If you don't want Keycloak
dependencies, you can use request.getRemoteUser() or
request.getPrincipal().getName() to access just the userId of
authenticated user. If you use "principal-attribute" in
keycloak.json, it will return the configured attribute instead of
userId, so you can receive for example username or email instead.
But that way, you will be able to access just this single
attribute.
Marek
On 26/10/15 09:52, Tim Dudgeon wrote:
Wondered if anyone had any thoughts on this?
On 21/10/2015 12:04, Tim Dudgeon
wrote:
In the case of a web application (e.g. Tomcat app secured by the
keycloak adapter) the web app might need to access details of
the authenticated user (e.g. full name or email).
I've found that this information is available from the session
like this:
KeycloakSecurityContext session =
(KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
IDToken idToken = session.getIdToken();
String email = idToken.getEmail();
One issue with this is that all your web apps are tied to
keycloak.
Is this the right way to handle this?
Are there alternatives?
Tim
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user