Hi,
We would like to a add custom attributes (using custom logic including custom database
queries) to the user session in Keycloak on authentication. What is the best way to do
this? We use an LDAP/AD user federation provider.
Should we write a custom user attribute mapper and add it to our user federation provider?
I guess we could also write a custom token mapper and misuse it a little in that it will
only add data to the user session and not to the token?
Previously we had a custom token mapper that added this custom data to the token, however
it is becoming too much data and we have reached the max size limit (JWT tokens are
transported as HTTP headers and those have a max size of 8kb). So now we are thinking of
adding this data to the user session and Keycloak and when we need it later on get it from
Keycloak using Keycloak’s REST API.
cheers