5:08 a.m.
Thank you very much.
For anyone interested, here is my full script. I check for the Referer
header first, if it is empty i go for the direct parameters. Also
restricted it to a certain role.
/ import enum for error lookup
AuthenticationFlowError =
Java.type("org.keycloak.authentication.AuthenticationFlowError");
function authenticate(context) {
if (user.hasRole(realm.getRole("AllowedRole"))){
var username = user ? user.username : "anonymous";
var referer = httpRequest.httpHeaders.getHeaderString("Referer");
var _foo;
if (referer !== null){
var uri = new java.net.URI(referer);
var uriInfo = new org.jboss.resteasy.spi.ResteasyUriInfo(uri);
_foo = uriInfo.queryParameters.coBrowsingSSOId;
} else {
_foo = httpRequest.uri.queryParameters.coBrowsingSSOId;
}
if (_foo !== null ){
var foo = _foo[0]; // uriInfo.queryParameters is a multivalued map
LOG.error(script.name + ": " + username + " foo =" + foo);
authenticationSession.setUserSessionNote("foo", foo);
context.success();
} else {
LOG.error("Missing query parameter 'foo'");
context.failure(AuthenticationFlowError.INVALID_USER);
}
} else {
context.success();
}
}
Regards
Am 13.11.2018 um 23:40 schrieb Dmitry Telegin:
Hi, you're welcome,
In the second scenario (cookie-based auth), there is no HTTP redirect, hence your query
params are in the actual URL, not in the referer header. You can extract them as follows:
var _foo = httpRequest.uri.queryParameters['foo']);
if (_foo !== null)
var foo = _foo[0];
Good luck!
Dmitry
On Tue, 2018-11-13 at 20:11 +0100, zitrone(a)gmx-topmail.de wrote:
> Hi,
>
> i'm working on a similar problem. I managed to set up a script
> authenticator and a User Session Note Mapper. Works fine on first
> request (like, on the first try. Thanks for the code!). I send the query
> parameter to the auth endpoint, enter the credentials and get a code.
> The token i get for the code contains the query parameter as a field.
>
> But when i query the auth endpoint a second time, it authenticates via
> cookie. Then it starts the script and the script throws a null pointer
> exception. The problen is, that the "Referer" header is null.
>
> The idea behind the second call is to "update" the session note. Any
> ideas how to get the query parameter in this case? Or why it vanishes in
> the first place?
>
>
> Regards
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user