So, we’ve implemented our custom user storage provider based on a stateful EJB that interacts with a proprietary relational user database and implements all sort of interfaces (
CredentialInputUpdater). It integrates well with Keycloak so far. We’re able to sign-in, list and modify users, change passwords and verify configured password policies.
However, what does not work at the moment is the Expire Password policy, for which I’m confused what needs to be done to support this. I found out so far that
o.k.a.r.UpdatePassword.evaluateTriggers() retrieves a
PasswordCredentialProvider and calls
getPassword() and that one either gets the password and created date from the cached user model or from a
What exactly do I need to implement? Should my user storage provider implement
UserCredentialStore? This is confusing since it has a lot of methods that overlap with
CredentialInputUpdater. Or do I need my own
Any pointers are appreciated!