[keycloak-dev] Support for passing custom attributes from authenticators to login pages

Thomas Darimont thomas.darimont at googlemail.com
Mon Apr 10 11:35:27 EDT 2017

FYI my current solution (ab)uses the attributes of the current
HttpServletRequest to pass custom
data down to the templates with a (small) adjustment of
FreeMarkerLoginFormsProvider as shown below.

This is quite hacky but does it's job until I find a better way to do this.

Within my custom Authenticator:

private static final String MY_CUSTOM_ATTRIBUTE="my_custom_attribute";

public void authenticate(AuthenticationFlowContext context) {
   HttpServletRequest request =
   try {
       request.setAttribute(MY_CUSTOM_ATTRIBUTE, "bubu");
   } finally {

Small extension to the FreeMarkerLoginFormsProvider in "private Response
createResponse(LoginFormsPages page)":
HttpServletRequest currentHttpRequest =
if (currentHttpRequest != null) {
   attributes.put("currentRequestAttributes", new

public static class HttpServletRequestAttributesBean {

   private final HttpServletRequest request;

   public HttpServletRequestAttributesBean(HttpServletRequest request){
       this.request = request;

   public Object getAttribute(String name){
       return this.request.getAttribute(name);

   public Map<String,Object> getAttributes(){

       Map<String,Object> attributes = new HashMap<>();
       for(String name : Collections.list(request.getAttributeNames())){
           attributes.put(name, request.getAttribute(name));

       return attributes;

In my template login-totp.ftl:
<span>Custom value:

2017-04-10 16:04 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.com>:

> Hello group,
> are there any plans to support custom attributes to be passed from
> authenticators to (login-) forms?
> Concrete use-case is that I want to pass information
> from a custom OTP authenticator down to the login-totp.ftl template.
> Would be helpful if it were possible to pass custom attributes to the
> create*Page(..) methods in org.keycloak.forms.login.LoginFormsProvider.
> This would really ease customizations.
> Other alternatives to pass data are:
> - use some ThreadLocal storage within an Authenticator (set and clear) -
> but this feels more like a hack
> - custom page template and population logic in in a custom
> FreeMarkerLoginFormsProvider (quite involved...)
> Cheers,
> Thomas

More information about the keycloak-dev mailing list