...
Disabled user got reenabled in Keycloak.
bulk_uploaduser set to active in Profile service DB.
...
Timeline
: ??:?? Users got disabled in usermanagement
: 12:52 Mike Richardson reported an issue with Bulk upload on Teams.
: 13:47 Tried re-upload the same file, resulting in the same error.
: 13:52 User reenabled in keycloak, bulk upload went through.
: 13:54 Asked users to try and re-upload.
: 14:18 Mike Richardson reported an Internal Server Error as
Reason for import failurewhen uploading a file.: 16:22 Another admin tried to upload a file and the upload fails to complete in a similar way as what Mike initially reported.
: 17:07
bulk_uploaduser enabled in profile service, previously updated in keycloak which does not sync the change the same way user management does.
...
Root Cause(s)
Bulk upload failed to connect to TCS.
Bulk upload user was disabled.
The bulk upload user was listed in a report of potentially outdated accounts.
The bulk upload has a transformuk email address.
Email address was never updated.
...
Action Items | Owner |
|---|---|
Update the email address of all sensible users (in prod and stage) | |
Check keycloak to find other users with outdated email addresses and update them (in prod and stage) | |
Create a slack channel with email accounts associated to it to receive notifications for when passwords need resetting or logins are denied etc. |
...
Lessons Learned
(De)activating users should be done using user management and not directly in Keycloak.