Keycloak Import Implementation Strategy Issues After Update to v15.0.2

Hi all,

I recently upgraded Keycloak from v12.0.4 to the current latest 15.0.2. Everything went smoothly EXCEPT for the case where a new user registers using Keycloak.

We have an existing SQL database and are using the strategy covered in the server developer guide mentioned here: Server Developer Guide in v12.0.4 (and wish to continue using in 15.0.2 as well)

In v12.0.4, upon successfully validating the user registration form, the user registration class would then hit the success() method, where I have a method setup to store the user in the SQL database. And after storing the user it then goes through our UserProvider.createAdapter() method where it does the strategy mentioned in the developer guide (check for local user, if not there check user-federation, and if found create local user)

Upon updating to 15.0.2, however, I see that it is now performing these actions in the opposite order. It now hits the UserProvider.createAdapter() method, does the check for the local user, sees there isn’t one, then checks the SQL database, sees there isn’t one, and THEN hits the success() method of the registration class and creates the user in the SQL database, causing the newly created local Keycloak user to not be linked to the user-federation (we do not want to call UserModel.setFederationLink method until it finds the SQL user, which it doesn’t since it performs SQL insert last now after the update)

Our registration flow in Keycloak has not changed between versions, so it is my understanding that immediately after the registration class successfully runs through the validate() class that it will then perform the actions in the success() method.

Is this wrong/has changed with the latest Keycloak version? If I need to provide any additional information, screenshots, or anything else, please feel free to let me know. Thank you!

1 Like

EDIT: To anyone who runs into the same/similar issue, I have found the resolution. Turns out with the 15.0.2, user registration validation is performed using methods from the user provider class (getUserByUsername, getUserByEmail, etc). We previously had these methods returning a user adapter, which was causing it to hit the createAdapter method as part of the validation process before going to the success method.

By updating those methods to return null if the user was not found in our SQL database (otherwise run createAdapter method), it functioned as expected and would find no users in external database, run the success method to create the user before finally hitting the addUser method from the user provider class to successfully do the import implementation strategy.

Also had to update our user adapter method for removing attributes, as now for some reason Keycloak removes all user attributes that aren’t firstName, lastName, email, and username, though that’s a question for a different forum post.