From 925c5572ad6597e12485402d4d22c1ef15a5b5a6 Mon Sep 17 00:00:00 2001
From: wojnarfilip <fwojnar@redhat.com>
Date: Mon, 4 Dec 2023 08:36:20 +0100
Subject: [PATCH] Re-enable Federated Access Token in user sessions

Closes #25290

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
---
 .../org/keycloak/protocol/oidc/DefaultTokenExchangeProvider.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/DefaultTokenExchangeProvider.java b/services/src/main/java/org/keycloak/protocol/oidc/DefaultTokenExchangeProvider.java
index 3f1b3d3158..c2b6d4bacf 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/DefaultTokenExchangeProvider.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/DefaultTokenExchangeProvider.java
@@ -513,6 +513,7 @@ public class DefaultTokenExchangeProvider implements TokenExchangeProvider {
 
         // this must exist so that we can obtain access token from user session if idp's store tokens is off
         userSession.setNote(IdentityProvider.EXTERNAL_IDENTITY_PROVIDER, externalIdpModel.get().getAlias());
+        userSession.setNote(IdentityProvider.FEDERATED_ACCESS_TOKEN, subjectToken);
 
         context.addSessionNotesToUserSession(userSession);