Hi all,
I have created a custom AbstractIdpAuthenticator to be used as FirstLoginFlow for my External IDP configuration.
In the action
method I need to call an external service that (among other things) it takes care of creating the user in Keycloak if it does not exist.
And, if the result is SUCCESS, I need (in this custom first login flow) to get the user (byUsername) and set it as the authenticated user.
This is the code:
@Override
public void action(AuthenticationFlowContext context) {
BrokeredIdentityContext brokeredContext = ...;
// Call to the external system to create the user on Keycloak (if it doesn't exist)
// and if all goes well, then:
UserModel user = context.getSession().users().getUserByUsername(context.getRealm(),
brokeredContext.getModelUsername());
context.clearUser();
context.setUser(user);
context.getAuthenticationSession().setAuthenticatedUser(user);
context.success();
}
The problem is that the user
is always null, even though I can see in the DB that the user exists.
It seems something like the getUserByUsername is done on some “cached” users, or the current transaction cannot see the new user (even if it exists in the DB).
In the same way, when the external service is updating an existing user (instead of creating it), the getUserByUsername can retrieve the user but with the “old” values (for example, for First Name and Last Name).
Debugging it, I can see that the
context.getSession().getTransactionManager().isActive()
is TRUE.
Does someone know why this problem happen and how to fix it?