[keycloak-user] How to get user details
valsaraj pv
valsarajpv at gmail.com
Thu May 17 09:20:14 EDT 2018
Passing password is *not *recommended. What about other option?
In my use case I need user password to decrypt keys (either do it on KC or
in Java app). Keys are available in Keycloak through LDAP federation.
So can we customize & return decrypted keys from Keyclock in IDToken?
I have reached upto returning encrypted keys as user attribute which
Keyclock supports out of the box.
In addition to this, I need a decryption of keys using the password entered
by user & then return in token (a little bit custom code required).
I am looking how to customize for this.
You can see similar scenario here as well:
https://stackoverflow.com/questions/36512154/keycloak-how-to-get-current-user-password-or-store-encrypted-data
.
On Thu, May 17, 2018 at 6:25 PM, Subodh Joshi <subodhcjoshi82 at gmail.com>
wrote:
> Is this not true you are making things more complicated if your
> successfully login,why again user password required ? Same user session
> should enable
> access the contents of the project.Getting password and then again passing
> it to authenticate no one will recommend you and doing this also not
> feasible.
> Rather than you can use
>
>> tgtToken = securityContext.getTokenString();
>>
>
> Some token to access the contents . Same way we are achieving things in
> our production server
> We have 2 web application one in JSF another in React and deployed in
> different virtual machine and our own REST API deployed into another
> machine even
> different Jboss instance But all share same keycloak .So if we are doing
> any rest call we will pass *TGTTOKEN *which will be verify by rest-api
> through keycloak.
> There are too many other things evolved but this is basic concept.
>
--
Life is like this: "Just when we get all the answers of life.... God
changes the question paper....
Valsaraj Viswanathan
More information about the keycloak-user
mailing list