<div dir="ltr"><div><img alt="Inline image 2" src="cid:ii_15655d6bb28464aa" height="122" width="122"><br><br></div>That would do it. Thanks Marek!<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span><div><div>Josh Cain | Software Applications Engineer<br></div><i>Identity and Access Management</i><br></div><b>Red Hat</b><br>+1 843-737-1735<br></span></div></div></div>
<br><div class="gmail_quote">On Thu, Aug 4, 2016 at 8:46 AM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div><div class="h5">
<div>On 04/08/16 15:43, Josh Cain wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>More like if the provider is down/unavailable. Our lower
environments are subject to frequent refreshes/redeploys and
our Keycloak IDP being down can really block a good deal of
testing there.<br>
<br>
</div>
So more specifically, on the ValidateAndProxy function: <br>
<pre style="background-color:rgb(255,255,255);color:rgb(0,0,0);font-family:"Source Code Pro";font-size:10.5pt"><span style="color:rgb(0,0,128);font-weight:bold">protected </span>UserModel validateAndProxyUser(RealmMode<wbr>l realm, UserModel user) {
UserModel managed = <span style="color:rgb(102,14,122);font-weight:bold">managedUsers</span>.get(user.getId())<wbr>;
<span style="color:rgb(0,0,128);font-weight:bold">if </span>(managed != <span style="color:rgb(0,0,128);font-weight:bold">null</span>) {
<span style="color:rgb(0,0,128);font-weight:bold">return </span>managed;
}
UserFederationProvider link = getFederationLink(realm, user);
<span style="color:rgb(0,0,128);font-weight:bold">if </span>(link != <span style="color:rgb(0,0,128);font-weight:bold">null</span>) {
UserModel validatedProxyUser = link.validateAndProxy(realm, user);
<span style="color:rgb(0,0,128);font-weight:bold">if </span>(validatedProxyUser != <span style="color:rgb(0,0,128);font-weight:bold">null</span>) {
<span style="color:rgb(102,14,122);font-weight:bold">managedUsers</span>.put(user.getId(), validatedProxyUser);
<span style="color:rgb(0,0,128);font-weight:bold">return </span>validatedProxyUser;
} <span style="color:rgb(0,0,128);font-weight:bold">else </span>{
<span style="background-color:rgb(234,153,153)"> deleteInvalidUser(realm, user);
<span style="color:rgb(0,0,128);font-weight:bold">return null</span>;</span>
}
}
<span style="color:rgb(0,0,128);font-weight:bold">return </span>user;
}
</pre><pre style="background-color:rgb(255,255,255);color:rgb(0,0,0);font-size:10.5pt"><span style="font-family:arial,helvetica,sans-serif">This deletion/null return overrides any user information that might have been retrieved from the KC database (I.E. in getById):
</span><span style="color:rgb(128,128,0)">@Override
</span><span style="color:rgb(0,0,128);font-weight:bold">public </span><span style="background-color:rgb(228,228,255)">UserModel</span> getUserById(String id, RealmModel realm) {
<span style="background-color:rgb(228,228,255)">UserModel</span> user = <span style="color:rgb(102,14,122);font-weight:bold">session</span>.userStorage().<wbr>getUserById(id, realm);
<span style="color:rgb(0,0,128);font-weight:bold">if </span>(user != <span style="color:rgb(0,0,128);font-weight:bold">null</span>) {
user = validateAndProxyUser(realm, user); <span style="background-color:rgb(234,153,153)">// overrides valid user with 'null'</span>
}
<span style="color:rgb(0,0,128);font-weight:bold">return </span>user;
}
<span style="font-family:arial,helvetica,sans-serif">I'm just wanting a way to be able to say 'if <i>null</i> is returned here by the validateAndProxy method, just use the user from userStorage()'
</span></pre></div></blockquote></div></div>You can return from your validateAndProxy just the local user, which was given as argument then?
Marek
<span class=""><blockquote type="cite"><div class="gmail_extra">
<div><div data-smartmail="gmail_signature"><div dir="ltr"><span><div><div>Josh Cain | Software Applications Engineer
</div><i>Identity and Access Management</i>
</div><b>Red Hat</b>
<a href="tel:%2B1%20843-737-1735" value="+18437371735" target="_blank">+1 843-737-1735</a>
</span></div></div></div>
<div class="gmail_quote">On Wed, Aug 3, 2016 at 8:36 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Not sure what you mean. If the provider is not deployed?
</p><div><div>
<div>On 8/3/16 9:00 PM, Josh Cain wrote:
</div>
</div></div><blockquote type="cite"><div><div>
<div dir="ltr">
<div>
<div>Hi all,
</div>
I'm using a Keycloak impementation in which the majority of
our users come from a UserFederationProvider. However, I'd
ideally like to be able to fall-back to the Keycloak database
when this provider is unavailable. Is it possible to do so?
</div>
I looked around at the codebase and UserFederationManager seems
to be where I'd like to change (namely the <a href="https://github.com/keycloak/keycloak/blob/ec6b81e42dc8cb7abd9d06571a732cb3c40a5b03/server-spi/src/main/java/org/keycloak/models/UserFederationManager.java#L143" target="_blank">validateAndProxyUser</a>
method). Is there any way to extend this with our own
behavior? Looks like that particular implementation is
hard-coded into the KeycloakSession interface.
<div>
<div>
<div>
<div>
<div data-smartmail="gmail_signature">
<div dir="ltr"><span>
<div>
<div>Josh Cain | Software Applications Engineer
</div>
<i>Identity and Access Management</i>
</div>
<b>Red Hat</b>
<a href="tel:%2B1%20843-737-1735" value="+18437371735" target="_blank">+1 843-737-1735</a>
</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
<fieldset></fieldset>
</div></div><pre>______________________________<wbr>_________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-user</a></pre>
</blockquote>
</div>
______________________________<wbr>_________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-user</a>
</blockquote></div>
</div>
<fieldset></fieldset>
<pre>______________________________<wbr>_________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a></pre>
</blockquote>
</span></div></blockquote></div><br></div>