Need help - Federation not creating users nor saving attributes


This question comes in the sequence of this other one. I think I now have a better understanding of how Federation should work, however, I’m still having issues with my implementation. Namely, I cannot ever see the Users on the users tab, and when looking at the user in the sessions, there’s a lot of missing information.
I don’t understand what I’m doing wrong, so I kindly ask for your help.

To remind, here’s my use case:

So, I have a (remote) REST API that provides functionalities such as Login and UserDetails.

  • Login provides an auth token (a JSESSION) which comes in the form of a Cookie. If this API returns an OK, then the user is valid and logged in and we call this login method from the isValid method on the Storage Provider.
  • UserDetails returns the user information (name, phone, permissions, etc) and requires a valid JSESSION token in order to work, which is the one retrieved from the Login call. It doesn’t work without it.

I’m using this REST API as the de facto validator of the users. If this API says all is OK, then Keycloak should generate a JWT and proceed with its normal operation.

I’ve implemented custom user federation (and also a ReadOnlyUserAdapter, which I’d tried to use at first) where I have the following logic:

  1. Create a adapter/model based solely on the email from the login form. Proceed with normal operation
  2. on the isValid method:
    1- login the user through the REST call and get the JSESSION token
    2- call the Current-User REST endpoint, get user details and map them to a Dto object
    3- lookup for the user, by email, in the loadedUsers and delete it if found
    4- create a new adapter, based on the Dto object which already contains all the user details
  3. Proceed with normal operation

However, even though I can see the user Dto contains all the required attributes as well as the adapter object, when it’s stored, I still get those issues mentioned above, namely, I don’t see these details in the admin console.

Can you help me figure out what wrong? Here’s a repo with code to reproduce the issue. It’s based on a remote mocks service that returns the correct information.

No one? What am I doing wrong with my questions, since they don’t get a reply? Any help would be highly appreciated, I’m stuck on this for 3 weeks now

hi @CelsoSantos

I don’t if I can help, but this is what I know:

  • You don’t need to create some remote REST API to do the Login and UserDetails provider. Keycloak already has it. Just register your app/services as a client of Keycloak and It will handle the login process for you.
  • For UserDetails, try to use user-info API in your Keycloak realms. Of course, it requires a valid access token.
  • Session already handled by default Keycloak Web authenticator. You can go to Authenticator menu to see the detail. You can also custom it.


Maybe the way I explained might have introduced some confusion, but that REST API is actually something that already exists on a 3rd-party parter API, that is the de facto authenticator of the users. We let their users use our platform. Keycloak is there to then ensure that we use an OIDC token to talk within our BEs/FEs while “translating” this 3rd-party cookie