Missing Federated Identity Record with Custom User Storage Provider


I’m on 18 and 19.

I’m linking an account stored in a custom User Storage Provider to an external IdP. After being prompted for the User Storage Provider record’s credentials, the accounts are linked. However, if I go to the Identity Provider Links tab, I don’t see a row. There isn’t a record in the FEDERATED_IDENTITY table.

I can create the IdP Link manually.

Is there something missing in my User Storage Provider that would skip over creating a IdP Link?

I’m pretty sure I’m missing a method implementation in my code. Maybe something like a Session Users object that needs to consider my SPI?


I’ve been looking through the Keycloak code and was wondering if the difference was in Required Action. The identity provider link record it creates expects a UserEntity which wouldn’t be there in my user federation case. That would also explain why it does show up if I manually create the link.

The problem was an upper-case username :man_facepalming: