Sebastian Schuster

@joshhodgson Can you please also sign off your commit (just do `git commit --amend -s` and force-push your branch)?

@pedroigor I know that @mposolda worked in the same are recently, maybe he also has some thoughts. If you could give me some pointers where to ideally implement this, I...

@pedroigor It looks like the token used for federated logout for a normal session is the one stored in the session note, see https://github.com/keycloak/keycloak/blob/bbb83236f5251e3c4718eac63ab0e640a80913f1/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java#L170 So we cannot remove it completely....

@rmartinc Thanks for your feedback. On the IDP, there is a setting "Store tokens" already. Let me check if this has any effect...

@rmartinc To me, it looks like this setting controls if external tokens are stored in the `FederatedIdentity`, see https://github.com/keycloak/keycloak/blob/731274f39e522d6a852f630796aac4452912683b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java#L499 . They seem to be always stored as a session note,...

Implemented by https://github.com/keycloak/terraform-provider-keycloak/pull/1042

@soulchild The user profile is always enabled so you always have to define a valid user profile containing at least username as required attribute and email.

Thanks for noting @nlederman. I will go ahead and close this issue. @Writtscher Feel free to comment here if anything is missing.

@mposolda The reason for the behaviour is this: https://github.com/keycloak/keycloak/blob/9c02bb29d34b69bf8f0356d77117402461a3950a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java#L247-L250 It looks like it is intended but I don't know why. Maybe @pedroigor does?

@chrismilson Have you tried running the tests locally?