Allow removing users federated from a kerberos provider

Closes #31603

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java

@@ -42,6 +42,7 @@ import org.keycloak.storage.UserStorageProvider;
 import org.keycloak.storage.UserStorageProviderModel;
 import org.keycloak.storage.user.ImportedUserValidation;
 import org.keycloak.storage.user.UserLookupProvider;
+import org.keycloak.storage.user.UserRegistrationProvider;
 import org.keycloak.userprofile.AttributeGroupMetadata;
 import org.keycloak.userprofile.AttributeMetadata;
 import org.keycloak.userprofile.UserProfileDecorator;
@@ -65,7 +66,8 @@ public class KerberosFederationProvider implements UserStorageProvider,
         CredentialInputUpdater,
         CredentialAuthentication,
         ImportedUserValidation,
-        UserProfileDecorator {
+        UserProfileDecorator,
+        UserRegistrationProvider {
 
     private static final Logger logger = Logger.getLogger(KerberosFederationProvider.class);
     public static final String KERBEROS_PRINCIPAL = KerberosConstants.KERBEROS_PRINCIPAL;
@@ -311,4 +313,15 @@ public class KerberosFederationProvider implements UserStorageProvider,
         AttributeGroupMetadata metadataGroup = UserProfileUtil.lookupUserMetadataGroup(session);
         return Collections.singletonList(UserProfileUtil.createAttributeMetadata(KerberosConstants.KERBEROS_PRINCIPAL, metadata, metadataGroup, guiOrder++, model.getName()));
     }
+
+    @Override
+    public boolean removeUser(RealmModel realm, UserModel user) {
+        return true;
+    }
+
+    @Override
+    public UserModel addUser(RealmModel realm, String username) {
+        // no support for creating users
+        return null;
+    }
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java

@@ -18,6 +18,7 @@
 package org.keycloak.testsuite.federation.kerberos;
 
 import jakarta.mail.internet.MimeMessage;
+import jakarta.ws.rs.NotFoundException;
 import jakarta.ws.rs.client.Entity;
 import jakarta.ws.rs.core.Form;
 import jakarta.ws.rs.core.MultivaluedMap;
@@ -274,4 +275,21 @@ public class KerberosStandaloneTest extends AbstractKerberosSingleRealmTest {
         infoPage.assertCurrent();
         Assert.assertEquals("Your account has been updated.", infoPage.getInfo());
     }
+
+    @Test
+    public void testRemoveUserTest() throws Exception {
+        assertSuccessfulSpnegoLogin("hnelson", "hnelson", "secret");
+
+        // User-profile data should be present (including KERBEROS_PRINCIPAL attribute)
+        UserResource johnResource = ApiUtil.findUserByUsernameId(testRealmResource(), "hnelson");
+        UserRepresentation john = johnResource.toRepresentation(true);
+        Assert.assertNames(john.getUserProfileMetadata().getAttributes(), UserModel.FIRST_NAME, UserModel.LAST_NAME, UserModel.EMAIL, UserModel.USERNAME, KerberosConstants.KERBEROS_PRINCIPAL);
+        johnResource.remove();
+
+        try {
+            john = johnResource.toRepresentation(true);
+            Assert.fail("should remove the user");
+        } catch (NotFoundException expected) {
+        }
+    }
 }