User Session Attribute in User Federation Provider

gitdode · July 2, 2020, 9:13am

I’d like to pass some static, temporary configuration value from a Keycloak OpenID Connect Identity Provider to my User Federation Provider, allowing to use it when adding and updating users logging in via the IDP.

While this works with a Hardcoded Attribute, the attribute is stored with the user in Keycloak’s local storage, which is unnecessary ballast.

So I’ve used a Hardcoded User Session Attribute instead and tried to get it from session.getContext().getAuthenticationSession().getUserSessionNotes() in the User Federation Provider but the returned map is empty.

What am I doing wrong, and are there other ways to do it?

Cheers,
Torsten

steliyanag · October 15, 2020, 1:33pm

We were struggling with the same issue.
As a workaround, what we did is we added an extra execution to the auth flow assigned to the IdP (prior all other executions). It was a JS script. In the script:

function authenticate(context) {
    authenticationSession.setUserSessionNote("hardcoded", "value");
    context.success();
}

Then in the user federation provider, you can do the following:

String hardcoded = this.session.getContext().getAuthenticationSession().getUserSessionNotes().getOrDefault(“hardcoded”, “default”);

If someone finds a better solution, please share

Topic		Replies	Views
Brokering identity without store personnal data Getting advice identity-brokering	7	767	June 30, 2021
Update user logging in via IDP in user federation provider Getting advice identity-brokering , user-federation	1	1178	July 2, 2020
Conditional redirect to identity provider Getting advice identity-brokering	7	1320	March 13, 2024
Get Identity provider token in keycloak after logging Getting advice	1	508	October 21, 2021
Identity Provider mappers ignored during token exchange Configuring the server identity-brokering , oidc	4	618	December 16, 2023

User Session Attribute in User Federation Provider

Related Topics