Hi all,

I'm using a Keycloak impementation in which the majority of our users come from a UserFederationProvider. However, I'd ideally like to be able to fall-back to the Keycloak database when this provider is unavailable. Is it possible to do so?

I looked around at the codebase and UserFederationManager seems to be where I'd like to change (namely the validateAndProxyUser method). Is there any way to extend this with our own behavior? Looks like that particular implementation is hard-coded into the KeycloakSession interface.

Josh Cain | Software Applications Engineer

Identity and Access Management

Red Hat
+1 843-737-1735