The configuration with RH-SSO on a service with OpenID Connect is configured correctly, and when an application is created in 3scale, it gets created in RH-SSO.

However, after deleting the whole service (and its applications), the following errors are observed in the RH-SSO logs:

~~~
11:38:55,725 WARN [org.keycloak.events] (default task-2) type=CLIENT_DELETE_ERROR, realmId=some-realm-name, clientId=some-client-id, userId=null, ipAddress=10.10.10.10, error=client_not_found
~~~

It looks like the client has already been deleted from RH-SSO, but there is still some kind of event "stuck" in SaaS that keeps trying to delete the same client again.

For each affected client, the above logs appear multiple times in a row, then stop for a while, then appear again.

Dev notes

When Zync receives an error from Keycloak and the message is type=CLIENT_DELETE_ERROR it should mark the job as success.
I (Hery) think right now the job is marked as failed thus retrying after a backoff delay

So the error is re-raised in Zync, making the job to be rescheduled

https://github.com/3scale/zync/blob/5317e7c3938fd16a88d3dc2feb4c35d1c7f0d0e4/app/jobs/process_integration_entry_job.rb#L34-L43