Hello,
This question comes in the sequence of this other one. I think I now have a better understanding of how Federation should work, however, I’m still having issues with my implementation. Namely, I cannot ever see the Users on the users tab, and when looking at the user in the sessions, there’s a lot of missing information.
I don’t understand what I’m doing wrong, so I kindly ask for your help.
To remind, here’s my use case:
So, I have a (remote) REST API that provides functionalities such as Login and UserDetails.
- Login provides an auth token (a JSESSION) which comes in the form of a Cookie. If this API returns an OK, then the user is valid and logged in and we call this login method from the
isValid
method on the Storage Provider.- UserDetails returns the user information (name, phone, permissions, etc) and requires a valid JSESSION token in order to work, which is the one retrieved from the Login call. It doesn’t work without it.
I’m using this REST API as the de facto validator of the users. If this API says all is OK, then Keycloak should generate a JWT and proceed with its normal operation.
I’ve implemented custom user federation (and also a ReadOnlyUserAdapter, which I’d tried to use at first) where I have the following logic:
- Create a adapter/model based solely on the email from the login form. Proceed with normal operation
- on the
isValid
method:
1- login the user through the REST call and get the JSESSION token
2- call the Current-User REST endpoint, get user details and map them to a Dto object
3- lookup for the user, by email, in the loadedUsers and delete it if found
4- create a new adapter, based on the Dto object which already contains all the user details - Proceed with normal operation
However, even though I can see the user Dto contains all the required attributes as well as the adapter object, when it’s stored, I still get those issues mentioned above, namely, I don’t see these details in the admin console.
Can you help me figure out what wrong? Here’s a repo with code to reproduce the issue. It’s based on a remote mocks service that returns the correct information.