[keycloak-user] Accessing authenticated user's details

Marek Posolda mposolda at redhat.com
Mon Oct 26 05:24:06 EDT 2015

If you don't want Keycloak dependencies, you can use 
request.getRemoteUser() or request.getPrincipal().getName() to access 
just the userId of authenticated user. If you use "principal-attribute" 
in keycloak.json, it will return the configured attribute instead of 
userId, so you can receive for example username or email instead. But 
that way, you will be able to access just this single attribute.


On 26/10/15 09:52, Tim Dudgeon wrote:
> Wondered if anyone had any thoughts on this?
> On 21/10/2015 12:04, Tim Dudgeon wrote:
>> In the case of a web application (e.g. Tomcat app secured by the 
>> keycloak adapter) the web app might need to access details of the 
>> authenticated user (e.g. full name or email).
>> I've found that this information is available from the session like 
>> this:
>> KeycloakSecurityContext session = 
>> (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
>> IDToken idToken = session.getIdToken();
>> String email = idToken.getEmail();
>> One issue with this is that all your web apps are tied to keycloak.
>> Is this the right way to handle this?
>> Are there alternatives?
>> Tim
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151026/e53a5420/attachment.html 

More information about the keycloak-user mailing list