You can return from your validateAndProxy just the local user, which was given as argument then? MarekOn 04/08/16 15:43, Josh Cain wrote:
More like if the provider is down/unavailable. Our lower environments are subject to frequent refreshes/redeploys and our Keycloak IDP being down can really block a good deal of testing there.So more specifically, on the ValidateAndProxy function:
protected UserModel validateAndProxyUser(RealmModel realm, UserModel user) { UserModel managed = managedUsers.get(user.getId()) ; if (managed != null) { return managed; } UserFederationProvider link = getFederationLink(realm, user); if (link != null) { UserModel validatedProxyUser = link.validateAndProxy(realm, user); if (validatedProxyUser != null) { managedUsers.put(user.getId(), validatedProxyUser); return validatedProxyUser; } else { deleteInvalidUser(realm, user); return null; } } return user; } This deletion/null return overrides any user information that might have been retrieved from the KC database (I.E. in getById): @Override public UserModel getUserById(String id, RealmModel realm) { UserModel user = session.userStorage().getUserById(id, realm); if (user != null) { user = validateAndProxyUser(realm, user); // overrides valid user with 'null' } return user; } I'm just wanting a way to be able to say 'if null is returned here by the validateAndProxy method, just use the user from userStorage()' Red Hat +1 843-737-1735Josh Cain | Software Applications EngineerIdentity and Access ManagementOn Wed, Aug 3, 2016 at 8:36 PM, Bill Burke <bburke@redhat.com> wrote:______________________________Not sure what you mean. If the provider is not deployed?
On 8/3/16 9:00 PM, Josh Cain wrote:I looked around at the codebase and UserFederationManager seems to be where I'd like to change (namely the validateAndProxyUser method). Is there any way to extend this with our own behavior? Looks like that particular implementation is hard-coded into the KeycloakSession interface.Hi all,I'm using a Keycloak impementation in which the majority of our users come from a UserFederationProvider. However, I'd ideally like to be able to fall-back to the Keycloak database when this provider is unavailable. Is it possible to do so?Red Hat +1 843-737-1735Josh Cain | Software Applications EngineerIdentity and Access Management_______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/mailma n/listinfo/keycloak-user _________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/mailma n/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/ mailman/listinfo/keycloak-user