2

I'm hoping to add the authenticating user's IP address to the JWT token for later use in the middleware. What is the easiest way to accomplish this?

Keycloak v6.0.1

Eric
  • 640
  • 12
  • 32
  • In version 11, all clients come with a mapper for it. Try something like `Clients` -> `Settings` -> `Mappers` -> `Create` -> `Mapper Type=User Session Note` -> `User Session note=clientAddress`. I hope it helps – Natan Deitch Aug 21 '20 at 12:23
  • @NatanDeitch is that all I would need to do to add the clientAddress(IP address) to the JWT? Or are there additional steps to get the IP address to show up in the JWT? Since I'm running v6.0.1 I'm hoping these steps will work for this version – Eric Aug 21 '20 at 23:13
  • In version 11 that's all, the keycloak itself get this info and adds to token. – Natan Deitch Aug 22 '20 at 19:55
  • All these solution not works for me. i'm using keycloak 11. – Francesco Dec 07 '20 at 17:42
  • All these solution not works for me. i'm using keycloak 11. – Hamid Reza Sharifi Jan 02 '21 at 13:05

1 Answers1

2

Client Address is not available in the user session note, unless the user is a Service Account (private client) - Relevant Documentation.

Easiest way to achieve this is to write a plugin for keycloak, adding an event listener on user login/token refresh to add to the user session notes. Created this quick example - https://github.com/CharlyRipp/keycloak-user-details-provider.

Note this example is for keycloak 15 (at the time of this answer) - changing the POM parent to the desired version, then may need to fix getRealm and getUserSession calls as those have changed in recent versions.

Charly
  • 881
  • 10
  • 19