[keycloak-user] How to get user details
Subodh Joshi
subodhcjoshi82 at gmail.com
Mon May 21 00:50:44 EDT 2018
I am not sure about it.
On Fri, May 18, 2018 at 8:49 AM valsaraj pv <valsarajpv at gmail.com> wrote:
> Is there a way to process user attribute before returning to client from
> Keycloak side?
>
> On Fri 18 May, 2018, 7:21 AM Subodh Joshi, <subodhcjoshi82 at gmail.com>
> wrote:
>
>> Again your issue is you need password I think it's not possible to get
>> password . You have to change the logic in your application so those file
>> you want to access should be available by accesstoken.
>>
>> On Thu, 17 May 2018, 18:50 valsaraj pv, <valsarajpv at gmail.com> wrote:
>>
>>> Passing password is *not *recommended. What about other option?
>>> In my use case I need user password to decrypt keys (either do it on KC
>>> or in Java app). Keys are available in Keycloak through LDAP federation.
>>> So can we customize & return decrypted keys from Keyclock in IDToken?
>>> I have reached upto returning encrypted keys as user attribute which
>>> Keyclock supports out of the box.
>>> In addition to this, I need a decryption of keys using the password
>>> entered by user & then return in token (a little bit custom code required).
>>> I am looking how to customize for this.
>>>
>>> You can see similar scenario here as well:
>>> https://stackoverflow.com/questions/36512154/keycloak-how-to-get-current-user-password-or-store-encrypted-data
>>> .
>>>
>>>
>>> On Thu, May 17, 2018 at 6:25 PM, Subodh Joshi <subodhcjoshi82 at gmail.com>
>>> wrote:
>>>
>>>> Is this not true you are making things more complicated if your
>>>> successfully login,why again user password required ? Same user session
>>>> should enable
>>>> access the contents of the project.Getting password and then again
>>>> passing it to authenticate no one will recommend you and doing this also
>>>> not feasible.
>>>> Rather than you can use
>>>>
>>>>> tgtToken = securityContext.getTokenString();
>>>>>
>>>>
>>>> Some token to access the contents . Same way we are achieving things in
>>>> our production server
>>>> We have 2 web application one in JSF another in React and deployed in
>>>> different virtual machine and our own REST API deployed into another
>>>> machine even
>>>> different Jboss instance But all share same keycloak .So if we are
>>>> doing any rest call we will pass *TGTTOKEN *which will be verify by
>>>> rest-api through keycloak.
>>>> There are too many other things evolved but this is basic concept.
>>>>
>>>
>>>
>>>
>>> --
>>> Life is like this: "Just when we get all the answers of life.... God
>>> changes the question paper....
>>>
>>> Valsaraj Viswanathan
>>>
>>
--
Subodh Chandra Joshi
subodh1_joshi82 at yahoo.co.in
http://www.trendsinnews.com
More information about the keycloak-user
mailing list