Can anyone give any information about this. Can we get about gluu server session?

Hi, Sakit. We usually don't mind to provide some guidance regarding custom scripts even to our Community users (as free support doesn't include custom scripts development topics), but it seems your project starts to involve a lot of in-depth knowledge of Gluu's codebase. In such cases we must to ask for a consultation from our developers, what we can't afford to do for free. All Gluu source codes are available for our users to study them and usually it's enough to find any answer you may need, if your organization has its own staff experienced in the field. But if you think you could benefit from some first-hand and timely support, I would suggest to consider purchasing some paid support plan from us.

Sakit, Can you further describe the information that you wish to store in the user session? Also, what SSO protocol is being used? Thanks, Will

Hi William, Ok let me give some information. We have multiple authentication type. Each time user login we send which login type our user choose with `acr_values`(basic, custom1 and etc.). When `authentication_script` run we can read from session. Now we want to read this `acr_values` when I call `user_data` endpoint I want to read this value from `gluu_session` and return different user claims depend on user login type. We can send login type as parameter but anyone can change this value easily. So that we want to keep this info in the session when user signed. Is it possible? or is there other secure way?

Thanks, Sakit. Could you please elaborate a bit on some moments? >When authentication_script run we can read from session Could you provide some code snippet which shows what is exactly happening here? Either your code, or our own custom script code (if you borrowed that idea from some of our scripts). Just want to make sure everybody understands where do we stand at the moment. >Now we want to read this acr_values when I call user_data endpoint I want to read this value from gluu_session and return different user claims depend on user login type. I guess you mean userinfo OIDC endpoint, correct? That may be harder than it looks like as during call to userinfo no session identifier (a cookie) is sent. You only is obliged to send `access token` there. I don't think we have some custom script specifically for userinfo endpoint, though we do have dynamic scopes scripts which may be able to provide what you need. Let me give it a quick test. You need to be able to release user's data to some RP in amount proportional to "level of security" of auth method user used when authenticating at Gluu, correct?

Actually I used your script examples. I get `acr_values` from the session with the below code snippet ```` context = Contexts.getEventContext() session_attributes = context.get("sessionAttributes") acr = session_attributes.get("acr") ```` With this code I can get which login type chose from my user and I can show different login page and apply different custom authorize script. > You need to be able to release user data's to some RP proportionally to "level of security" of auth method user used when authenticating at Gluu, correct? Yes you are right and that is what we need

Finally we found. `SessionStateService` give to us what we need. Unfortunately there is no any endpoint to get this info.

Interesting. Do you mean you've solved your case with it? Do you mind sharing some code snippet illustrating your final solution?

No Aliaksandr actually this can not solve my problem. I mean `SessionStateService` has many functions which returns all information which I need. But there is no any endpoint to get these information. So that to get these information I should change the main code or write some external code to get these information. But I am not sure this way is secure or not.