From 0f4497e53e317561ad91d2634b144353b959ebbf Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Wed, 6 May 2015 16:53:47 +0200
Subject: [PATCH] Remove user from KC after removing from federation

---
 .../kerberos/KerberosFederationProvider.java         |  3 +--
 .../org/keycloak/models/UserFederationManager.java   | 12 +++++++++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
index 40094ef5aa..98edd7e81e 100644
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProvider.java
@@ -63,8 +63,7 @@ public class KerberosFederationProvider implements UserFederationProvider {
 
     @Override
     public boolean removeUser(RealmModel realm, UserModel user) {
-        // TODO: Not sure if federation provider is expected to delete user in localStorage. Looks rather like a bug in UserFederationManager.removeUser .
-        return session.userStorage().removeUser(realm, user);
+        return true;
     }
 
     @Override
diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
index b11143357b..ac19f9ab52 100755
--- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
@@ -67,7 +67,17 @@ public class UserFederationManager implements UserProvider {
     public boolean removeUser(RealmModel realm, UserModel user) {
         UserFederationProvider link = getFederationLink(realm, user);
         if (link != null) {
-            return link.removeUser(realm, user);
+            boolean fedRemoved = link.removeUser(realm, user);
+            if (fedRemoved) {
+                boolean localRemoved = session.userStorage().removeUser(realm, user);
+                if (!localRemoved) {
+                    logger.warn("User removed from federation provider, but failed to remove him from keycloak model");
+                }
+                return localRemoved;
+            } else {
+                logger.warn("Failed to remove user from federation provider");
+                return false;
+            }
         }
         return session.userStorage().removeUser(realm, user);