Hi, I think that in the federation layer, you have access to current KeycloakSession. So you can probably use something like: org.jboss.resteasy.spi.HttpRequest req = session.getContext().getContextObject(HttpRequest.class); String myParam = req.getFormPArameters().get("my-param"); This worked! Thank you so much Marek.

No guarantee that it works :) Also question is, whether it's not more proper way to handle this at the Authenticator level, which will delegate to proper userStorage. UserStorage in theory shouldn't be interested about request params etc, but just make sure to CRUD user objects. But not sure about your use-case, and maybe handle at userStorage is the easiest option for you.. The legacy system has one login API that behaves differently based on the

Marek On 25/09/18 08:07, Vignesh S wrote: Hello All, After having received so many good reviews about Keycloak, We are implementing Keycloak as the access management system to our client organization. Thanks to all the contributors. I am stuck in getting the login complete with the User Federation SPI. I am in need of sending an additional parameter from the client during login which I wanted to be available in the User Federation layer. So that based on that parameter, I shall make an appropriate request to our legacy system for validating the password. Currently, I do this, curl -X POST \ http://localhost:8080/auth/realms/<realm-name>/protocol/openid-conn... \ -H 'Accept: application/json' \ -H 'Cache-Control: no-cache' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'username=<username>&password=<password>&grant_type=password&client_id=<client-id>' How can I add one another custom param to the body and make it available in the federation layer before making the login request to the legacy system? Any help will be much appreciated. Thanks, Vignesh _______________________________________________ keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user