Details
-
Bug
-
Resolution: Done
-
Critical
-
RH-SSO-7.2.4.GA
-
- Set up EjbExampleUserStorageProvider provided with v3.4.3.Final
- Enable the Provider on a Realm with email-verification activated.
- Fill out registration form and hit submit
-
Keycloak Sprint 11, Keycloak Sprint 12, Keycloak Sprint 13
Description
Sign-Up fails, having a custom UserStorageProvider in place.
Submitting registration-form on the login-page of the OAuth-Client 'Account':
(http://localhost:8081/auth/realms/acme/login-actions/registration?client_id=account&tab_id=PgYcPJ3xnMg)
results in an error if email-verification is activated for the realm.
Error
21:35:03,019 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-83) Uncaught server error: org.keycloak.models.ModelDuplicateException: javax.persistence.EntityExistsException: A different object with the same identifier value was already associated with the session : [org.keycloak.storage.jpa.entity.FederatedUserRequiredActionEntity#org.keycloak.storage.jpa.entity.FederatedUserRequiredActionEntity$Key@9ad2215c]
Reason:
The required-Action VERIFY_EMAIL gets stored twice in FED_USER_REQUIRED_ACTION, resulting in a Duplicate Key Exception during persist.
There are two calls from Keycloak to Federated getUserById (implemented by UerStorageProvider) in:
- AuthenticationSessionAdapter::getAuthenticatedUser
- UserAdapter::getDelegateForUpdate
Both calls receive a UserAdapter (wrapper around JPA-Entity).
Both UserAdapter represent the same entity, but Keycloak adds required actions for both instances resulting in Duplicate Key Exception