Fetch Logged In Username in a webapp secured with Keycloak

keycloak login api
keycloak api get access token
keycloak authorization example
what is keycloak gatekeeper
keycloak authentication flow
keycloak redirect uri
keycloak refresh token
keycloak check if token is valid

I have secured an enterprise application with Keycloak using standard wildfly based Keycloak adapters. Issue that I am facing is that the rest web services when invoked, needs to know the username that is currently logged in. How do I get the logged in user information from Keycloak?

I tried using SecurityContext , WebListener etc. But none of them are able to give me the required details.

You get all user information from the security context.


public class Greeter {

  SecurityContext sc;

  public String sayHello() {

    // this will set the user id as userName
    String userName = sc.getUserPrincipal().getName();

    if (sc.getUserPrincipal() instanceof KeycloakPrincipal) {
      KeycloakPrincipal<KeycloakSecurityContext> kp = (KeycloakPrincipal<KeycloakSecurityContext>)  sc.getUserPrincipal();

      // this is how to get the real userName (or rather the login name)
      userName = kp.getKeycloakSecurityContext().getIdToken().getPreferredUsername();

    return "{ message : \"Hello " + userName + "\" }";

For the security context to be propagated you have to have a security domain configured as described in the: JBoss/Wildfly Adapter configuration

Securing Applications and Services Guide, The identity token contains information about the user such as username, If true , an authenticated browser client (via a JavaScript HTTP invocation) specifying minimum interval between two requests to Keycloak to retrieve new public keys. To be able to secure WAR apps deployed on JBoss EAP, WildFly or JBoss  Fetch Logged In Username in a webapp secured with Keycloak. Realm Role Client Role Composite Role There are no User Roles in KeyCloak. You most likely confused

You may also set the principal-attribute property in the keycloak.json file of your web app to preferred_username.

User Authentication with Keycloak - Part 1: React front-end -, I'm assuming you have npm installed – if not, you can get <p>This is a Keycloak-secured component of your This will authenticate the client if the user has already logged into Keycloak, or redirect the  The second type of use cases is that of a client that wants to gain access to remote services. In this case, the client asks Keycloak to obtain an access token it can use to invoke on other remote services on behalf of the user. Keycloak authenticates the user then asks the user for consent to grant access to the client requesting it.

Need to add standalone.xml next line:



<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
    <secure-deployment name="war-name.war">

Fetch Logged In Username in a webapp secured with Keycloak, Fetch Logged In Username in a webapp secured with Keycloak. keycloak api get access token keycloak adapter keycloak authorization example keycloak  We deployed keycloak server 4.6.0.Final for authentication for our web application How can i configure to get server logs? I cannot find any logs from server.log or Audit.log files. Do I need to configure any place to show the keycloak server log details.

In Keycloak 3.4.3 (may also work on earlier versions) I was able to map username to the sub token claim name. From the Keycloak admin interface this is done under Clients > [your-client] > Mappers > username and then enter sub in the Token Claim Name field. This has the advantage of actually changing the contents of the ID token returned by Keycloak rather than adjusting client-side as in the other answer. This is particularly nice when you're using a standard OpenID Connect library rather than an adapter provided by Keycloak.

Easily secure your Spring Boot applications with Keycloak, ftl which will be our product page template and will be only accessible for authenticated user. Let's start by creating in simple index.html file in “/src  Keycloak offers everything a sophisticated user management tool needs – without having to log on repeatedly with every login and into every system-as well as system security, social logins, support for mobile apps and integration into other solutions.

In my case i was taking the preferred user name from the token like this


To work i had to go to keycloak and add on my client template the add builtins if not added preferred username came null.

Check the username on the built ins, client template -> mappers.

After that if worked!

API login and JWT token generation using Keycloak, First, we will create a simple user in Keycloak, as shown in Figure 1. Join the Red Hat Developer Program (it's free) and get access to related cheat How to secure your API documentation with Red Hat Single Sign-On? This guide is Deploying projects to Apache Felix, Tomcat, and Karaf in VS Code  Avoid keycloak default login page and use project login page ; Enabling remote access to Keycloak ; Keycloak retrieve custom attributes to KeycloakPrincipal ; Fetch Logged In Username in a webapp secured with Keycloak

Authenticating and Authorizing Users via Keycloak, I have secured an enterprise application with Keycloak using standard wildfly based Keycloak adapters. Issue that I am facing is that the rest web services when  The application notices the user is not logged in, so it redirects the browser to Keycloak to be authenticated. The application passes along a callback URL (a redirect URL) as a query parameter in this browser redirect that Keycloak will use when it finishes authentication. Keycloak authenticates the user and creates an identity and access token

Logout, It can help build a security layer on top of the cBioPortal web application. realm​: A realm secures and manages security metadata for a set of users, client: Clients are entities that can request authentication of a user within a realm. Log in to your Keycloak Identity Provider, e.g. http://localhost:8080/auth, as an admin​  If you do not know and want to ask on keycloak-user mailing list, it is helpful to send the log files from Keycloak servers on both datacenters in the email. Either add the log snippets to the mails or put the logs somewhere and reference them in the email.

Easy SSO for Vert.x with Keycloak, Though your application uses Auth0 to authenticate users, you'll still need to track that the user has logged in to your application. In a regular web application,  The API is now secured and you have to be logged in to make a REST request. The only thing we did in our app is to extend the security adapter provided by Keycloak. There is many other adapters.