[keycloak-user] Accessing authenticated user's details

Stian Thorgersen sthorger at redhat.com
Thu Nov 5 14:43:39 EST 2015


In JEE there's only Principal with a single getName. You can already map
whatever you want to that.

We could maybe map properties from the token onto attributes in the
request.

On 30 October 2015 at 18:34, Christian Hebert <christian_hebert at hotmail.com>
wrote:

> How about wrapping your application under a filter (or a valve in JBoss
> or Tomcat) ? From there you could populate your authenticated subject (or
> the session?) with whatever information your keycloak token could provide.
>
> Would that be a good idea ?
>
> ------------------------------
> Date: Wed, 28 Oct 2015 05:01:17 -0700
> From: sthorger at redhat.com
> To: tdudgeon.ml at gmail.com
> CC: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Accessing authenticated user's details
>
>
> Yes, JavaEE currently has no standard way of obtaining a user profile.
>
> On 28 October 2015 at 04:17, Tim Dudgeon <tdudgeon.ml at gmail.com> wrote:
>
> So if I understand correctly the only way to handle multiple attributes of
> the user (e.g name and email) is to use the Keycloak IDToken approach and
> so be dependent on the Keycloak implementation (or create my own API that
> wraps this)?
>
> Tim
>
> On 26/10/2015 09:24, Marek Posolda wrote:
>
> If you don't want Keycloak dependencies, you can use
> request.getRemoteUser() or request.getPrincipal().getName() to access just
> the userId of authenticated user. If you use "principal-attribute" in
> keycloak.json, it will return the configured attribute instead of userId,
> so you can receive for example username or email instead. But that way, you
> will be able to access just this single attribute.
>
> Marek
>
> On 26/10/15 09:52, Tim Dudgeon wrote:
>
> Wondered if anyone had any thoughts on this?
>
> On 21/10/2015 12:04, Tim Dudgeon wrote:
>
> In the case of a web application (e.g. Tomcat app secured by the keycloak
> adapter) the web app might need to access details of the authenticated user
> (e.g. full name or email).
> I've found that this information is available from the session like this:
>
> KeycloakSecurityContext session =
> (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
> IDToken idToken = session.getIdToken();
> String email = idToken.getEmail();
>
> One issue with this is that all your web apps are tied to keycloak.
>
> Is this the right way to handle this?
> Are there alternatives?
>
> Tim
>
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________ keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151105/d56d1793/attachment-0001.html 


More information about the keycloak-user mailing list