OTP for read only federated users

When having federated users if I setup required otp, after login I try to configure otp but it fails with error User is read only … Is there a way to enable OTP configuration for OTP users. I use a custom User storage provider for user federation form our database.

the error

2022-01-31 17:00:12,704 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-669) Uncaught server error: org.keycloak.storage.ReadOnlyException: user is read only for this update
	at org.keycloak.keycloak-server-spi@15.1.1//org.keycloak.storage.adapter.AbstractUserAdapter.removeRequiredAction(AbstractUserAdapter.java:77)
	at org.keycloak.keycloak-services@15.1.1//org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:1044)
	at org.keycloak.keycloak-services@15.1.1//org.keycloak.services.resources.LoginActionsService.requiredActionPOST(LoginActionsService.java:967)

Hi @simonC,
I faced the same issue with our setup. I don’t know how to solve this issue without modifying the source code. I would be happy if an easier solution exists.

@Sunwind for the adapter implement AbstractUserAdapterFederatedStorage

public class UserAdapter extends AbstractUserAdapterFederatedStorage

and in the sotrage provider implement

public class UserStorageProvider implements UserStorageProvider, UserLookupProvider, CredentialInputValidator, CredentialInputUpdater, UserQueryProvider {

this worked for me

look also here

Thank you @simonC!
I’ll try to follow your approach

Do you know of a way to store my OTP data using my UserStorage? I al,ready implemented CredentialInputUpdater, but it isn’t called when the user updates it’s OTP client.

Thank you in advance