Implementing UserProvider (override of JpaUserProvider)

199 views
Skip to first unread message

Perot Francis

unread,
Mar 16, 2023, 2:07:25 PM3/16/23
to Keycloak Dev

Hi all,

 

In our environment, we implemented UserProvider (in fact, we just overrided JpaUserProvider, its factory and UserAdapter as well) in order to cipher some attributes.

Migrating to Keycloak 18 with Quarkus, we had to use following configuration in conf/keycloak.conf

 

spi-user-jpa-enabled=false

spi-user-our-jpa-enabled=true

 

Everything were running as expected…

Now, we are migrating to the latest KC version but when running, execution stops with error “Failed to find provider jpa for user”

If I set spi-user-jpa-enabled to true, Keycloak starts but I can see in “Server Info/Providers” that our user provider is not loaded.

 

I had a look at migration changes in “upgrading guides” (ex: https://www.keycloak.org/docs/19.0.0/upgrading/#migration-changes) but interfaces we are using don’t seem to be deprecated (not a user storage SPI, not a deprecated method of a data provider, …)
Does anyone understand what I’m missing?

 

 

Francis Pérot

Senior software engineer

 

Logo Description automatically generated

 

ELCA Security | www.elcasecurity.ch

 

    

 

This message may contain confidential and/or privileged information. If you are neither the addressee nor

Authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on

this message or any  information herein. If you have received this message in error, please contact the sender

and delete this message. Thank you.

 

Fesenmeyer Daniel (BD/PAU2)

unread,
Mar 16, 2023, 3:16:16 PM3/16/23
to Perot Francis, Keycloak Dev

Hi Francis,

 

We have experienced something similar with a custom EventStoreProvider. In our case, we did not get an error – but the Keycloak default provider was loaded instead of our own.

What worked for us, was to use the exactly same ID for our provider as defined for the Keycloak default provider.

 

And it’s interesting that the custom ID also worked for us with Keycloak 18, but did no longer with Keycloak 19.

You can find the discussion here: https://github.com/keycloak/keycloak/discussions/13837

 

Best regards

Daniel Fesenmeyer

Product Area User Management (BD/PAU2)
Bosch.IO GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch.io
Tel. +49 30 403659-478 | Telefax +49 30 726112-100 | Daniel.F...@bosch.io

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Stefan Koss; Geschäftsführung: Dr. Andreas Nauerz, Stephan Lampel

 

 

--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/eab6fb9f3e6a4d91b49eefcafd662532%40elca.ch.

Perot Francis

unread,
Mar 17, 2023, 4:51:02 AM3/17/23
to Fesenmeyer Daniel (BD/PAU2), Keycloak Dev

Hi Daniel,

 

Thanks for the tip… It worked perfectly!

 

Regards,

Francis

 

From: Fesenmeyer Daniel (BD/PAU2) <Daniel.F...@bosch.com>
Sent: jeudi, 16 mars 2023 20:16
To: Perot Francis <franci...@elca.ch>; Keycloak Dev <keyclo...@googlegroups.com>
Subject: AW: Implementing UserProvider (override of JpaUserProvider)

 

 

EXTERNAL MESSAGE - This email comes from outside ELCA companies.
Reply all
Reply to author
Forward
0 new messages