[keycloak-user] Add additional rights mapping step to request chain
jim.boettcher at hp.com
Mon Jun 9 15:45:14 EDT 2014
These are specific rights that are associated to different roles, such as the "backup right" can be associated to a backup role or an admin role.
We were looking to do this on the application server side perhaps as some sort of extension or add on or post processor to the keycloak-as7-adapter that is installed and configured as a module for JBoss.
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Bill Burke
Sent: Monday, June 09, 2014 3:11 PM
To: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Add additional rights mapping step to request chain
For "rights" you mean user role mappings? I'd have to create an SPI for that.
FYI, you can't modify the token itself as it is digitally signed.
On 6/9/2014 2:51 PM, Boettcher, Jim wrote:
> We are using the keycloak-as7-adapter from beta2 and have configured
> the adapter to use bearer token.
> We would like to add in some extra processing after the bearer token
> has been validated in order to map user rights for the user identified
> by the bearer token using some proprietary code. This is currently
> done with a custom LoginModule configured for the security-domain of the app.
> Can you suggest how we might go about adding this extra rights mapping
> to the request chain after the keycloak adapter has validated the
> bearer token?
> Thank you,
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
JBoss, a division of Red Hat
keycloak-user mailing list
keycloak-user at lists.jboss.org
More information about the keycloak-user