CustomUserStorageProvider with servlet

I want to create a custom UserStorageProvider that communicates with a servlet to handle user lookup and validation, all against my external database without storing this information in Keycloak. Is this possible?

I have implemented a CustomUserStorageProvider in Keycloak that communicates with a servlet to fetch user details and validate credentials. The servlet interacts with an external database to retrieve user information and validate user credentials. Here is a summary of what I’ve done:

  1. User Lookup:
  • Implemented the UserLookupProvider interface to handle user retrieval by username and email.
  • The getUserByUsername method sends a GET request to the servlet, which responds with user details in JSON format. This data is then mapped to a UserModel object.
  1. Credential Validation:
  • Implemented the CredentialInputValidator interface to handle credential validation.
  • The isValid method sends a POST request to the servlet with the username and password, and the servlet validates the credentials against the external database.

the first step is loggin the correct info in the console, but thows this error:

SERVICES0013: Failed authentication: jakarta.persistence.EntityNotFoundException: Unable to find org.keycloak.models.jpa.entities.UserEntity with id eb05471c-58c6-4fab-85c1-0d71da080942.

it seems that is trying to find the user id in keycloak cache or db


Of course you can do it, probably you miss some mapping in User model, pls check class that extends AbstractUserAdapter, you may missing some method.

Here is a full example of custom user federation:

ps. you don’t need ‘auth’ package from link.

hi @djordje ! thanks for your reply,
the issue was the format of my id, i found in the developer guide that the id must be something like this: “f:” + componentModel.getId + “:” + externalid. with that and implementing the method credentialManager in my CustomUser class is working perfectly!

1 Like