diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
index 40094ef..98edd7e 100644
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
@@ -63,8 +63,7 @@ public class KerberosFederationProvider implements UserFederationProvider {
@Override
public boolean removeUser(RealmModel realm, UserModel user) {
- // TODO: Not sure if federation provider is expected to delete user in localStorage. Looks rather like a bug in UserFederationManager.removeUser .
- return session.userStorage().removeUser(realm, user);
+ return true;
}
@Override
diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
index b111433..ac19f9a 100755
--- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
@@ -67,7 +67,17 @@ public class UserFederationManager implements UserProvider {
public boolean removeUser(RealmModel realm, UserModel user) {
UserFederationProvider link = getFederationLink(realm, user);
if (link != null) {
- return link.removeUser(realm, user);
+ boolean fedRemoved = link.removeUser(realm, user);
+ if (fedRemoved) {
+ boolean localRemoved = session.userStorage().removeUser(realm, user);
+ if (!localRemoved) {
+ logger.warn("User removed from federation provider, but failed to remove him from keycloak model");
+ }
+ return localRemoved;
+ } else {
+ logger.warn("Failed to remove user from federation provider");
+ return false;
+ }
}
return session.userStorage().removeUser(realm, user);
