[keycloak-user] How to get user details

valsaraj pv valsarajpv at gmail.com
Thu May 17 09:20:14 EDT 2018


Passing password is *not *recommended.  What about other option?
In my use case I need user password to decrypt keys (either do it on KC or
in Java app). Keys are available in Keycloak through LDAP federation.
 So can we customize & return decrypted keys from Keyclock in IDToken?
I have reached upto returning encrypted keys as user attribute which
Keyclock supports out of the box.
In addition to this, I need a decryption of keys using the password entered
by user & then return in token (a little bit custom code required).
I am looking how to customize for this.

You can see similar scenario here as well:
https://stackoverflow.com/questions/36512154/keycloak-how-to-get-current-user-password-or-store-encrypted-data
.


On Thu, May 17, 2018 at 6:25 PM, Subodh Joshi <subodhcjoshi82 at gmail.com>
wrote:

> Is this not true you are making things more complicated if your
> successfully login,why again user password required ? Same user session
> should enable
> access the contents of the project.Getting password and then again passing
> it to authenticate no one will recommend you and doing this also not
> feasible.
> Rather than you can use
>
>>   tgtToken = securityContext.getTokenString();
>>
>
> Some token to access the contents . Same way we are achieving things in
> our production server
> We have 2 web application one in JSF another in React and deployed in
> different virtual machine and our own REST API deployed into another
> machine even
> different Jboss instance But all share same keycloak .So if we are doing
> any rest call we will pass *TGTTOKEN *which will be verify by rest-api
> through keycloak.
> There are too many other things evolved but this is basic concept.
>



-- 
Life is like this: "Just when we get all the answers of life.... God
changes the question paper....

Valsaraj Viswanathan


More information about the keycloak-user mailing list