diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java index 362945f69e..2840b20b19 100755 --- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java +++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java @@ -42,6 +42,7 @@ import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.UserStorageProviderModel; import org.keycloak.storage.user.ImportedUserValidation; import org.keycloak.storage.user.UserLookupProvider; +import org.keycloak.storage.user.UserRegistrationProvider; import org.keycloak.userprofile.AttributeGroupMetadata; import org.keycloak.userprofile.AttributeMetadata; import org.keycloak.userprofile.UserProfileDecorator; @@ -65,7 +66,8 @@ public class KerberosFederationProvider implements UserStorageProvider, CredentialInputUpdater, CredentialAuthentication, ImportedUserValidation, - UserProfileDecorator { + UserProfileDecorator, + UserRegistrationProvider { private static final Logger logger = Logger.getLogger(KerberosFederationProvider.class); public static final String KERBEROS_PRINCIPAL = KerberosConstants.KERBEROS_PRINCIPAL; @@ -311,4 +313,15 @@ public class KerberosFederationProvider implements UserStorageProvider, AttributeGroupMetadata metadataGroup = UserProfileUtil.lookupUserMetadataGroup(session); return Collections.singletonList(UserProfileUtil.createAttributeMetadata(KerberosConstants.KERBEROS_PRINCIPAL, metadata, metadataGroup, guiOrder++, model.getName())); } + + @Override + public boolean removeUser(RealmModel realm, UserModel user) { + return true; + } + + @Override + public UserModel addUser(RealmModel realm, String username) { + // no support for creating users + return null; + } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java index a9657af95b..d67ade3f68 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java @@ -18,6 +18,7 @@ package org.keycloak.testsuite.federation.kerberos; import jakarta.mail.internet.MimeMessage; +import jakarta.ws.rs.NotFoundException; import jakarta.ws.rs.client.Entity; import jakarta.ws.rs.core.Form; import jakarta.ws.rs.core.MultivaluedMap; @@ -274,4 +275,21 @@ public class KerberosStandaloneTest extends AbstractKerberosSingleRealmTest { infoPage.assertCurrent(); Assert.assertEquals("Your account has been updated.", infoPage.getInfo()); } + + @Test + public void testRemoveUserTest() throws Exception { + assertSuccessfulSpnegoLogin("hnelson", "hnelson", "secret"); + + // User-profile data should be present (including KERBEROS_PRINCIPAL attribute) + UserResource johnResource = ApiUtil.findUserByUsernameId(testRealmResource(), "hnelson"); + UserRepresentation john = johnResource.toRepresentation(true); + Assert.assertNames(john.getUserProfileMetadata().getAttributes(), UserModel.FIRST_NAME, UserModel.LAST_NAME, UserModel.EMAIL, UserModel.USERNAME, KerberosConstants.KERBEROS_PRINCIPAL); + johnResource.remove(); + + try { + john = johnResource.toRepresentation(true); + Assert.fail("should remove the user"); + } catch (NotFoundException expected) { + } + } }