[keycloak-dev] UserSession changes required for SAML
Bill Burke
bburke at redhat.com
Mon Sep 22 16:08:59 EDT 2014
There's a few problems with UserSession and AccessCode and screen flows
* UserSession and AccessCode is hard wired to oauth protocol
* userSession is not created until credentials have been entered
* SAML has state that needs to hang around until final redirect back to
client
* Final redirect needs to know the protocol that started the login.
* Screen flows assume various query parameters are set (client_id, etc.)
So here's the changes:
* UserSessions will be created when the login page is first visited if
the user hasn't already logged in.
* ClientSession will also be created when login page is visited.
setAuthMethod for the ClientSession will be set so that later on, when
the final redirect happens, the auth server will know which protocol to use
* ClientSession will have a generic string hashmap
(ClientSession.getNotes()) where you can store arbitrary state. (i.e.
like HttpSession, but specific to the client).
* ClientSession.getState() will be removed and put in
ClientSession.getNotes()
* AccessCode needs to expose the ClientSession instead of hiding and
delegating to it.
* Screen flows will access the ClientSession for all information required.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list