Hi All, I am writing a federation provider which performs authentication against an RDBMS. I am using keycloak 1.2.0.Final. I have looked at the sample properties provider and would like to know a few things. In UserFederationProviderFactory 1. UserFederationProviderFactory#create returns null in the example. Do we not need to implement that? 2. When is the UserFederationProviderFactory#close method called? Is it when the server is shut down? 3. When is the init method called? Is it called once per object instance? 4. Is it only one instance of a given type UserFederationProviderFactory that is created for the system? UserFederationProvider 5. The javadoc for UserFederationProvider#getUserByUsername says "Required to import into local storage any user found." does it mean that I have to call keyCloakSession.userStorage().addUser(realm, userName)? Do I have to do that even if the user has been already previously imported into the system? Do I have to synchronize the user data in that method? 6. Same as question 5 for methods getUserByEmail and searchByAttributes. 7. When should I return false from method "isValid". What does returning false from that method prevent? Is it importing/prevent user from logging in/not show user in user list? 8. In validCredentials(RealmModel realm, UserCredentialModel credential) the javadoc says "Validate credentials of unknown user.". When should I implement that method? How can an unknown user be validated? 9. When is the UserFederationProvider# close method called? Any help is highly appreciated. If possible please mention how those questions will relate to an RDBMS backed provider implementation. -- Thanks, Pubudu