Hi,
We developed our own user federation provider to pull users from a legacy application. It works fine : users and their attributes are retrieved.
We do not import user in the keycloak database.
We are also relying on an external identity provider (OIDC-compatible).
Login workflow is configured so that a user authenticating through the external identity provider is matched with an existing federated user if any is found in keycloak or if not, the user is required to login with username/password against the federation provider to make the association.
Everything works fine until a user is deleted and recreated in the user federation provider.
When the user logs in, the external identity provider authenticates the user, keycloak asks the federation provider about the previously known ID which respond null (or the new ID).
Then keycloak tries to save the user but complains about an existing entry.
We tried to call new UserManager(session).removeUser(realm, user, UserStoragePrivateUtil.userLocalStorage(session)); in getUserById() if the id is not found by our federation provider but it seems to do nothing.
Are we missing something ?
Thanks