[mitreid-connect] Persist user additional info

Ondřej Velíšek ondrejvelisek at gmail.com
Sun Jul 17 17:40:46 EDT 2016 

Hi,

Thank you for your answer. It helps me understand the system and
solves part of my problem. Now I'm able to get userinfo from our
external system which is great. However I need to save additional info
with the user's authentication. Now I'm looking at
AuthenticationHolderRepository. It seems it takes care about storing
authentication of user (OAuth2Request class). It has field
"extensions", which seems to be something I'm looking for. However I
don't see how I can add my custom data from HttpServletRequest. e.g.
in some filter.

At least it is how I understand it. Or am I missing something? After I
will fill the extensions it will store it and retrieve it when
IntrospectionResultAssembler need it. Then I can overlay it and add
the additional info into the response.

Cheers

Ondrej

On Sun, Jul 17, 2016 at 8:44 PM,  <yannick.beot at gmail.com> wrote:
> Hi,
>
> By default, mitreid look for user info into the table user_info.
>
> However, you can develop your own user info repository to fetch data from
> elsewhere.
>
> For instance, in a ldap server:
>
> https://github.com/mitreid-connect/ldap-openid-connect-server/blob/master/ldap-server-overlay/src/main/java/edu/mit/kit/repository/impl/LdapUserInfoRepository.java
>
>
>
>
>
> Envoyé de mon téléphone Windows 10
>
>
>
> De : Ondřej Velíšek
> Envoyé le :jeudi 14 juillet 2016 12:53
> À : mitreid-connect at mit.edu
> Objet :[mitreid-connect] Persist user additional info
>
>
>
> Hi all,
>
>
>
> I try to use mitreid connect server with its overlay system. I have
>
> apache infront of the mitreid srv, which is responsible for
>
> authentication. I use preautheticationFilter. It somehow works.
>
> However I cannot see any profile info in mitreid webapp.
>
>
>
> >From my naive point of view I need pass some object with unique userid
>
> and other info (Such as names, email, ... for id_token) to mitreid and
>
> it will save it in its DB. Such as Spring's UserDetails but it is too
>
> simple or MItre's UserInfo but i do not know how to pass it and it
>
> still does not contains any Map<String, String> for additional info
>
> which I need to save.
>
>
>
> The problem is I need to add and persist additional info about the
>
> person (few strings) and then get it with introspection. Actually in
>
> general I do not know how to pass info about user to mitreid and
>
> persist it. I've tried a few experiments without success.
>
>
>
> I need it because user has more digital identities. So in
>
> PreAuthenticationFilter I call external service which returns unique
>
> userId from his identity and I use it in Mitre. However Resource
>
> server needs to know which identity user used to generate token. So
>
> the digital identity needs to be persisted in Mitre.
>
>
>
>
>
> So far this is my user-context.xml
>
>
>
>
>
> <mvc:view-controller path="/login" view-name="login" />
>
>
>
> <security:http auto-config="false" use-expressions="true"
>
> entry-point-ref="http403EntryPoint" >
>
>    <security:intercept-url pattern="/authorize"
> access="hasRole('ROLE_USER')" />
>
>    <security:intercept-url pattern="/**" access="permitAll" />
>
>    <security:custom-filter ref="perunAuthenticationFilter"
>
> position="PRE_AUTH_FILTER" />
>
>    <security:anonymous />
>
> </security:http>
>
>
>
> <bean id="perunAuthenticationFilter"
>
>      class="cz.metacentrum.perun.oidc.PerunAuthenticationFilter">
>
>    <property name="authenticationManager" ref="authenticationManager" />
>
> </bean>
>
>
>
> <security:authentication-manager alias="authenticationManager">
>
>    <security:authentication-provider ref="preauthAuthProvider" />
>
> </security:authentication-manager>
>
>
>
> <bean id="preauthAuthProvider"
>
>
> class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
>
>    <property name="preAuthenticatedUserDetailsService"
>
> ref="userDetailsService"/>
>
> </bean>
>
>
>
> <bean class="cz.metacentrum.perun.oidc.PerunUserDetailsService"
>
> id="userDetailsService"/>
>
>
>
>
>
>
>
> I hope I explain it well. I will be glad for any help.
>
>
>
> cheers
>
>
>
> Ondrej
>
> _______________________________________________
>
> mitreid-connect mailing list
>
> mitreid-connect at mit.edu
>
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
>
>

More information about the mitreid-connect mailing list