Custom UserStorageProvider: user is read only using "Edit Account"

Extending the server
1

Hi All,
I’ve implemented a custom UserStorageProvider to federate users I host in a Postgres DB. It works.
My CustomUserStorageProvider implements, among others, CredentialInputUpdater.
I’m able to change the user password using the realm admin page.

The problem is that when a user tries to do it by itself, using the Edit Account area (URL /auth/realms//account/), it gets an error and the logs contain:

10:44:43,261 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-6) Uncaught server error: org.keycloak.storage.ReadOnlyException: user is read only for this update
[…]

It seems like my custom UserAdapter is not instantiated when arriving from Edit Account, so the removeRequiredAction throws the exception.

Full details and full logs can be found here, on StackOverflow.

Any idea?
Thanks a lot

2

There are two removeRequiredAction() methods. One with the RequiredAction object as argument, one with a String.
IIRC, the one with the string is called when the user tries to change the password, so you have to override it also to your needs.

3

THANKS SO MUCH!!! You are right, it works now!!!
Thanks again!!! :slight_smile:

4

I want to update the custom attribute of federated users with Admin API but it throws read only an error. I have overridden both methods. Still does not work. Any clue what is wrong?