[keycloak-user] How to get user details

valsaraj pv valsarajpv at gmail.com
Thu May 17 23:19:22 EDT 2018


Is there a way to process user attribute before returning to client from
Keycloak side?

On Fri 18 May, 2018, 7:21 AM Subodh Joshi, <subodhcjoshi82 at gmail.com> wrote:

> Again your issue is you need password I think it's not possible to get
> password . You have to change the logic in your application so those file
> you want to access should be available by accesstoken.
>
> On Thu, 17 May 2018, 18:50 valsaraj pv, <valsarajpv at gmail.com> wrote:
>
>> Passing password is *not *recommended.  What about other option?
>> In my use case I need user password to decrypt keys (either do it on KC
>> or in Java app). Keys are available in Keycloak through LDAP federation.
>>  So can we customize & return decrypted keys from Keyclock in IDToken?
>> I have reached upto returning encrypted keys as user attribute which
>> Keyclock supports out of the box.
>> In addition to this, I need a decryption of keys using the password
>> entered by user & then return in token (a little bit custom code required).
>> I am looking how to customize for this.
>>
>> You can see similar scenario here as well:
>> https://stackoverflow.com/questions/36512154/keycloak-how-to-get-current-user-password-or-store-encrypted-data
>> .
>>
>>
>> On Thu, May 17, 2018 at 6:25 PM, Subodh Joshi <subodhcjoshi82 at gmail.com>
>> wrote:
>>
>>> Is this not true you are making things more complicated if your
>>> successfully login,why again user password required ? Same user session
>>> should enable
>>> access the contents of the project.Getting password and then again
>>> passing it to authenticate no one will recommend you and doing this also
>>> not feasible.
>>> Rather than you can use
>>>
>>>>   tgtToken = securityContext.getTokenString();
>>>>
>>>
>>> Some token to access the contents . Same way we are achieving things in
>>> our production server
>>> We have 2 web application one in JSF another in React and deployed in
>>> different virtual machine and our own REST API deployed into another
>>> machine even
>>> different Jboss instance But all share same keycloak .So if we are doing
>>> any rest call we will pass *TGTTOKEN *which will be verify by rest-api
>>> through keycloak.
>>> There are too many other things evolved but this is basic concept.
>>>
>>
>>
>>
>> --
>> Life is like this: "Just when we get all the answers of life.... God
>> changes the question paper....
>>
>> Valsaraj Viswanathan
>>
>


More information about the keycloak-user mailing list