[keycloak-user] Accessing authenticated user's details

Christian Hebert christian_hebert at hotmail.com
Fri Oct 30 13:34:52 EDT 2015 

How about wrapping your application under a filter (or a valve in JBoss or Tomcat) ? From there you could populate your authenticated subject (or the session?) with whatever information your keycloak token could provide.
Would that be a good idea ?
Date: Wed, 28 Oct 2015 05:01:17 -0700
From: sthorger at redhat.com
To: tdudgeon.ml at gmail.com
CC: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Accessing authenticated user's details

Yes, JavaEE currently has no standard way of obtaining a user profile.
On 28 October 2015 at 04:17, Tim Dudgeon <tdudgeon.ml at gmail.com> wrote:

  
    
  
  
    So if I understand correctly the only way to handle multiple
    attributes of the user (e.g name and email) is to use the Keycloak
    IDToken approach and so be dependent on the Keycloak implementation
    (or create my own API that wraps this)?

    

    Tim 

    

    On 26/10/2015 09:24, Marek Posolda
      wrote:

    
    
      
      If you don't want Keycloak
        dependencies, you can use request.getRemoteUser() or
        request.getPrincipal().getName() to access just the userId of
        authenticated user. If you use "principal-attribute" in
        keycloak.json, it will return the configured attribute instead
        of userId, so you can receive for example username or email
        instead. But that way, you will be able to access just this
        single attribute.

        

        Marek

        

        On 26/10/15 09:52, Tim Dudgeon wrote:

      
      
        
        Wondered if anyone had any thoughts on this?

        

        On 21/10/2015 12:04, Tim Dudgeon
          wrote:

        
        
          
          In the case of a web application (e.g. Tomcat app secured by
          the keycloak adapter) the web app might need to access details
          of the authenticated user (e.g. full name or email).

          I've found that this information is available from the session
          like this: 

          

          KeycloakSecurityContext session =
(KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());

            IDToken idToken = session.getIdToken();

            String email = idToken.getEmail();

          

          One issue with this is that all your web apps are tied to
          keycloak.

          

          Is this the right way to handle this?

          Are there alternatives?

          

          Tim

          

        
        

        

        
        

        _______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
      
      

    
    

  


_______________________________________________

keycloak-user mailing list

keycloak-user at lists.jboss.org

https://lists.jboss.org/mailman/listinfo/keycloak-user



_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151030/10c546ef/attachment.html

More information about the keycloak-user mailing list