Keycloak: Get UserSessionModel of the current SSO session

Question

Keycloak 11.0.2

1. Is there a way to get UserSessionModel assigned to current SSO session in custom Authenticator?

I am able to take a List<UserSessionModel>:

List<UserSessionModel> userSessions = context.getSession().sessions().getUserSessions(context.getRealm(), context.getUser());

But I don't know which filtering property may I take using AutheticationFlowContext to filter list against and take UserSessionModel of the current SSO session.

Now I am filtering by UserSessionModel.id fetched from Authentication request cookie KEYCLOAK_SESSION (last segment of it). Maybe there is a direct way to take UserSessionModel.id using AuthenticationFlowContext somehow?

2. I have to use UserSessionModel.getNote() to retrieve UserSessionNotes set previously in another Authentication flows of the same SSO.

Direct method do not works for me to take UserSessionNotes set in another Authentication flows (but in the same SSO):

@Override
public void authenticate(AuthenticationFlowContext context) {
    Map<String,String> sessionNotes = context.getAuthenticationSession().getUserSessionNotes();
    // sessionNotes does not reflect notes set in another Authentication flows of the same SSO
    ...

}

So, if someone knows another way to take UserSessionNotes w/o UserSessionModel it will be also solution.

Answer 1

I've received an answer at Keycloak Forum https://keycloak.discourse.group/t/getting-usersessionnotes-returns-null-while-data-persist/5172

To take UserSessionModel of the current SSO in Authenticator:

@Override
public void authenticate(AuthenticationFlowContext context) {
    UserSessionModel userSessionModel;
    AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(context.getSession(),
            context.getRealm(), true);
    if (authResult != null) {
        // That is it:
        userSessionModel = authResult.getSession();
    }