User Session Attribute in User Federation Provider

I’d like to pass some static, temporary configuration value from a Keycloak OpenID Connect Identity Provider to my User Federation Provider, allowing to use it when adding and updating users logging in via the IDP.

While this works with a Hardcoded Attribute, the attribute is stored with the user in Keycloak’s local storage, which is unnecessary ballast.

So I’ve used a Hardcoded User Session Attribute instead and tried to get it from session.getContext().getAuthenticationSession().getUserSessionNotes() in the User Federation Provider but the returned map is empty.

What am I doing wrong, and are there other ways to do it?


1 Like

We were struggling with the same issue.
As a workaround, what we did is we added an extra execution to the auth flow assigned to the IdP (prior all other executions). It was a JS script. In the script:

function authenticate(context) {
    authenticationSession.setUserSessionNote("hardcoded", "value");

Then in the user federation provider, you can do the following:

String hardcoded = this.session.getContext().getAuthenticationSession().getUserSessionNotes().getOrDefault(“hardcoded”, “default”);

If someone finds a better solution, please share

1 Like