LDAP down gets active token expired


I would like to get your advice on the following scenario:

  1. LDAP user is logged in
  2. LDAP goes down (or not available)
  3. We synchronize the users in Keycloak Admin Console OR we try to update a user property (in KC - we use unsynced mode)

Next user move in the application redirects user to Internal Error Page.

What we expected:
Since the user has a valid token, we didn’t expect that his token would be invalidated (or expired?). The goal would be that the user could continue working as long as that token is active.
Of course, updating the user would cause an exception of failure, which we would catch and inform the user in a feedback panel.

What we see:
Even after catching the exception when the user tries to update the user (the code continues) on the next user request he gets the Internal Error Page which makes us think that his token got expired.

Please let me know if you need more information.

Thank you in advance,


Any update on this topic?