From da131808e10fb09a45351badba3d35ca66651d68 Mon Sep 17 00:00:00 2001
From: Gunnar von der Beck <Gunnar.von-der-Beck@accso.de>
Date: Thu, 4 Apr 2019 08:57:18 +0200
Subject: [PATCH] Remarks for SSO when enabling useUsernameAsCamundaUserId

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index f0b4560..c059e28 100644
--- a/README.md
+++ b/README.md
@@ -230,6 +230,12 @@ Finally configure Spring Security with your Keycloak Single Page Web App `client
 Keep in mind that Keycloak's `ID` is definitely unique which might not always be the case for the `email` attribute, depending on your setup.
 Email uniqueness can be configured on a per realm level depending on the setting *Login with email*.
 
+In case you have activated the flag `useUsernameAsCamundaUserId` the extraction in Authentication provider must be changed in a similar way and can be implemented as follows:
+
+	// Extract username from Keycloak authentication result - which is part of the requested user info
+	@SuppressWarnings("unchecked")
+	String userId = ((HashMap<String, String>) userAuthentication.getDetails()).get("preferred_username");
+
 ## Unit testing the plugin
 
 In order to run the unit tests I have used a local docker setup of Keycloak with `docker-compose.yml` as follows: