[mitreid-connect] Persist user additional info

Ondřej Velíšek ondrejvelisek at gmail.com
Mon Jul 25 15:16:49 EDT 2016 

Hi,

I've managed to do it. So here is solution for others.

In my PreAuthenticatedProcessingFilter constructor I've setted my
AuthenticationDetailsSource (setAuthenticationDetailsSource(new
PerunAuthenticationDetailSource());) which put additional info from
request to Authentication Details. Then I've override
AuthorizationCodeServices to fill AuthenticationHolderEntity
extentions with this details (authHolder.setExtensions((Map<String,
Serializable>) authentication.getUserAuthentication().getDetails());).
And finally override IntrospectionResultAssembler to get all
extensions from AccessToken.authenticationHolder
(result.putAll(accessToken.getAuthenticationHolder().getExtensions());)

Cheers

Ondrej

On Sun, Jul 17, 2016 at 11:40 PM, Ondřej Velíšek
<ondrejvelisek at gmail.com> wrote:
> Hi,
>
> Thank you for your answer. It helps me understand the system and
> solves part of my problem. Now I'm able to get userinfo from our
> external system which is great. However I need to save additional info
> with the user's authentication. Now I'm looking at
> AuthenticationHolderRepository. It seems it takes care about storing
> authentication of user (OAuth2Request class). It has field
> "extensions", which seems to be something I'm looking for. However I
> don't see how I can add my custom data from HttpServletRequest. e.g.
> in some filter.
>
> At least it is how I understand it. Or am I missing something? After I
> will fill the extensions it will store it and retrieve it when
> IntrospectionResultAssembler need it. Then I can overlay it and add
> the additional info into the response.
>
> Cheers
>
> Ondrej
>
> On Sun, Jul 17, 2016 at 8:44 PM,  <yannick.beot at gmail.com> wrote:
>> Hi,
>>
>> By default, mitreid look for user info into the table user_info.
>>
>> However, you can develop your own user info repository to fetch data from
>> elsewhere.
>>
>> For instance, in a ldap server:
>>
>> https://github.com/mitreid-connect/ldap-openid-connect-server/blob/master/ldap-server-overlay/src/main/java/edu/mit/kit/repository/impl/LdapUserInfoRepository.java
>>
>>
>>
>>
>>
>> Envoyé de mon téléphone Windows 10
>>
>>
>>
>> De : Ondřej Velíšek
>> Envoyé le :jeudi 14 juillet 2016 12:53
>> À : mitreid-connect at mit.edu
>> Objet :[mitreid-connect] Persist user additional info
>>
>>
>>
>> Hi all,
>>
>>
>>
>> I try to use mitreid connect server with its overlay system. I have
>>
>> apache infront of the mitreid srv, which is responsible for
>>
>> authentication. I use preautheticationFilter. It somehow works.
>>
>> However I cannot see any profile info in mitreid webapp.
>>
>>
>>
>> >From my naive point of view I need pass some object with unique userid
>>
>> and other info (Such as names, email, ... for id_token) to mitreid and
>>
>> it will save it in its DB. Such as Spring's UserDetails but it is too
>>
>> simple or MItre's UserInfo but i do not know how to pass it and it
>>
>> still does not contains any Map<String, String> for additional info
>>
>> which I need to save.
>>
>>
>>
>> The problem is I need to add and persist additional info about the
>>
>> person (few strings) and then get it with introspection. Actually in
>>
>> general I do not know how to pass info about user to mitreid and
>>
>> persist it. I've tried a few experiments without success.
>>
>>
>>
>> I need it because user has more digital identities. So in
>>
>> PreAuthenticationFilter I call external service which returns unique
>>
>> userId from his identity and I use it in Mitre. However Resource
>>
>> server needs to know which identity user used to generate token. So
>>
>> the digital identity needs to be persisted in Mitre.
>>
>>
>>
>>
>>
>> So far this is my user-context.xml
>>
>>
>>
>>
>>
>> <mvc:view-controller path="/login" view-name="login" />
>>
>>
>>
>> <security:http auto-config="false" use-expressions="true"
>>
>> entry-point-ref="http403EntryPoint" >
>>
>>    <security:intercept-url pattern="/authorize"
>> access="hasRole('ROLE_USER')" />
>>
>>    <security:intercept-url pattern="/**" access="permitAll" />
>>
>>    <security:custom-filter ref="perunAuthenticationFilter"
>>
>> position="PRE_AUTH_FILTER" />
>>
>>    <security:anonymous />
>>
>> </security:http>
>>
>>
>>
>> <bean id="perunAuthenticationFilter"
>>
>>      class="cz.metacentrum.perun.oidc.PerunAuthenticationFilter">
>>
>>    <property name="authenticationManager" ref="authenticationManager" />
>>
>> </bean>
>>
>>
>>
>> <security:authentication-manager alias="authenticationManager">
>>
>>    <security:authentication-provider ref="preauthAuthProvider" />
>>
>> </security:authentication-manager>
>>
>>
>>
>> <bean id="preauthAuthProvider"
>>
>>
>> class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
>>
>>    <property name="preAuthenticatedUserDetailsService"
>>
>> ref="userDetailsService"/>
>>
>> </bean>
>>
>>
>>
>> <bean class="cz.metacentrum.perun.oidc.PerunUserDetailsService"
>>
>> id="userDetailsService"/>
>>
>>
>>
>>
>>
>>
>>
>> I hope I explain it well. I will be glad for any help.
>>
>>
>>
>> cheers
>>
>>
>>
>> Ondrej
>>
>> _______________________________________________
>>
>> mitreid-connect mailing list
>>
>> mitreid-connect at mit.edu
>>
>> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
>>
>>

More information about the mitreid-connect mailing list