KEYCLOAK-2339 Documenting OIDC user session note mappers

This commit is contained in:
Corey McGregor 2019-02-26 21:22:21 +10:00 committed by Marek Posolda
parent e1ac03add0
commit e257c501ef

View file

@ -51,3 +51,20 @@ implementations are processed in the needed order.
For example, when we first want to compute the roles which will be included with a token, we first resolve audiences based on For example, when we first want to compute the roles which will be included with a token, we first resolve audiences based on
those roles. Then, we process a JavaScript script that uses the roles and audiences already available in the token. those roles. Then, we process a JavaScript script that uses the roles and audiences already available in the token.
[[_protocol-mappers_oidc-user-session-note-mappers]]
==== OIDC User Session Note Mappers
User session details are via mappers and depend on various criteria. User session details are automatically included when you use or enable a feature on a client. You can also click the `Add builtin` button to include session details.
Impersonated user sessions provide the following details:
* `IMPERSONATOR_ID`: The ID of an impersonating user
* `IMPERSONATOR_USERNAME`: The username of an impersonating user
Service account sessions provide the following details:
* `clientId`: The client ID of the service account
* `clientAddress`: The remote host IP of the service account authenticated device
* `clientHost`: The remote host name of the service account authenticated device