Dear members,
I currently use Keycloak 1.9.3 and came to very strange behavior. My case
is following:
1.) authenticate to realm1 using a client with service account
2.) create an user in realm1
3.) retrieve the created user to get its UID
4.) authenticate to realm2 using the same client and same service account
5.) delete the user in realm2 using the mentioned UID without error
Analyzing the code I found that the class UserCacheSession does not check
in this case the realm in the method getUserById(String id, RealmModel
realm). When I restart Keycloak after step 3 and execute the steps 4 and 5
afterwards, the case finishes with error (which I found ok).
Is my case somehow wrong or could it be a real issue?
Best regards,
Bystrik