[keycloak-user] Best way to add custom attributes to the user session?
Stian Thorgersen
sthorger at redhat.com
Mon Jan 2 09:26:42 EST 2017
I think a custom authenticator would be the way to do it as you probably
want to add to the user session when the user is authenticating and not
when tokens are refreshed
On 23 December 2016 at 11:24, Edgar Vonk - Info.nl <Edgar at info.nl> wrote:
> Hi,
>
> We would like to a add custom attributes (using custom logic including
> custom database queries) to the user session in Keycloak on authentication.
> What is the best way to do this? We use an LDAP/AD user federation provider.
>
> Should we write a custom user attribute mapper and add it to our user
> federation provider? I guess we could also write a custom token mapper and
> misuse it a little in that it will only add data to the user session and
> not to the token?
>
> Previously we had a custom token mapper that added this custom data to the
> token, however it is becoming too much data and we have reached the max
> size limit (JWT tokens are transported as HTTP headers and those have a max
> size of 8kb). So now we are thinking of adding this data to the user
> session and Keycloak and when we need it later on get it from Keycloak
> using Keycloak’s REST API.
>
> cheers
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list