protected UserModel validateAndProxyUser(RealmModel realm, UserModel user) {
UserModel managed = managedUsers.get(user.getId());
if (managed != null) {
return managed;
}
UserFederationProvider link = getFederationLink(realm, user);
if (link != null) {
UserModel validatedProxyUser = link.validateAndProxy(realm, user);
if (validatedProxyUser != null) {
managedUsers.put(user.getId(), validatedProxyUser);
return validatedProxyUser;
} else {
deleteInvalidUser(realm, user);
return null;
}
}
return user;
}
This deletion/null return overrides any user information that might have been retrieved from the KC database (I.E. in getById):
@Override
public UserModel getUserById(String id, RealmModel realm) {
UserModel user = session.userStorage().getUserById(id, realm);
if (user != null) {
user = validateAndProxyUser(realm, user); // overrides valid user with 'null'
}
return user;
}
I'm just wanting a way to be able to say 'if null is returned here by the validateAndProxy method, just use the user from userStorage()'
Not sure what you mean. If the provider is not deployed?
On 8/3/16 9:00 PM, Josh Cain wrote:
I looked around at the codebase and UserFederationManager seems to be where I'd like to change (namely the validateAndProxyUser method). Is there any way to extend this with our own behavior? Looks like that particular implementation is hard-coded into the KeycloakSession interface.Hi all,I'm using a Keycloak impementation in which the majority of our users come from a UserFederationProvider. However, I'd ideally like to be able to fall-back to the Keycloak database when this provider is unavailable. Is it possible to do so?
Red HatJosh Cain | Software Applications EngineerIdentity and Access Management
+1 843-737-1735
_______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/ mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user