I would like to correct the step 4 - authenticate to realm2 using different
client and service account
But the behavior is still the same - I'm able to delete a user creted for
realm1 when using realm2.
On Wed, Oct 5, 2016 at 1:22 PM, Bystrik Horvath <bystrik.horvath(a)gmail.com>
I currently use Keycloak 1.9.3 and came to very strange behavior. My case
1.) authenticate to realm1 using a client with service account
2.) create an user in realm1
3.) retrieve the created user to get its UID
4.) authenticate to realm2 using the same client and same service account
5.) delete the user in realm2 using the mentioned UID without error
Analyzing the code I found that the class UserCacheSession does not check
in this case the realm in the method getUserById(String id, RealmModel
realm). When I restart Keycloak after step 3 and execute the steps 4 and
5 afterwards, the case finishes with error (which I found ok).
Is my case somehow wrong or could it be a real issue?