Duplcated of How to access the original case sensitive username input in custom user storage provider of keycloak?

Question

I developed a service provider interface (SPI) for User Federation in keycloak.

When I try to login with an existing case sensitive user, keycloak converts it to lower case, so at the end, the sent username was not found in my user API.

I am using keycloak 20.0.1 version and it is deploying in a docker container.

I found this post in stackoverflow that share an anwerd relatated for this, buth I do not get solution. I replaced conf/cache-ispn.xml as it metion, buth when keycloak starts it gets the error Cache 'users' has been requested, but no matching cache configuration exists.

I realy apreciate if some one knows if there is an alternative.

Regardles.

I tried to get original input username with case sensitive in keycloak login.

Answer 1

I've tried the solution mentioned on that post about removing the cache configuration from cache-ispn.xml but it doesn't work at least not in the version i'm using - 22.0.3 - I need the case sensitive username to delegate the autentication to another service. I found that the problem is within a class UserCacheSession which runs before my customization and converts the username to lowercase. As a workaround I write my own Cache SPI Customization that I inherit from the default implementation (infinispan), basically I wrote a class like this:

class CustomUserCacheProviderFactory extends InfinispanUserCacheProviderFactory {
    @Override
    public UserCache create(KeycloakSession session) {
        this.lazyInit(session);
        return new CustomUserCache(this.userCache, session);
    }

Which creates a CustomCache that inherits from the default implementation too:

public class CustomUserCache extends UserCacheSession {
    @Override
    public UserModel getUserByUsername(RealmModel realm, String username) {
        MemoryCache.getInstance().put(username.toLowerCase(), username);
        return super.getUserByUsername(realm, username);
    }
}

There I created my own MemoryCache which is a key-value store where I save the original username so I can get it where I need without interfering with what Keycloak does internally.