[keycloak-dev] Support for passing custom attributes from authenticators to login pages

Thomas Darimont thomas.darimont at googlemail.com
Mon Apr 10 11:35:27 EDT 2017 

FYI my current solution (ab)uses the attributes of the current
HttpServletRequest to pass custom
data down to the templates with a (small) adjustment of
FreeMarkerLoginFormsProvider as shown below.

This is quite hacky but does it's job until I find a better way to do this.

Within my custom Authenticator:

private static final String MY_CUSTOM_ATTRIBUTE="my_custom_attribute";

@Override
public void authenticate(AuthenticationFlowContext context) {
   HttpServletRequest request =
context.getSession().getContext().getContextObject(HttpServletRequest.class);
   try {
       request.setAttribute(MY_CUSTOM_ATTRIBUTE, "bubu");
       super.authenticate(context);
   } finally {
       request.removeAttribute(MY_CUSTOM_ATTRIBUTE);
   }
}

Small extension to the FreeMarkerLoginFormsProvider in "private Response
createResponse(LoginFormsPages page)":
...
HttpServletRequest currentHttpRequest =
session.getContext().getContextObject(HttpServletRequest.class);
if (currentHttpRequest != null) {
   attributes.put("currentRequestAttributes", new
HttpServletRequestAttributesBean(currentHttpRequest));
}
...

public static class HttpServletRequestAttributesBean {

   private final HttpServletRequest request;

   public HttpServletRequestAttributesBean(HttpServletRequest request){
       this.request = request;
   }

   public Object getAttribute(String name){
       return this.request.getAttribute(name);
   }

   public Map<String,Object> getAttributes(){

       Map<String,Object> attributes = new HashMap<>();
       for(String name : Collections.list(request.getAttributeNames())){
           attributes.put(name, request.getAttribute(name));
       }

       return attributes;
   }
}

In my template login-totp.ftl:
<span>Custom value:
${currentRequestAttributes.getAttribute('my_custom_attribute')!'default'}</span>

2017-04-10 16:04 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.com>:

> Hello group,
>
> are there any plans to support custom attributes to be passed from
> authenticators to (login-) forms?
>
> Concrete use-case is that I want to pass information
> from a custom OTP authenticator down to the login-totp.ftl template.
>
> Would be helpful if it were possible to pass custom attributes to the
> create*Page(..) methods in org.keycloak.forms.login.LoginFormsProvider.
>
> This would really ease customizations.
>
> Other alternatives to pass data are:
> - use some ThreadLocal storage within an Authenticator (set and clear) -
> but this feels more like a hack
> - custom page template and population logic in in a custom
> FreeMarkerLoginFormsProvider (quite involved...)
>
> Cheers,
> Thomas
>

More information about the keycloak-dev mailing list