keycloak: Polishing example for Network based authentication step

thomasdarimont · Nov 4, 2023 · 0dcc22e · 0dcc22e
1 parent cbc4cee
commit 0dcc22e
Showing 1 changed file with 7 additions and 8 deletions.
diff --git a/...rc/main/java/com/github/thomasdarimont/keycloak/custom/auth/net/NetworkAuthenticator.java b/...rc/main/java/com/github/thomasdarimont/keycloak/custom/auth/net/NetworkAuthenticator.java
@@ -65,25 +65,24 @@ public class NetworkAuthenticator implements Authenticator {
     @Override
     public void authenticate(AuthenticationFlowContext context) {
 
-        var remoteIp = resolveRemoteIp( //
-                context.getAuthenticatorConfig(), //
-                context.getHttpRequest(), //
-                context.getConnection().getRemoteAddr() //
-        );
-
         var realm = context.getRealm();
         var authSession = context.getAuthenticationSession();
         var client = authSession.getClient();
 
         var allowedNetworks = resolveAllowedNetworks(context.getAuthenticatorConfig(), client);
         if (allowedNetworks == null) {
             // skip check since we don't have any network restrictions configured
-            log.debugf("Skip check for source IP based on network. realm=%s, client=%s, IP=%s", //
-                    realm.getName(), client.getClientId(), remoteIp);
+            log.debugf("Skip check for source IP based on network. realm=%s, client=%s", //
+                    realm.getName(), client.getClientId());
             context.success();
             return;
         }
 
+        var remoteIp = resolveRemoteIp( //
+                context.getAuthenticatorConfig(), //
+                context.getHttpRequest(), //
+                context.getConnection().getRemoteAddr() //
+        );
         if (remoteIp == null) {
             context.attempted();
             log.warnf("Could not determine remoteIp, step marked as attempted. realm=%s, client=%s", //