[keycloak-user] Passing information from custom Authenticator to a Token

Matuszak, Eduard eduard.matuszak at worldline.com
Thu Apr 27 09:11:46 EDT 2017


Hello,

Sounds good, but seems that we are restricted here to implement an authenticator. When fetching the information to be passed into a token by implementation of a user storage provider (which makes sense presuming that this information is to be fetched from the same federated store where also the credentials are deposited), we have no other chance as 1: (automatically) create a permanent user-representation in Keycloak and 2: add the claim-information as user attributes. I would appreciate if someone disagrees and could provide an idea to overcome automatic creation of non-temporary Keycloak-user entries at all.

Best regards, Eduard

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Thomas Darimont
Sent: Friday, April 21, 2017 2:08 PM
To: Король Илья
Cc: keycloak-user
Subject: Re: [keycloak-user] Passing information from custom Authenticator to a Token

Thanks for your reply :)

I think (ab)using user attributes for storing temporary data is not a good idea, e.g. one would need to take care to clear that information etc.

I'm currently using
   context.getClientSession().setUserSessionNote("key","value");
in combination with a user protocol mapper for "user session note".

Cheers,
Thomas

2017-04-21 13:40 GMT+02:00 Король Илья <llivezking at gmail.com>:

> First thing that came to my head is to populate required data to 
> attributes of UserModel and use mappers to map attr to AT claim, but 
> your way also look interesting and i don't see any problems here.
>
>
> 21.04.2017 8:32, Thomas Darimont пишет:
> > Hello group,
> >
> > I need to pass some information form a custom Authenticator to the 
> > IDToken/AccessToken.
> > One way I found to do that is by using UserSessionNotes and a "User
> Session
> > Note"
> > Protocol Mapper defined in a client template which is shared by all
> clients.
> >
> > public void authenticate(AuthenticationFlowContext context) {
> >     ...
> >
> >   context.getClientSession().getUserSessionNotes().put("
> someKey","someValue");
> >     ...
> > }
> >
> > is this the intended way to do this sort of things?
> >
> > Cheers,
> > Thomas
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list