-----BEGIN PGP SIGNED MESSAGE-----
On 10/29/2014 11:23 AM, Juraci Paixão Kröhling wrote:
On 10/28/2014 04:54 PM, Stian Thorgersen wrote:
> 3. CatalinaSessionTokenStore.checkCurrentToken - can you figure
> out the realm if the session was serialized? when adapter is
> clustered we support serializing the session
I'm then changing one of the SecurityContext's to include the
realm, so that it gets de-serialized with this information. Now,
the question is whether it is more appropriate to add it to
KeycloakSecurityContext or RefreshableKeycloakSecurityContext. On
the superclass (KeycloakSecurityContext), I have access only to
IdToken and AccessToken. I believe both have ways to retrieve the
realm (issuer, I believe), but I don't know how reliable this is. I
remember seeing a post from Bill on keycloak-user that it should be
changed to an URL, not the realm name. On the subclass, however, I
have access to the KeycloakDeployment, which provides the realm on
the exact way that it was originally configured.
About this one: I added a new constructor parameter to the superclass,
as all callers did have access to the realm name. So, provided that
storing the realm on the security context is appropriate, this is solved.
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----