[keycloak-dev] Support for passing custom attributes from authenticators to login pages

Thomas Darimont thomas.darimont at googlemail.com
Mon Apr 10 16:16:53 EDT 2017


Hi Marek,

I totally missed that - thanks a ton :)

Cheers,
Thomas

2017-04-10 21:32 GMT+02:00 Marek Posolda <mposolda at redhat.com>:

> Hi Thomas,
>
> the LoginFormsProvider has method "setAttribute" . I think that in the
> authenticator, you can use something like
>
> context.form().setAttribute("foo", "bar");
>
> when "context" is AuthenticationFlowContext passed to the authenticator.
> Then in the template, the attribute "foo" can be directly referenced. Does
> it working for you?
>
> Marek
>
>
> On 10/04/17 17:35, Thomas Darimont wrote:
>
>> FYI my current solution (ab)uses the attributes of the current
>> HttpServletRequest to pass custom
>> data down to the templates with a (small) adjustment of
>> FreeMarkerLoginFormsProvider as shown below.
>>
>> This is quite hacky but does it's job until I find a better way to do
>> this.
>>
>> Within my custom Authenticator:
>>
>> private static final String MY_CUSTOM_ATTRIBUTE="my_custom_attribute";
>>
>> @Override
>> public void authenticate(AuthenticationFlowContext context) {
>>     HttpServletRequest request =
>> context.getSession().getContext().getContextObject(HttpServl
>> etRequest.class);
>>     try {
>>         request.setAttribute(MY_CUSTOM_ATTRIBUTE, "bubu");
>>         super.authenticate(context);
>>     } finally {
>>         request.removeAttribute(MY_CUSTOM_ATTRIBUTE);
>>     }
>> }
>>
>> Small extension to the FreeMarkerLoginFormsProvider in "private Response
>> createResponse(LoginFormsPages page)":
>> ...
>> HttpServletRequest currentHttpRequest =
>> session.getContext().getContextObject(HttpServletRequest.class);
>> if (currentHttpRequest != null) {
>>     attributes.put("currentRequestAttributes", new
>> HttpServletRequestAttributesBean(currentHttpRequest));
>> }
>> ...
>>
>> public static class HttpServletRequestAttributesBean {
>>
>>     private final HttpServletRequest request;
>>
>>     public HttpServletRequestAttributesBean(HttpServletRequest request){
>>         this.request = request;
>>     }
>>
>>     public Object getAttribute(String name){
>>         return this.request.getAttribute(name);
>>     }
>>
>>     public Map<String,Object> getAttributes(){
>>
>>         Map<String,Object> attributes = new HashMap<>();
>>         for(String name : Collections.list(request.getAttributeNames())){
>>             attributes.put(name, request.getAttribute(name));
>>         }
>>
>>         return attributes;
>>     }
>> }
>>
>> In my template login-totp.ftl:
>> <span>Custom value:
>> ${currentRequestAttributes.getAttribute('my_custom_attribute
>> ')!'default'}</span>
>>
>> 2017-04-10 16:04 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.co
>> m>:
>>
>> Hello group,
>>>
>>> are there any plans to support custom attributes to be passed from
>>> authenticators to (login-) forms?
>>>
>>> Concrete use-case is that I want to pass information
>>> from a custom OTP authenticator down to the login-totp.ftl template.
>>>
>>> Would be helpful if it were possible to pass custom attributes to the
>>> create*Page(..) methods in org.keycloak.forms.login.LoginFormsProvider.
>>>
>>> This would really ease customizations.
>>>
>>> Other alternatives to pass data are:
>>> - use some ThreadLocal storage within an Authenticator (set and clear) -
>>> but this feels more like a hack
>>> - custom page template and population logic in in a custom
>>> FreeMarkerLoginFormsProvider (quite involved...)
>>>
>>> Cheers,
>>> Thomas
>>>
>>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
>


More information about the keycloak-dev mailing list