By default it returns the UUID for the user. So in Tomcat you are seeing the default behavior, while on WildFly you are seeing the behavior if principal-attribute is set to principal-attribute in keycloak.json. See http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config

On 19 May 2016 at 20:07, Marc Savy <marc.savy@redhat.com> wrote:

Hi All,

I've been setting up apiman's quickstart tomcat8 distro with Keycloak
(rather than using the inbuilt auth).

I've managed to get everything working swimmingly, with one strange issue:

HttpServletRequest#getRemoteUser()

- On WildFly, this code[1] returns the preferred_username (e.g.
admin). Expected behaviour.

- On Tomcat8 it return the subject[2] (e.g.
5291684c-225a-4b3d-8795-15486feaf2ae)

I think the problem might stem from where the principal is being built:

https://github.com/keycloak/keycloak/blob/master/adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java#L39

Are we misusing #getRemoteUser, or is there an error in the adapter?

Regards,
Marc

[1] https://github.com/apiman/apiman/blob/master/manager/ui/war/src/main/java/io/apiman/manager/ui/server/servlets/ConfigurationServlet.java#L105
[2] 'id' in UI
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev