[keycloak-user] UserFederationProvider CredentialValidationOutput validCredentials and close method never called

Marek Posolda mposolda at redhat.com
Mon Oct 26 03:48:54 EDT 2015

On 24/10/15 23:27, alex orl wrote:
> I'm using jboss keycloak 1.5 final version.
> I developed my custom user federation provider interfacing with 
> keycloak properties and my user enterprise database.
> My need is to send up to user the login interface custom error 
> messages based on particular specific error related to my legacy user db.
> I saw keycloak themes have a resources folder by which i can localize 
> and add new messages. Then i can reference them by angular js using
> $myMessage
> notation. The problem is i want to rise up a message from keycloak 
> server. My user federation provider implements UserFederationProvider 
> interface. So i should have to override:
> @Override
> public CredentialValidationOutput validCredentials(RealmModel realm, 
> UserCredentialModel credential) {
> LOGGER.info("validCredentials(realm, credential)");
> return CredentialValidationOutput.failed();
> }
> In the UserFederationProvider interface i read that validCredentials :
> Validate credentials of unknown user. The authenticated user is 
> recognized based on provided credentials and returned back in 
> CredentialValidationOutput
> It seems to be the method i was looking for just because 
> CredentialValidationOutput contains custom messages to be sent as 
> validation output. The problem is this method is never called.
This method is called by Keycloak just during use-cases, when you want 
to authenticate with unknown user. Which is currently during 
Kerberos/SPNEGO login. It's not called during basic flow with 
username/password authentication.

I think if you want to propagate error messages, you can for example 
throw ModelException with the error message you want.
> The same happens to the close method. It's never called at the end of 
> each request so i cannot dispose my objects
> Why?
Feel free to create JIRA for the close method.

> Thanks a lot
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151026/b492ba0b/attachment-0001.html 

More information about the keycloak-user mailing list