How to interrupt authorization from event listener

Mariusz · May 10, 2021, 11:46am

I want to add eventListener that on eventType = LOGIN, checks some attributes of user, and if necessary interrupts authentication and prints some error on login page. Is that possible from eventListener? Or do I have to change some authentication processors?

xgp · May 10, 2021, 6:09pm

You can’t do this from an EventListener. You would have to write a custom Authenticator and then update your flow.

Mariusz · May 11, 2021, 7:06am

Thank you for answer, I will try.

Mariusz · May 12, 2021, 6:56am

@xgp - do you maybe know how to extract user session ID in authentication provider? I want to check if users session, that is currently refreshed in not on blacklist.
I have method:

public void authenticate(AuthenticationFlowContext context) {

but I can’t find a way to extract sessionID

xgp · May 12, 2021, 7:53am

From the KeycloakSession. Check the javadoc for AuthenticationFlowContext.

Mariusz · May 13, 2021, 1:54pm

@xgp I tried: context.getEvent().getEvent().getSessionId() but this always returns null. When I look into: context.getAuthenticationSession(), there isn’t any place to get sessionId that user is refresing at the moment. Can you please point me to correct place?

I added my custom authenticator to the bottom of authentication flow.

Thanks.
Mariusz

xgp · May 13, 2021, 4:03pm

try

context.getAuthenticationSession().getParentSession().getId()

Mariusz · May 14, 2021, 6:57am

I tried that, doesn’t work. Code like this:

KeycloakSession keycloakSession = context.getSession();
RealmModel realm = keycloakSession.getContext().getRealm();

List<String> allUSerSessions = keycloakSession.sessions().getUserSessionsStream(realm, keycloakSession.userStorageManager().getUserById(context.getUser().getId(), realm)).map(d -> d.getId()).collect(Collectors.toList()); 
String sessionId = context.getAuthenticationSession().getParentSession().getId();

When I login for first time, Parent sessionID is the same as returned in “user sessions” later, but when I close brower, open after a while, then I get some different ID:

allUSerSessions = {ArrayList@25075} size = 2
0 = “d7d76d8d-6879-4078-a55e-81ce45680532”
1 = “bf2f4b28-de5c-4012-bb70-e89495f59bc1”

sessionId = “c764971e-6627-4f4f-ad9a-e75834e79b8c”

Session "bf2f… " was returned as “sessionId” when I created this session for the first time, now I need way to find out that this user is refreshing “bf2f…” , but “getParentSession” returns c7649… ?

Mariusz · May 18, 2021, 8:24am

I still can’t find a way to check which session is user refreshing, does anybody know how to do it?

Topic		Replies	Views
Passing data from authenticator to event listener Extending the server authentication	0	111	February 1, 2024
Keycloak 24.0.2 rejected useful getUserById Getting advice admin-console , authentication	2	61	April 1, 2024
Keycloak get cookie SPI Extending the server	4	1379	July 29, 2021
Last Login Time Extending the server authentication	13	10086	January 14, 2021
Get current user id from Keycloak Getting advice	2	3679	July 30, 2022

How to interrupt authorization from event listener

Related Topics