Re: [keycloak-user] Accessing authenticated user's details

How about wrapping your application under a filter (or a valve in JBoss or Tomcat) ? From there you could populate your authenticated subject (or the session?) with whatever information your keycloak token could provide. Would that be a good idea ? ------------------------------ Date: Wed, 28 Oct 2015 05:01:17 -0700 From: sthorger(a)redhat.com To: tdudgeon.ml(a)gmail.com CC: keycloak-user(a)lists.jboss.org Subject: Re: [keycloak-user] Accessing authenticated user's details Yes, JavaEE currently has no standard way of obtaining a user profile. On 28 October 2015 at 04:17, Tim Dudgeon <tdudgeon.ml(a)gmail.com&gt; wrote: So if I understand correctly the only way to handle multiple attributes of the user (e.g name and email) is to use the Keycloak IDToken approach and so be dependent on the Keycloak implementation (or create my own API that wraps this)? Tim On 26/10/2015 09:24, Marek Posolda wrote: If you don't want Keycloak dependencies, you can use request.getRemoteUser() or request.getPrincipal().getName() to access just the userId of authenticated user. If you use "principal-attribute" in keycloak.json, it will return the configured attribute instead of userId, so you can receive for example username or email instead. But that way, you will be able to access just this single attribute. Marek On 26/10/15 09:52, Tim Dudgeon wrote: Wondered if anyone had any thoughts on this? On 21/10/2015 12:04, Tim Dudgeon wrote: In the case of a web application (e.g. Tomcat app secured by the keycloak adapter) the web app might need to access details of the authenticated user (e.g. full name or email). I've found that this information is available from the session like this: KeycloakSecurityContext session = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); IDToken idToken = session.getIdToken(); String email = idToken.getEmail(); One issue with this is that all your web apps are tied to keycloak. Is this the right way to handle this? Are there alternatives? Tim _______________________________________________ keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user