConfiguredProvider;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.validate.AbstractStringValidator;
import org.keycloak.validate.ValidationContext;
import org.keycloak.validate.ValidationError;
import org.keycloak.validate.ValidationResult;
import org.keycloak.validate.ValidatorConfig;
import org.keycloak.validate.validators.ValidatorConfigValidator;

/**
 * String value length validation - accepts plain string and collection of strings, for basic behavior like null/blank
 * values handling and collections support see {@link AbstractStringValidator}. Validator trims String value before the
 * length validation, can be disabled by {@link #KEY_TRIM_DISABLED} boolean configuration entry set to
 * <code>true</code>.
 * <p>
 * Configuration have to be always provided, with at least one of {@link #KEY_MIN} and {@link #KEY_MAX}.
 */
public class LengthValidatorProvider extends AbstractStringValidator implements ConfiguredProvider {

    public static final LengthValidatorProvider INSTANCE = new LengthValidatorProvider();

    public static final String ID = "lns-length";

    public static final String MESSAGE_INVALID_LENGTH = "LNS-error-invalid-length";

    public static final String KEY_MIN = "min";
    public static final String KEY_MAX = "max";
    public static final String KEY_TRIM_DISABLED = "trim-disabled";

    private static final List<ProviderConfigProperty> configProperties = new ArrayList<>();

    static {
        ProviderConfigProperty property;
        property = new ProviderConfigProperty();
        property.setName(KEY_MIN);
        property.setLabel("Minimum length");
        property.setHelpText("The minimum length");
        property.setType(ProviderConfigProperty.STRING_TYPE);
        configProperties.add(property);
        property = new ProviderConfigProperty();
        property.setName(KEY_MAX);
        property.setLabel("Maximum length");
        property.setHelpText("The maximum length");
        property.setType(ProviderConfigProperty.STRING_TYPE);
        configProperties.add(property);
    }

    @Override
    public String getId() {
        return ID;
    }

    @Override
    protected void doValidate(String value, String inputHint, ValidationContext context, ValidatorConfig config) {
        Integer min = config.getInt(KEY_MIN);
        Integer max = config.getInt(KEY_MAX);

        if (!config.getBooleanOrDefault(KEY_TRIM_DISABLED, Boolean.FALSE)) {
            value = value.trim();
        }

        int length = value.length();

        if (config.containsKey(KEY_MIN) && length < min.intValue()) {
            context.addError(new ValidationError(ID, inputHint, MESSAGE_INVALID_LENGTH, min, max));
            return;
        }

        if (config.containsKey(KEY_MAX) && length > max.intValue()) {
            context.addError(new ValidationError(ID, inputHint, MESSAGE_INVALID_LENGTH, min, max));
            return;
        }

    }

    @Override
    public ValidationResult validateConfig(KeycloakSession session, ValidatorConfig config) {

        Set<ValidationError> errors = new LinkedHashSet<>();
        if (config == null || config == ValidatorConfig.EMPTY) {
            errors.add(new ValidationError(ID, KEY_MIN, ValidatorConfigValidator.MESSAGE_CONFIG_MISSING_VALUE));
            errors.add(new ValidationError(ID, KEY_MAX, ValidatorConfigValidator.MESSAGE_CONFIG_MISSING_VALUE));
        } else {

            if (config.containsKey(KEY_TRIM_DISABLED) && (config.getBoolean(KEY_TRIM_DISABLED) == null)) {
                errors.add(new ValidationError(ID, KEY_TRIM_DISABLED, ValidatorConfigValidator.MESSAGE_CONFIG_INVALID_BOOLEAN_VALUE, config.get(KEY_TRIM_DISABLED)));
            }

            boolean containsMin = config.containsKey(KEY_MIN);
            boolean containsMax = config.containsKey(KEY_MAX);

            if (!(containsMin || containsMax)) {
                errors.add(new ValidationError(ID, KEY_MIN, ValidatorConfigValidator.MESSAGE_CONFIG_MISSING_VALUE));
                errors.add(new ValidationError(ID, KEY_MAX, ValidatorConfigValidator.MESSAGE_CONFIG_MISSING_VALUE));
            } else {

                if (containsMin && config.getInt(KEY_MIN) == null) {
                    errors.add(new ValidationError(ID, KEY_MIN, ValidatorConfigValidator.MESSAGE_CONFIG_INVALID_NUMBER_VALUE, config.get(KEY_MIN)));
                }

                if (containsMax && config.getInt(KEY_MAX) == null) {
                    errors.add(new ValidationError(ID, KEY_MAX, ValidatorConfigValidator.MESSAGE_CONFIG_INVALID_NUMBER_VALUE, config.get(KEY_MAX)));
                }

                if (errors.isEmpty() && containsMin && containsMax && (config.getInt(KEY_MIN) > config.getInt(KEY_MAX))) {
                    errors.add(new ValidationError(ID, KEY_MAX, ValidatorConfigValidator.MESSAGE_CONFIG_INVALID_VALUE));
                }
            }
        }
        return new ValidationResult(errors);
    }

    @Override
    public String getHelpText() {
        return "LNS Length validator";
    }

    @Override
    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }
}
2

@cspielmann Did you ever figure this out? What steps did you take?

EDIT: For future readers all you have to do is place the compiled JAR file into the providers directory on your Keycloak deploy. Whether that be a volume mount in Docker or just a regular deploy.

The only caveat so far is that I had to manually state the validator to use in the JSON since the custom validator was not showing in the UI options.