I think a custom authenticator would be the way to do it as you probably
want to add to the user session when the user is authenticating and not
when tokens are refreshed
On 23 December 2016 at 11:24, Edgar Vonk - Info.nl <Edgar(a)info.nl> wrote:
Hi,
We would like to a add custom attributes (using custom logic including
custom database queries) to the user session in Keycloak on authentication.
What is the best way to do this? We use an LDAP/AD user federation provider.
Should we write a custom user attribute mapper and add it to our user
federation provider? I guess we could also write a custom token mapper and
misuse it a little in that it will only add data to the user session and
not to the token?
Previously we had a custom token mapper that added this custom data to the
token, however it is becoming too much data and we have reached the max
size limit (JWT tokens are transported as HTTP headers and those have a max
size of 8kb). So now we are thinking of adding this data to the user
session and Keycloak and when we need it later on get it from Keycloak
using Keycloak’s REST API.
cheers
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user