diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java index 40094ef5aa..98edd7e81e 100644 --- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java +++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java @@ -63,8 +63,7 @@ public class KerberosFederationProvider implements UserFederationProvider { @Override public boolean removeUser(RealmModel realm, UserModel user) { - // TODO: Not sure if federation provider is expected to delete user in localStorage. Looks rather like a bug in UserFederationManager.removeUser . - return session.userStorage().removeUser(realm, user); + return true; } @Override diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java index b11143357b..ac19f9ab52 100755 --- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java +++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java @@ -67,7 +67,17 @@ public class UserFederationManager implements UserProvider { public boolean removeUser(RealmModel realm, UserModel user) { UserFederationProvider link = getFederationLink(realm, user); if (link != null) { - return link.removeUser(realm, user); + boolean fedRemoved = link.removeUser(realm, user); + if (fedRemoved) { + boolean localRemoved = session.userStorage().removeUser(realm, user); + if (!localRemoved) { + logger.warn("User removed from federation provider, but failed to remove him from keycloak model"); + } + return localRemoved; + } else { + logger.warn("Failed to remove user from federation provider"); + return false; + } } return session.userStorage().removeUser(realm, user);