[keycloak-user] Loading extra info in the access token
Stian Thorgersen
sthorger at redhat.com
Wed Sep 28 04:35:38 EDT 2016
You could do this in at least a couple different ways:
* Custom user federation provider and map organizations onto groups
* Custom protocol mapper that fetches the organization for the user from an
external point and adds it to the token directly
It would be interesting to also have a mechanism in KC that can fetch
additional attributes for a user when it's initially loaded into the cache.
Bill - what do you think about that?
On 28 September 2016 at 10:08, Aritz Maeztu <amaeztu at tesicnor.com> wrote:
> I'm developing the authorization part for my application with keycloak,
> but I need to include some extra info when the authentication is performed.
>
> Each user in my application has permissions for a set of organizations and
> I want to have the organization ids loaded in the access token (I think
> this might be convenient?). The users themselves might be stored in the
> keycloak database itself, but the organizations they have access to might
> change in runtime, that's why I want to store them in the access token, to
> have them reloaded each time a user logs in. Do I need to implement a
> custom SPI for this?
>
> Regards
>
> --
> Aritz Maeztu Otaño
> Departamento Desarrollo de Software
> <https://www.linkedin.com/in/aritz-maeztu-ota%C3%B1o-65891942>
> <http://www.tesicnor.com>
>
> Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
> Telf. Aritz Maeztu: 948 68 03 06
> Telf. Secretaría: 948 21 40 40
> Antes de imprimir este e-mail piense bien si es necesario hacerlo: El
> medioambiente es cosa de todos.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160928/8b62227d/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo.png
Type: image/png
Size: 2983 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160928/8b62227d/attachment.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkdin.gif
Type: image/gif
Size: 1295 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160928/8b62227d/attachment.gif
More information about the keycloak-user
mailing list