[keycloak-user] Adding attributes during login
zitrone at gmx-topmail.de
zitrone at gmx-topmail.de
Sat Nov 17 06:08:49 EST 2018
Thank you very much.
For anyone interested, here is my full script. I check for the Referer
header first, if it is empty i go for the direct parameters. Also
restricted it to a certain role.
/ import enum for error lookup
AuthenticationFlowError =
Java.type("org.keycloak.authentication.AuthenticationFlowError");
function authenticate(context) {
if (user.hasRole(realm.getRole("AllowedRole"))){
var username = user ? user.username : "anonymous";
var referer = httpRequest.httpHeaders.getHeaderString("Referer");
var _foo;
if (referer !== null){
var uri = new java.net.URI(referer);
var uriInfo = new org.jboss.resteasy.spi.ResteasyUriInfo(uri);
_foo = uriInfo.queryParameters.coBrowsingSSOId;
} else {
_foo = httpRequest.uri.queryParameters.coBrowsingSSOId;
}
if (_foo !== null ){
var foo = _foo[0]; // uriInfo.queryParameters is a multivalued map
LOG.error(script.name + ": " + username + " foo =" + foo);
authenticationSession.setUserSessionNote("foo", foo);
context.success();
} else {
LOG.error("Missing query parameter 'foo'");
context.failure(AuthenticationFlowError.INVALID_USER);
}
} else {
context.success();
}
}
Regards
Am 13.11.2018 um 23:40 schrieb Dmitry Telegin:
> Hi, you're welcome,
>
> In the second scenario (cookie-based auth), there is no HTTP redirect, hence your query params are in the actual URL, not in the referer header. You can extract them as follows:
>
> var _foo = httpRequest.uri.queryParameters['foo']);
> if (_foo !== null)
> var foo = _foo[0];
>
> Good luck!
> Dmitry
>
> On Tue, 2018-11-13 at 20:11 +0100, zitrone at gmx-topmail.de wrote:
>> Hi,
>>
>> i'm working on a similar problem. I managed to set up a script
>> authenticator and a User Session Note Mapper. Works fine on first
>> request (like, on the first try. Thanks for the code!). I send the query
>> parameter to the auth endpoint, enter the credentials and get a code.
>> The token i get for the code contains the query parameter as a field.
>>
>> But when i query the auth endpoint a second time, it authenticates via
>> cookie. Then it starts the script and the script throws a null pointer
>> exception. The problen is, that the "Referer" header is null.
>>
>> The idea behind the second call is to "update" the session note. Any
>> ideas how to get the query parameter in this case? Or why it vanishes in
>> the first place?
>>
>>
>> Regards
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list