[keycloak-user] Adding attributes during login

zitrone at gmx-topmail.de zitrone at gmx-topmail.de
Sat Nov 17 06:08:49 EST 2018


Thank you very much.

For anyone interested, here is my full script. I check for the Referer 
header first, if it is empty i go for the direct parameters. Also 
restricted it to a certain role.

/ import enum for error lookup
AuthenticationFlowError = 
Java.type("org.keycloak.authentication.AuthenticationFlowError");

function authenticate(context) {
if (user.hasRole(realm.getRole("AllowedRole"))){
     var username = user ? user.username : "anonymous";
     var referer = httpRequest.httpHeaders.getHeaderString("Referer");
     var _foo;
     if (referer !== null){
         var uri = new java.net.URI(referer);
         var uriInfo = new org.jboss.resteasy.spi.ResteasyUriInfo(uri);
         _foo = uriInfo.queryParameters.coBrowsingSSOId;
     } else {
         _foo = httpRequest.uri.queryParameters.coBrowsingSSOId;
     }
     if (_foo !== null ){
         var foo = _foo[0]; // uriInfo.queryParameters is a multivalued map
         LOG.error(script.name + ": " + username + " foo =" + foo);
         authenticationSession.setUserSessionNote("foo", foo);
         context.success();
     } else {
         LOG.error("Missing query parameter 'foo'");
         context.failure(AuthenticationFlowError.INVALID_USER);
     }
} else {
     context.success();
}
}

Regards

Am 13.11.2018 um 23:40 schrieb Dmitry Telegin:
> Hi, you're welcome,
>
> In the second scenario (cookie-based auth), there is no HTTP redirect, hence your query params are in the actual URL, not in the referer header. You can extract them as follows:
>
> var _foo = httpRequest.uri.queryParameters['foo']);
> if (_foo !== null)
>    var foo = _foo[0];
>
> Good luck!
> Dmitry
>
> On Tue, 2018-11-13 at 20:11 +0100, zitrone at gmx-topmail.de wrote:
>> Hi,
>>
>> i'm working on a similar problem. I managed to set up a script
>> authenticator and a User Session Note Mapper. Works fine on first
>> request (like, on the first try. Thanks for the code!). I send the query
>> parameter to the auth endpoint, enter the credentials and get a code.
>> The token i get for the code contains the query parameter as a field.
>>
>> But when i query the auth endpoint a second time, it authenticates via
>> cookie. Then it starts the script and the script throws a null pointer
>> exception. The problen is, that the "Referer" header is null.
>>
>> The idea behind the second call is to "update" the session note. Any
>> ideas how to get the query parameter in this case? Or why it vanishes in
>> the first place?
>>
>>
>> Regards
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list