Hi,
We have a similar use case as in a previous post: Login user after setting new password
What is the most secure way to solve this? I have 2 options, by using an Authenticator, but I am stuck on the second one with the usage of AuthenticationManager.createLoginCookie
option 1:
Set a custom (digest) cookie in the Required Action and implement an Authenticator to validate the cookie. Then the browser flow needs to be adapted with the Authenticator.
option 2:
Set the Keycloak login cookie from within the Required Action by calling AuthenticationManager.createLoginCookie, but I am stuck here on the creation of a UserSessionModel: UserSessionModel userSession = context.getSession().sessions().createUserSession(…)
This is what I have so far in my processAction of the Required Action, but I am stuck with the question marks:
UserSessionModel userSession = context.getSession().sessions().createUserSession( context.getAuthenticationSession().getParentSession().getId(), context.getRealm(), context.getAuthenticationSession().getAuthenticatedUser(), context.getAuthenticationSession().getAuthenticatedUser().getUsername(), context.getConnection().getRemoteAddr(), OIDCLoginProtocol.LOGIN_PROTOCOL, false, " ????????? ", " ????????? " ); AuthenticationManager.createLoginCookie( context.getSession(), context.getRealm(), context.getAuthenticationSession().getAuthenticatedUser(), context.getSession().sessions().getUserSession(context.getRealm(), ), context.getUriInfo(), context.getConnection());
Any ideas what to put in the question marks?
regards,
Sven