[keycloak-user] SAML2. Keycloak How to check if a user has been authenticated?

[Luis Rodríguez Fernández]

Hello there,

I could not see the forest but the trees. Just simply ask the HttpSession
for:

((org.keycloak.adapters.saml.SamlSession)session.getAttribute("org.keycloak.adapters.saml.SamlSession")).getPrincipal()

Cheers,

Luis






2018-04-30 19:26 GMT+02:00 Luis Rodríguez Fernández <uo67113 at gmail.com>:

> Hello there,
>
> I am using the SAML Java Servlet Filter adapter [1] (4.0.0.CR1-SNAPSHOT)
> in apache tomcat 9 [2]. Is there a way to know is the user has been
> authenticated?
>
> The thing is that the good and old HttpServletRequest.getUserPrincipal()
> [3] returns the principal (SAMLPrincipal) when there is a
> <security-constraint> declared for the url-pattern that matches the request.
>
> The purpose of this is to implement the "anonymous navigation" in some of
> our applications.  Nowadays in some of our applications like this one
> https://phonebook.cern.ch/phonebook we do something like this:
>
> 1. User can navigate through the application
>
> 2. Sign-in link redirect the user to /secure/sso triggering the
> redirection to the IdP
>
> 3. The application makes use of the weblogic.security.Security.getCurrentSubject()
> [4] to check if the user has been logged in.
>
> Any thoughts on this?
>
> Thanks in advance,
>
> Luis
>
>
> [1] https://www.keycloak.org/docs/latest/securing_apps/index.
> html#java-servlet-filter-adapter
>
> [2] https://tomcat.apache.org/download-90.cgi
>
> [3] https://tomcat.apache.org/tomcat-9.0-doc/servletapi/
> javax/servlet/http/HttpServletRequest.html#getUserPrincipal--
>
> [4] https://docs.oracle.com/cd/E68505_01/wls/WLAPI/
> weblogic/security/Security.html#getCurrentSubject()
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett