[mitreid-connect] Persist user additional info

Ondřej Velíšek ondrejvelisek at gmail.com
Thu Jul 14 06:52:51 EDT 2016 

Hi all,

I try to use mitreid connect server with its overlay system. I have
apache infront of the mitreid srv, which is responsible for
authentication. I use preautheticationFilter. It somehow works.
However I cannot see any profile info in mitreid webapp.

>From my naive point of view I need pass some object with unique userid
and other info (Such as names, email, ... for id_token) to mitreid and
it will save it in its DB. Such as Spring's UserDetails but it is too
simple or MItre's UserInfo but i do not know how to pass it and it
still does not contains any Map<String, String> for additional info
which I need to save.

The problem is I need to add and persist additional info about the
person (few strings) and then get it with introspection. Actually in
general I do not know how to pass info about user to mitreid and
persist it. I've tried a few experiments without success.

I need it because user has more digital identities. So in
PreAuthenticationFilter I call external service which returns unique
userId from his identity and I use it in Mitre. However Resource
server needs to know which identity user used to generate token. So
the digital identity needs to be persisted in Mitre.


So far this is my user-context.xml


<mvc:view-controller path="/login" view-name="login" />

<security:http auto-config="false" use-expressions="true"
entry-point-ref="http403EntryPoint" >
   <security:intercept-url pattern="/authorize" access="hasRole('ROLE_USER')" />
   <security:intercept-url pattern="/**" access="permitAll" />
   <security:custom-filter ref="perunAuthenticationFilter"
position="PRE_AUTH_FILTER" />
   <security:anonymous />
</security:http>

<bean id="perunAuthenticationFilter"
     class="cz.metacentrum.perun.oidc.PerunAuthenticationFilter">
   <property name="authenticationManager" ref="authenticationManager" />
</bean>

<security:authentication-manager alias="authenticationManager">
   <security:authentication-provider ref="preauthAuthProvider" />
</security:authentication-manager>

<bean id="preauthAuthProvider"
     class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
   <property name="preAuthenticatedUserDetailsService"
ref="userDetailsService"/>
</bean>

<bean class="cz.metacentrum.perun.oidc.PerunUserDetailsService"
id="userDetailsService"/>



I hope I explain it well. I will be glad for any help.

cheers

Ondrej

More information about the mitreid-connect mailing list