Re: [keycloak-user] Is failing to DB possible for Federated Users?

More like if the provider is down/unavailable. Our lower environments are subject to frequent refreshes/redeploys and our Keycloak IDP being down can really block a good deal of testing there. So more specifically, on the ValidateAndProxy function: protected UserModel validateAndProxyUser(RealmModel realm, UserModel user) { UserModel managed = managedUsers.get(user.getId()); if (managed != null) { return managed; } UserFederationProvider link = getFederationLink(realm, user); if (link != null) { UserModel validatedProxyUser = link.validateAndProxy(realm, user); if (validatedProxyUser != null) { managedUsers.put(user.getId(), validatedProxyUser); return validatedProxyUser; } else { deleteInvalidUser(realm, user); return null; } } return user; } This deletion/null return overrides any user information that might have been retrieved from the KC database (I.E. in getById): @Override public UserModel getUserById(String id, RealmModel realm) { UserModel user = session.userStorage().getUserById(id, realm); if (user != null) { user = validateAndProxyUser(realm, user); // overrides valid user with 'null' } return user; } I'm just wanting a way to be able to say 'if *null* is returned here by the validateAndProxy method, just use the user from userStorage()' Josh Cain | Software Applications Engineer *Identity and Access Management* *Red Hat* +1 843-737-1735 On Wed, Aug 3, 2016 at 8:36 PM, Bill Burke <bburke(a)redhat.com&gt; wrote: