[keycloak-user] Keycloak 1.6.1 possible bug. Deleting User

Marek Posolda mposolda at redhat.com
Mon Nov 23 15:31:26 EST 2015 

Hi,

sorry for late response. This might be some DB/transaction locking bug. 
Which DB type, version and JDBC driver are you using? Currently method 
deleteInvalidUser runs in separate transaction, which is maybe an issue...

Marek

On 18/11/15 01:39, alex orl wrote:
> Hi to all.
> Working on my custom user federation provider i'm facing up to a 
> possible bug.
> I used the last 1.6.1 final keycloak version.
> In my legacy user database i have 3 users:
> user1
> user2
> user3
>
> I try to log into my secured application with all three users' 
> credentials and all goes fine.
> This way all three users are present inside the keycloak properties 
> file so, if i open keycloak admin console and list all users by 
> clicking on the "view all users" button, inside the user section, 
> keycloak lists to me
> user1
> user2
> user3
>
> Now i delete user3 from my legacy database, then i come back to the 
> keycloak admin console in order to list users again.
> After clicking the "view all users" button... nothing is listed and 
> the page stucks in loading mode.
>
> Debugging my code, after "view all users" click... my user federation 
> provider executes the isValid() method for all the 3 users.
> The isValid method returns true for user1
>                    true for user2
>                    false for the deleted user3
> The last false value is returned to the
> UserModel validateAndProxy(RealmModel realm, UserModel local)
> method which will return a NULL UserModel object.
>
> ValidateAndProxy method passes the ball to 
> org.keycloak.models.UserFederationManager with its method:
>
> *protected* UserModel validateAndProxyUser(RealmModel realm, UserModel 
> user) {
> UserModel managed = managedUsers.get(user.getId());
> *if* (managed != *null*) {
> *return*managed;
> }
> UserFederationProvider link = getFederationLink(realm, user);
> *if* (link != *null*) {
> UserModel validatedProxyUser = link.validateAndProxy(realm, user);
> *if* (validatedProxyUser != *null*) {
> managedUsers.put(user.getId(), validatedProxyUser);
> *return*validatedProxyUser;
> } *else* {
> deleteInvalidUser(realm, user);
> *return**null*;
> }
>         }
>
> The UserModel NULL value triggers the deleteInvalidUser(...) method. 
> (row 135 of org.keycloak.models.UserFederationManager class). At this 
> point nothing happens and keycloak console stays in loading state.
>
> Am i wrong with anything? or is it a bug?
> thanks
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151123/4c06f425/attachment-0001.html

More information about the keycloak-user mailing list