<div dir="ltr">You could do this in at least a couple different ways:<div><br></div><div>* Custom user federation provider and map organizations onto groups</div><div>* Custom protocol mapper that fetches the organization for the user from an external point and adds it to the token directly</div><div><br></div><div>It would be interesting to also have a mechanism in KC that can fetch additional attributes for a user when it's initially loaded into the cache. Bill - what do you think about that?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 28 September 2016 at 10:08, Aritz Maeztu <span dir="ltr"><<a href="mailto:amaeztu@tesicnor.com" target="_blank">amaeztu@tesicnor.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
I'm developing the authorization part for my application with
keycloak, but I need to include some extra info when the
authentication is performed. <br>
<br>
Each user in my application has permissions for a set of
organizations and I want to have the organization ids loaded in the
access token (I think this might be convenient?). The users
themselves might be stored in the keycloak database itself, but the
organizations they have access to might change in runtime, that's
why I want to store them in the access token, to have them reloaded
each time a user logs in. Do I need to implement a custom SPI for
this?<br>
<br>
Regards<span class="HOEnZb"><font color="#888888"><br>
<br>
<div>-- <br>
<div>
<table style="width:600;border-collapse:collapse">
<tbody>
<tr>
<td style="border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:#989898"> <span style="font-weight:bold">Aritz Maeztu Otaño</span><br>
<span style="font-size:12px">Departamento Desarrollo
de Software</span> </td>
<td style="border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:#989898;padding-left:20px"> <a href="https://www.linkedin.com/in/aritz-maeztu-ota%C3%B1o-65891942" target="_blank">
<img src="cid:part1.A919BBF9.AA02F388@tesicnor.com" border="0"> </a> </td>
</tr>
<tr>
<td> <a href="http://www.tesicnor.com" target="_blank"> <img src="cid:part3.15EB5551.DEF8CF18@tesicnor.com" border="0" width="143"> </a> </td>
<td style="font-size:12px">
<p style="padding-left:20px"> <span>Pol. Ind.
Mocholi.</span> <span>C/Rio Elorz, Nave 13E </span><span style="font-weight:bold">31110 Noain (Navarra)</span><br>
<span>Telf. Aritz Maeztu: 948 68 03 06</span> <br>
<span>Telf. Secretaría: 948 21 40 40</span> <br>
</p>
</td>
</tr>
<tr>
<td colspan="2"> <span style="color:#009900;font-size:12px">Antes de imprimir este e-mail piense bien si es
necesario hacerlo: El medioambiente es cosa de todos.</span>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</font></span></div>
<br>______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>