On 5/24/17 9:38 AM, Stian Thorgersen wrote:
On 24 May 2017 at 15:04, Bill Burke <bburke(a)redhat.com
<mailto:bburke@redhat.com>> wrote:
We've talked about this earlier in the thread. The User session
is needed as brokering or some other component might have stored
temporary data within the user session that is being mapped to a
claim. This will become especially important when we implement
no-import brokering. Either the code has to contain all claims,
or the user session has to be available.
That's the part that I don't understand. Why would it even contain
anything if the code is just a permission to obtain a token. We invoke
any protocol mappers or anything until the first token is created.
I'm just saying that you may need information in the UserSession to be
able to create a token. Protocol mappers are iterated when deciding to
show the consent screen. I'm not sure why protocol mappers were stored
in the user session. Marek will have to answer that question.
Bill