public static String getPrincipalName(KeycloakDeployment deployment, AccessToken token) { String attr = "sub"; if (deployment.getPrincipalAttribute() != null) attr = deployment.getPrincipalAttribute(); String name = null; if ("sub".equals(attr)) { name = token.getSubject(); } else if ("email".equals(attr)) { name = token.getEmail(); } else if ("preferred_username".equals(attr)) { name = token.getPreferredUsername(); } else if ("name".equals(attr)) { name = token.getName(); } else if ("given_name".equals(attr)) { name = token.getGivenName(); } else if ("family_name".equals(attr)) { name = token.getFamilyName(); } else if ("nickname".equals(attr)) { name = token.getNickName(); } if (name == null) name = token.getSubject(); return name; }
result.put("subject", token.getSubject()); result.put("issued-at", new Date(token.getIssuedAt()));
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); Set<String> roles = account.getRoles(); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), roles); SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext); Session session = request.getSessionInternal(true); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); session.getSession().setAttribute(SerializableKeycloakAccount.class.getName(), sAccount); session.getSession().setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); String username = securityContext.getToken().getSubject(); log.fine("userSessionManagement.login: " + username); this.sessionManagement.login(session); }
@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); Set<String> roles = account.getRoles(); GenericPrincipal principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), roles); SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext); Session session = request.getSessionInternal(true); session.setPrincipal(principal); session.setAuthType("KEYCLOAK"); session.getSession().setAttribute(SerializableKeycloakAccount.class.getName(), sAccount); session.getSession().setAttribute(KeycloakSecurityContext.class.getName(), account.getKeycloakSecurityContext()); String username = securityContext.getToken().getSubject(); log.fine("userSessionManagement.login: " + username); this.sessionManagement.login(session); }
properties.add(new KeycloakProperty(PREFERRED_USERNAME, accessToken.getPreferredUsername())); properties.add(new KeycloakProperty(PROFILE, accessToken.getProfile())); properties.add(new KeycloakProperty(SUBJECT, accessToken.getSubject())); properties.add(new KeycloakProperty(WEBSITE, accessToken.getWebsite())); properties.add(new KeycloakProperty(ZONE_INFO, accessToken.getZoneinfo()));
public PermissionTicketToken(List<Permission> permissions, String audience, AccessToken accessToken) { if (accessToken != null) { id(TokenIdGenerator.generateId()); subject(accessToken.getSubject()); expiration(accessToken.getExpiration()); notBefore(accessToken.getNotBefore()); issuedAt(accessToken.getIssuedAt()); issuedFor(accessToken.getIssuedFor()); } if (audience != null) { audience(audience); } this.permissions = permissions; }
private AccessToken parseToken(String tokenString) throws VerificationException { JWSInput input = new JWSInput(tokenString); AccessToken token; try { token = input.readJsonContent(AccessToken.class); } catch (IOException e) { throw new VerificationException(e); } PublicKey publicKey; try { publicKey = config.getPublicKey(token.getAudience()); } catch (Exception e) { throw new VerificationException("Failed to get public key", e); } boolean verified = false; try { verified = RSAProvider.verify(input, publicKey); } catch (Exception ignore) { } if (!verified) throw new VerificationException("Token signature not validated"); if (token.getSubject() == null) { throw new VerificationException("Token user was null"); } if (!token.isActive()) { throw new VerificationException("Token is not active."); } return token; }