Login without user creation possible?

Hi, I have 3 questions:

  1. Is User-Object (UserModel) always created and persisted in a Keycloak-DB when a new user log into Keycloak?
  2. Is it possible to just create a UserSession-Object but without a User-Object (after login or registration), so after the logout or sessiontimeout Keycloak doesn’t have any information about the user?
  3. Is it possible to delete the User-Object automatically when the User-Session expires? (I know it is possible with custom background-timer-tasks and custom attributes, but does Keycloak provide something out-of-the-box?)



this makes not really sense. If a user logs in, the aim is to generate a persistent state. If you don’t keep that state, then the next time the user logs in again, he will get a new account not related to the previous login. So why should he login at all?

Maybe you should state first what the aim of this exercise really is.

I have the usecase where we use keycloak with an saml identity provider.
So the user is redirected to keycloak, logs-in with saml and is redirected back to the app. We have the requirement to not persist any data about the loged-in user in keycloak (currently all the necessary data we need is stored in session-notes of the session). So the user-object should be deleted after a logout or a session-timeout.
My question is, if it is possible to just create a session-object without the user-object or alternatively to delete the user-object automatically after a session-timeout/ and -delete?