[keycloak-user] Create user in one realm, delete it from different one
Bystrik Horvath
bystrik.horvath at gmail.com
Wed Oct 5 09:59:04 EDT 2016
I would like to correct the step 4 - authenticate to realm2 using different
client and service account
But the behavior is still the same - I'm able to delete a user creted for
realm1 when using realm2.
On Wed, Oct 5, 2016 at 1:22 PM, Bystrik Horvath <bystrik.horvath at gmail.com>
wrote:
> Dear members,
>
> I currently use Keycloak 1.9.3 and came to very strange behavior. My case
> is following:
> 1.) authenticate to realm1 using a client with service account
> 2.) create an user in realm1
> 3.) retrieve the created user to get its UID
> 4.) authenticate to realm2 using the same client and same service account
> 5.) delete the user in realm2 using the mentioned UID without error
>
> Analyzing the code I found that the class UserCacheSession does not check
> in this case the realm in the method getUserById(String id, RealmModel
> realm). When I restart Keycloak after step 3 and execute the steps 4 and
> 5 afterwards, the case finishes with error (which I found ok).
>
> Is my case somehow wrong or could it be a real issue?
>
> Best regards,
> Bystrik
>
More information about the keycloak-user
mailing list