Hi everyone,
I am trying to update our federation from Keycloak 2.2.1 to 3.2.
My problem is that the federation in our setup is responsible for blocking inactive user
accounts. In the old version the validateAndProxy-method was called on every user-request
(e.g. during the login-process). This method deactivated the user when the lastLogin
timestamp (user attribute) was too old.
In the current version the federation has changed. My first try was to implement the
UserStorageProvider with the ImportedUserValidation interface. But the validate method is
calling only once for each user. According to my understanding the method is only calling
on the local storage access and not when the user is in the cache.
My second try was to implement an EventListenerProvider and check the timestamp on the
LOGIN event. This worked but I did not get any error message on the Login-Screen. If I
disable a user during the login process keycloak fires a CODE_TO _TOKEN_ERROR event. The
result is a reload of the login screen without user notification or any error message for
the user.
Does someone have an idea how to solve the problem?
Thanks and regards,
Markus
Show replies by date