[keycloak-user] How do I get external IDP attributes in custom JS auth flow during broker first login? (I bet Dmitry knows :)

Dmitry Telegin dt at acutus.pro
Thu Dec 13 19:34:27 EST 2018 

Hello Geoffrey,

I was right about to click Send when I finally noticed that statement in parentheses :-D you were 100% right, what else can I say :)

Here we go, try this snippet:

SerializedBrokeredIdentityContext = Java.type("org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext");
AbstractIdpAuthenticator = Java.type("org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator");

function authenticate(context) {

    var serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authenticationSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
    
    var biCtx = serializedCtx.deserialize(session, authenticationSession);
    
    LOG.info(biCtx.username);
    LOG.info(biCtx.idpConfig.alias);

    context.success();

}

Also take a look at org.keycloak.broker.provider.BrokeredIdentityContext to figure out what else you can obtain from that object.

Good luck :)
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Thu, 2018-12-13 at 14:31 +0100, Geoffrey Cleaves wrote:
> Hello. I have a simple JS execution which denies access as the first step
> of the first broker login flow. I would like to access some of the
> attributes that Keycloak writes out to the log when executing this flow
> (see below)
> 
> What objects or variables must my JS execution load in order to get the
> identity_provider_identity attribute listed below?
> 
> 20:29:56,588 WARN  [org.keycloak.events] (default task-527)
> type=IDENTITY_PROVIDER_FIRST_LOGIN_ERROR, realmId=re, clientId=tblic,
> userId=null, ipAddress=90., error=user_not_found, identity_provider=google,
> auth_method=openid-connect, redirect_uri=http://localhost:8222?clientid=tic,
> identity_provider_identity=user at gmail.com, code_id=b07317fdb
> 
> Thanks in advance!
> 
> Geoff
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list