10:32 a.m.
Hello group,
I need to pass some information form a custom Authenticator to the
IDToken/AccessToken.
One way I found to do that is by using UserSessionNotes and a "User Session
Note"
Protocol Mapper defined in a client template which is shared by all clients.
public void authenticate(AuthenticationFlowContext context) {
...
context.getClientSession().getUserSessionNotes().put("someKey","someValue");
...
}
is this the intended way to do this sort of things?
Cheers,
Thomas
1:40 p.m.
First thing that came to my head is to populate required data to
attributes of UserModel and use mappers to map attr to AT claim, but
your way also look interesting and i don't see any problems here.
21.04.2017 8:32, Thomas Darimont пишет:
Hello group,
I need to pass some information form a custom Authenticator to the
IDToken/AccessToken.
One way I found to do that is by using UserSessionNotes and a "User Session
Note"
Protocol Mapper defined in a client template which is shared by all clients.
public void authenticate(AuthenticationFlowContext context) {
...
context.getClientSession().getUserSessionNotes().put("someKey","someValue");
...
}
is this the intended way to do this sort of things?
Cheers,
Thomas
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:08 p.m.
Thanks for your reply :)
I think (ab)using user attributes for storing temporary data is not a good
idea, e.g. one would need to take care to clear that information etc.
I'm currently using
context.getClientSession().setUserSessionNote("key","value");
in combination with a user protocol mapper for "user session note".
Cheers,
Thomas
2017-04-21 13:40 GMT+02:00 Король Илья <llivezking(a)gmail.com>:
First thing that came to my head is to populate required data to
attributes of UserModel and use mappers to map attr to AT claim, but
your way also look interesting and i don't see any problems here.
21.04.2017 8:32, Thomas Darimont пишет:
> Hello group,
>
> I need to pass some information form a custom Authenticator to the
> IDToken/AccessToken.
> One way I found to do that is by using UserSessionNotes and a "User
Session
> Note"
> Protocol Mapper defined in a client template which is shared by all
clients.
>
> public void authenticate(AuthenticationFlowContext context) {
> ...
>
> context.getClientSession().getUserSessionNotes().put("
someKey","someValue");
> ...
> }
>
> is this the intended way to do this sort of things?
>
> Cheers,
> Thomas
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:48 p.m.
+1
I would use same approach based on "User Session Notes" with the usecase
like yours :)
Marek
On 21/04/17 14:08, Thomas Darimont wrote:
Thanks for your reply :)
I think (ab)using user attributes for storing temporary data is not a good
idea, e.g. one would need to take care to clear that information etc.
I'm currently using
context.getClientSession().setUserSessionNote("key","value");
in combination with a user protocol mapper for "user session note".
Cheers,
Thomas
2017-04-21 13:40 GMT+02:00 Король Илья <llivezking(a)gmail.com>:
> First thing that came to my head is to populate required data to
> attributes of UserModel and use mappers to map attr to AT claim, but
> your way also look interesting and i don't see any problems here.
>
>
> 21.04.2017 8:32, Thomas Darimont пишет:
>> Hello group,
>>
>> I need to pass some information form a custom Authenticator to the
>> IDToken/AccessToken.
>> One way I found to do that is by using UserSessionNotes and a "User
> Session
>> Note"
>> Protocol Mapper defined in a client template which is shared by all
> clients.
>> public void authenticate(AuthenticationFlowContext context) {
>> ...
>>
>> context.getClientSession().getUserSessionNotes().put("
> someKey","someValue");
>> ...
>> }
>>
>> is this the intended way to do this sort of things?
>>
>> Cheers,
>> Thomas
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:11 p.m.
Hello,
Sounds good, but seems that we are restricted here to implement an authenticator. When
fetching the information to be passed into a token by implementation of a user storage
provider (which makes sense presuming that this information is to be fetched from the same
federated store where also the credentials are deposited), we have no other chance as 1:
(automatically) create a permanent user-representation in Keycloak and 2: add the
claim-information as user attributes. I would appreciate if someone disagrees and could
provide an idea to overcome automatic creation of non-temporary Keycloak-user entries at
all.
Best regards, Eduard
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org]
On Behalf Of Thomas Darimont
Sent: Friday, April 21, 2017 2:08 PM
To: Король Илья
Cc: keycloak-user
Subject: Re: [keycloak-user] Passing information from custom Authenticator to a Token
Thanks for your reply :)
I think (ab)using user attributes for storing temporary data is not a good idea, e.g. one
would need to take care to clear that information etc.
I'm currently using
context.getClientSession().setUserSessionNote("key","value");
in combination with a user protocol mapper for "user session note".
Cheers,
Thomas
2017-04-21 13:40 GMT+02:00 Король Илья <llivezking(a)gmail.com>:
First thing that came to my head is to populate required data to
attributes of UserModel and use mappers to map attr to AT claim, but
your way also look interesting and i don't see any problems here.
21.04.2017 8:32, Thomas Darimont пишет:
> Hello group,
>
> I need to pass some information form a custom Authenticator to the
> IDToken/AccessToken.
> One way I found to do that is by using UserSessionNotes and a "User
Session
> Note"
> Protocol Mapper defined in a client template which is shared by all
clients.
>
> public void authenticate(AuthenticationFlowContext context) {
> ...
>
> context.getClientSession().getUserSessionNotes().put("
someKey","someValue");
> ...
> }
>
> is this the intended way to do this sort of things?
>
> Cheers,
> Thomas
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2809
days inactive
2815
days old
4 comments
4 participants
participants (4)
-
Marek Posolda -
Matuszak, Eduard -
Thomas Darimont -
Король Илья