I will do another try, maybe I get an answer from someone who has knowledge in Pac4j.
I have a simple question for Pac4j.
I'm using Keycloak as Auth Provider.
After successful login I would like to store some information in e.g. a Session Bean:
- User Information
- call a function, e.g. UserLog (user have been login in the application)
- Set Language (information are coming from database)
- Set Permission (Permission are stored in application), I need to set this to the Shiro object
My main issue is currently, how can I get the User Information from Keycloak after Login?
Do I need to change anything in the shiro.ini
? If yes, how?
My scenario would be:
- Get username from Keycloak (emailaddress)
- Call in my database a query to get the mapping between Keycloak user and application User
- Based on the user set in my Session Bean some information....
So the best way would be e.g. to define in my shiro.ini
a class.
Inside the class I will get the User Information from Keycloak (especially the email address).
How can I do this?
First of all, you can use pac4j alone, you don't need Shiro except for a Shiro legacy apps.
If you need to use the appropriate pac4j implementation for your webapp: https://www.pac4j.org/implementations.html
In any case, after a successful authentication at Keycloak thanks to pac4j(+Shiro), you will get the authenticated user in the pac4j(+Shiro) security context.
With pac4j, you can create an authorization generator to query your database and adapt the profile as needed: https://www.pac4j.org/5.7.x/docs/clients.html#2-compute-roles-and-permissions