diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
index afdf6684eb..b98d31dfab 100755
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java
@@ -637,7 +637,10 @@ public class LDAPStorageProvider implements UserStorageProvider,
                     logger.warnf("User with username [%s] aready exists and is linked to provider [%s] but is not valid. Stale LDAP_ID on local user is: %s",
                             username,  model.getName(), user.getFirstAttribute(LDAPConstants.LDAP_ID));
                     logger.warn("Will re-create user");
-                    session.userCache().evict(realm, user);
+                    UserCache userCache = session.userCache();
+                    if (userCache != null) {
+                        userCache.evict(realm, user);
+                    }
                     new UserManager(session).removeUser(realm, user, session.userLocalStorage());
                 }
             }
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
index d8d04977b7..317cfaa1c4 100755
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
@@ -34,6 +34,7 @@ import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.ModelException;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.cache.UserCache;
 import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.provider.ProviderConfigProperty;
 import org.keycloak.provider.ProviderConfigurationBuilder;
@@ -532,7 +533,10 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
                             if (username != null) {
                                 UserModel existing = session.userLocalStorage().getUserByUsername(username, currentRealm);
                                 if (existing != null) {
-                                    session.userCache().evict(currentRealm, existing);
+                                    UserCache userCache = session.userCache();
+                                    if (userCache != null) {
+                                        userCache.evict(currentRealm, existing);
+                                    }
                                     session.userLocalStorage().removeUser(currentRealm, existing);
                                 }
                             }
diff --git a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo1_4_0.java b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo1_4_0.java
index 766540d1da..160906c8d6 100755
--- a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo1_4_0.java
+++ b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo1_4_0.java
@@ -24,6 +24,7 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.cache.UserCache;
 import org.keycloak.models.utils.DefaultAuthenticationFlows;
 import org.keycloak.models.utils.DefaultRequiredActions;
 import org.keycloak.models.utils.KeycloakModelUtils;
@@ -81,7 +82,10 @@ public class MigrateTo1_4_0 implements Migration {
             email = KeycloakModelUtils.toLowerCaseSafe(email);
             if (email != null && !email.equals(user.getEmail())) {
                 user.setEmail(email);
-                session.userCache().evict(realm, user);
+                UserCache userCache = session.userCache();
+                if (userCache != null) {
+                    userCache.evict(realm, user);
+                }
             }
         }
     }
diff --git a/services/src/main/java/org/keycloak/credential/OTPCredentialProvider.java b/services/src/main/java/org/keycloak/credential/OTPCredentialProvider.java
index 4bae7ee906..e25de8819e 100644
--- a/services/src/main/java/org/keycloak/credential/OTPCredentialProvider.java
+++ b/services/src/main/java/org/keycloak/credential/OTPCredentialProvider.java
@@ -25,6 +25,7 @@ import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.cache.CachedUserModel;
 import org.keycloak.models.cache.OnUserCache;
+import org.keycloak.models.cache.UserCache;
 import org.keycloak.models.utils.HmacOTP;
 import org.keycloak.models.utils.TimeBasedOTP;
 
@@ -102,7 +103,10 @@ public class OTPCredentialProvider implements CredentialProvider, CredentialInpu
         } else {
             getCredentialStore().updateCredential(realm, user, model);
         }
-        session.userCache().evict(realm, user);
+        UserCache userCache = session.userCache();
+        if (userCache != null) {
+            userCache.evict(realm, user);
+        }
         return true;
 
 
@@ -138,7 +142,10 @@ public class OTPCredentialProvider implements CredentialProvider, CredentialInpu
 
         }
         if (disableTOTP || disableHOTP) {
-            session.userCache().evict(realm, user);
+            UserCache userCache = session.userCache();
+            if (userCache != null) {
+                userCache.evict(realm, user);
+            }
         }
     }
 
diff --git a/services/src/main/java/org/keycloak/credential/PasswordCredentialProvider.java b/services/src/main/java/org/keycloak/credential/PasswordCredentialProvider.java
index b5bc57a065..dc6827d4e3 100644
--- a/services/src/main/java/org/keycloak/credential/PasswordCredentialProvider.java
+++ b/services/src/main/java/org/keycloak/credential/PasswordCredentialProvider.java
@@ -27,6 +27,7 @@ import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.cache.CachedUserModel;
 import org.keycloak.models.cache.OnUserCache;
+import org.keycloak.models.cache.UserCache;
 import org.keycloak.policy.PasswordPolicyManagerProvider;
 import org.keycloak.policy.PolicyError;
 
@@ -96,7 +97,10 @@ public class PasswordCredentialProvider implements CredentialProvider, Credentia
         newPassword.setCreatedDate(createdDate);
         hash.encode(cred.getValue(), policy, newPassword);
         getCredentialStore().createCredential(realm, user, newPassword);
-        session.userCache().evict(realm, user);
+        UserCache userCache = session.userCache();
+        if (userCache != null) {
+            userCache.evict(realm, user);
+        }
         return true;
     }
 
@@ -205,7 +209,10 @@ public class PasswordCredentialProvider implements CredentialProvider, Credentia
 
         hash.encode(cred.getValue(), policy, password);
         getCredentialStore().updateCredential(realm, user, password);
-        session.userCache().evict(realm, user);
+        UserCache userCache = session.userCache();
+        if (userCache != null) {
+            userCache.evict(realm, user);
+        }
 
         return true;
     }
diff --git a/services/src/main/java/org/keycloak/storage/UserStorageManager.java b/services/src/main/java/org/keycloak/storage/UserStorageManager.java
index ae4cd128c0..ccaf8651b4 100755
--- a/services/src/main/java/org/keycloak/storage/UserStorageManager.java
+++ b/services/src/main/java/org/keycloak/storage/UserStorageManager.java
@@ -35,6 +35,7 @@ import org.keycloak.models.UserModel;
 import org.keycloak.models.UserProvider;
 import org.keycloak.models.cache.CachedUserModel;
 import org.keycloak.models.cache.OnUserCache;
+import org.keycloak.models.cache.UserCache;
 import org.keycloak.storage.federated.UserFederatedStorageProvider;
 import org.keycloak.storage.user.ImportedUserValidation;
 import org.keycloak.storage.user.UserBulkUpdateProvider;
@@ -260,7 +261,10 @@ public class UserStorageManager implements UserProvider, OnUserCache {
     protected void deleteInvalidUser(final RealmModel realm, final UserModel user) {
         String userId = user.getId();
         String userName = user.getUsername();
-        session.userCache().evict(realm, user);
+        UserCache userCache = session.userCache();
+        if (userCache != null) {
+            userCache.evict(realm, user);
+        }
         runJobInTransaction(session.getKeycloakSessionFactory(), new KeycloakSessionTask() {
 
             @Override
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java
index 32f6457d00..ed9f8b6797 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java
@@ -36,6 +36,7 @@ import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserProvider;
+import org.keycloak.models.cache.UserCache;
 import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.storage.UserStorageProviderModel;
@@ -315,7 +316,10 @@ public class LDAPSyncTest {
             // Remove all users from model
             for (UserModel user : session.userLocalStorage().getUsers(testRealm, true)) {
                 System.out.println("trying to delete user: " + user.getUsername());
-                session.userCache().evict(testRealm, user);
+                UserCache userCache = session.userCache();
+                if (userCache != null) {
+                    userCache.evict(testRealm, user);
+                }
                 session.userLocalStorage().removeUser(testRealm, user);
             }