How to interrupt authorization from event listener

I want to add eventListener that on eventType = LOGIN, checks some attributes of user, and if necessary interrupts authentication and prints some error on login page. Is that possible from eventListener? Or do I have to change some authentication processors?

You can’t do this from an EventListener. You would have to write a custom Authenticator and then update your flow.

Thank you for answer, I will try.

@xgp - do you maybe know how to extract user session ID in authentication provider? I want to check if users session, that is currently refreshed in not on blacklist.
I have method:

public void authenticate(AuthenticationFlowContext context) {

but I can’t find a way to extract sessionID

From the KeycloakSession. Check the javadoc for AuthenticationFlowContext.

@xgp I tried: context.getEvent().getEvent().getSessionId() but this always returns null. When I look into: context.getAuthenticationSession(), there isn’t any place to get sessionId that user is refresing at the moment. Can you please point me to correct place?

I added my custom authenticator to the bottom of authentication flow.




I tried that, doesn’t work. Code like this:

KeycloakSession keycloakSession = context.getSession();
RealmModel realm = keycloakSession.getContext().getRealm();

List<String> allUSerSessions = keycloakSession.sessions().getUserSessionsStream(realm, keycloakSession.userStorageManager().getUserById(context.getUser().getId(), realm)).map(d -> d.getId()).collect(Collectors.toList()); 
String sessionId = context.getAuthenticationSession().getParentSession().getId();

When I login for first time, Parent sessionID is the same as returned in “user sessions” later, but when I close brower, open after a while, then I get some different ID:

allUSerSessions = {ArrayList@25075} size = 2
0 = “d7d76d8d-6879-4078-a55e-81ce45680532”
1 = “bf2f4b28-de5c-4012-bb70-e89495f59bc1”

sessionId = “c764971e-6627-4f4f-ad9a-e75834e79b8c”

Session "bf2f… " was returned as “sessionId” when I created this session for the first time, now I need way to find out that this user is refreshing “bf2f…” , but “getParentSession” returns c7649… ?

I still can’t find a way to check which session is user refreshing, does anybody know how to do it?