9:05 a.m.
Hi everybody,
I'm currently working on attaching a company-internal authentication API to Keycloak
by implementing an UserFederationProvider.
Basically it is working, but when authenticating to our internal API I get back some
additional data that should be tied to the lifetime of the SSO session of the
authenticating user. Is there any pre-defined place to store such data?
As an alternative approach, I stored this data in a HashMap and tried to use the LOGIN and
LOGOUT events to keep the contents of the HashMap current. This approach would work for
the login (though I'd have to introduce an intermediate storage - the LOGIN event
comes some time after the "validatePassword" call), but in my experiments a
LOGOUT event was only generated when I was logging myself out, not when my SSO session
expired or was removed by an administrator account. Is there a way to be reliably notified
at the beginning and the end of a session?
By now I'm really out of ideas. I would really appreciate if somebody could be so kind
and point me in the right direction...
Best regards,
Hermann Josef Hill
Software Architect
optile GmbH
Ganghoferstraße 39 | 80339 München
Mobil +49 (151) 5385 0784
hermann.hill(a)optile.net | www.optile.net
USt.Id.-Nr. DE268847980
Geschäftsführer: Daniel Smeds
Handelsregister München HRB 183178
+++ Besuchen Sie uns auf der dmexco 2015 am 16. & 17. September, Köln, Halle 7.1 Stand
F013 +++
9:52 a.m.
In Keycloak 1.5 we have an authentication flow SPI. That might be the
best place to incorporate your authentication plugin.
On 9/11/2015 10:05 AM, Hermann Hill wrote:
Hi everybody,
I’m currently working on attaching a company-internal authentication API
to Keycloak by implementing an UserFederationProvider.
Basically it is working, but when authenticating to our internal API I
get back some additional data that should be tied to the lifetime of the
SSO session of the authenticating user. Is there any pre-defined place
to store such data?
As an alternative approach, I stored this data in a HashMap and tried to
use the LOGIN and LOGOUT events to keep the contents of the HashMap
current. This approach would work for the login (though I’d have to
introduce an intermediate storage – the LOGIN event comes some time
after the “validatePassword” call), but in my experiments a LOGOUT event
was only generated when I was logging myself out, not when my SSO
session expired or was removed by an administrator account. Is there a
way to be reliably notified at the beginning and the end of a session?
By now I’m really out of ideas. I would really appreciate if somebody
could be so kind and point me in the right direction…
Best regards,
*Hermann Josef Hill*
Software Architect
*optile GmbH*
Ganghoferstraße 39 | 80339 München
Mobil +49 (151) 5385 0784
hermann.hill(a)optile.net | www.optile.net
USt.Id.-Nr. DE268847980
Geschäftsführer: Daniel Smeds
Handelsregister München HRB 183178
*+++ Besuchen Sie uns auf der dmexco 2015 am 16. & 17. September, Köln,
Halle 7.1 Stand F013 +++*
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3774
days inactive
3774
days old
1 comments
2 participants
participants (2)
-
Bill Burke -
Hermann Hill