[keycloak-user] Federation/Provider update 2.2.1 to 3.2

[Markus Piatkowski]

Hi everyone,

I am trying to update our federation from Keycloak 2.2.1 to 3.2.

My problem is that the federation in our setup is responsible for blocking inactive user accounts. In the old version the validateAndProxy-method was called on every user-request (e.g. during the login-process). This method deactivated the user when the lastLogin timestamp (user attribute) was too old.

In the current version the federation has changed. My first try was to implement the UserStorageProvider with the ImportedUserValidation interface. But the validate method is calling only once for each user. According to my understanding the method is only calling on the local storage access and not when the user is in the cache.

My second try was to implement an EventListenerProvider and check the timestamp on the LOGIN event. This worked but I did not get any error message on the Login-Screen. If I disable a user during the login process keycloak fires a CODE_TO _TOKEN_ERROR event. The result is a reload of the login screen without user notification or any error message for the user.

Does someone have an idea how to solve the problem?

Thanks and regards,
Markus