ssoSessionIdleTimeout refactor

core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java

@@ -10,13 +10,12 @@ import java.util.Set;
  * @version $Revision: 1 $
  */
 public class RealmRepresentation {
-    protected String self; // link
     protected String id;
     protected String realm;
     protected Integer notBefore;
     protected Integer accessTokenLifespan;
-    protected Integer refreshTokenLifespan;
-    protected Integer centralLoginLifespan;
+    protected Integer ssoSessionIdleTimeout;
+    protected Integer ssoSessionMaxLifespan;
     protected Integer accessCodeLifespan;
     protected Integer accessCodeLifespanUserAction;
     protected Boolean enabled;
@@ -62,14 +61,6 @@ public class RealmRepresentation {
     protected long auditExpiration;
     protected List<String> auditListeners;
 
-    public String getSelf() {
-        return self;
-    }
-
-    public void setSelf(String self) {
-        this.self = self;
-    }
-
     public String getId() {
         return id;
     }
@@ -142,20 +133,20 @@ public class RealmRepresentation {
         this.accessTokenLifespan = accessTokenLifespan;
     }
 
-    public Integer getRefreshTokenLifespan() {
-        return refreshTokenLifespan;
+    public Integer getSsoSessionIdleTimeout() {
+        return ssoSessionIdleTimeout;
     }
 
-    public Integer getCentralLoginLifespan() {
-        return centralLoginLifespan;
+    public void setSsoSessionIdleTimeout(Integer ssoSessionIdleTimeout) {
+        this.ssoSessionIdleTimeout = ssoSessionIdleTimeout;
     }
 
-    public void setCentralLoginLifespan(Integer centralLoginLifespan) {
-        this.centralLoginLifespan = centralLoginLifespan;
+    public Integer getSsoSessionMaxLifespan() {
+        return ssoSessionMaxLifespan;
     }
 
-    public void setRefreshTokenLifespan(Integer refreshTokenLifespan) {
-        this.refreshTokenLifespan = refreshTokenLifespan;
+    public void setSsoSessionMaxLifespan(Integer ssoSessionMaxLifespan) {
+        this.ssoSessionMaxLifespan = ssoSessionMaxLifespan;
     }
 
     public List<UserRoleMappingRepresentation> getRoleMappings() {

forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js

@@ -623,16 +623,16 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
         $scope.realm.accessTokenLifespan = TimeUnit.convert($scope.realm.accessTokenLifespan, from, to);
     });
 
-    $scope.realm.centralLoginLifespanUnit = TimeUnit.autoUnit(realm.centralLoginLifespan);
-    $scope.realm.centralLoginLifespan = TimeUnit.toUnit(realm.centralLoginLifespan, $scope.realm.centralLoginLifespanUnit);
-    $scope.$watch('realm.centralLoginLifespanUnit', function(to, from) {
-        $scope.realm.centralLoginLifespan = TimeUnit.convert($scope.realm.centralLoginLifespan, from, to);
+    $scope.realm.ssoSessionIdleTimeoutUnit = TimeUnit.autoUnit(realm.ssoSessionIdleTimeout);
+    $scope.realm.ssoSessionIdleTimeout = TimeUnit.toUnit(realm.ssoSessionIdleTimeout, $scope.realm.ssoSessionIdleTimeoutUnit);
+    $scope.$watch('realm.ssoSessionIdleTimeoutUnit', function(to, from) {
+        $scope.realm.ssoSessionIdleTimeout = TimeUnit.convert($scope.realm.ssoSessionIdleTimeout, from, to);
     });
 
-    $scope.realm.refreshTokenLifespanUnit = TimeUnit.autoUnit(realm.refreshTokenLifespan);
-    $scope.realm.refreshTokenLifespan = TimeUnit.toUnit(realm.refreshTokenLifespan, $scope.realm.refreshTokenLifespanUnit);
-    $scope.$watch('realm.refreshTokenLifespanUnit', function(to, from) {
-        $scope.realm.refreshTokenLifespan = TimeUnit.convert($scope.realm.refreshTokenLifespan, from, to);
+    $scope.realm.ssoSessionMaxLifespanUnit = TimeUnit.autoUnit(realm.ssoSessionMaxLifespan);
+    $scope.realm.ssoSessionMaxLifespan = TimeUnit.toUnit(realm.ssoSessionMaxLifespan, $scope.realm.ssoSessionMaxLifespanUnit);
+    $scope.$watch('realm.ssoSessionMaxLifespanUnit', function(to, from) {
+        $scope.realm.ssoSessionMaxLifespan = TimeUnit.convert($scope.realm.ssoSessionMaxLifespan, from, to);
     });
 
     $scope.realm.accessCodeLifespanUnit = TimeUnit.autoUnit(realm.accessCodeLifespan);
@@ -660,14 +660,14 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
     $scope.save = function() {
         var realmCopy = angular.copy($scope.realm);
         delete realmCopy["accessTokenLifespanUnit"];
-        delete realmCopy["refreshTokenLifespanUnit"];
+        delete realmCopy["ssoSessionMaxLifespanUnit"];
         delete realmCopy["accessCodeLifespanUnit"];
-        delete realmCopy["centralLoginLifespanUnit"];
+        delete realmCopy["ssoSessionIdleTimeoutUnit"];
         delete realmCopy["accessCodeLifespanUserActionUnit"];
 
         realmCopy.accessTokenLifespan = TimeUnit.toSeconds($scope.realm.accessTokenLifespan, $scope.realm.accessTokenLifespanUnit)
-        realmCopy.centralLoginLifespan = TimeUnit.toSeconds($scope.realm.centralLoginLifespan, $scope.realm.centralLoginLifespanUnit)
-        realmCopy.refreshTokenLifespan = TimeUnit.toSeconds($scope.realm.refreshTokenLifespan, $scope.realm.refreshTokenLifespanUnit)
+        realmCopy.ssoSessionIdleTimeout = TimeUnit.toSeconds($scope.realm.ssoSessionIdleTimeout, $scope.realm.ssoSessionIdleTimeoutUnit)
+        realmCopy.ssoSessionMaxLifespan = TimeUnit.toSeconds($scope.realm.ssoSessionMaxLifespan, $scope.realm.ssoSessionMaxLifespanUnit)
         realmCopy.accessCodeLifespan = TimeUnit.toSeconds($scope.realm.accessCodeLifespan, $scope.realm.accessCodeLifespanUnit)
         realmCopy.accessCodeLifespanUserAction = TimeUnit.toSeconds($scope.realm.accessCodeLifespanUserAction, $scope.realm.accessCodeLifespanUserActionUnit)
 

forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-tokens.html

@@ -2,8 +2,8 @@
 <div id="content-area" class="col-sm-9" role="main">
     <ul class="nav nav-tabs nav-tabs-pf"  data-ng-show="!create">
         <li><a href="#/realms/{{realm.realm}}/sessions/realm">Realm Sessions</a></li>
-        <li><a href="#/realms/{{realm.realm}}/token-settings">Token Settings</a></li>
-        <li class="active"><a href="#/realms/{{realm.realm}}/sessions/revocation">Revocation</a></li>
+        <li class="active"><a href="#/realms/{{realm.realm}}/token-settings">Token Settings</a></li>
+        <li><a href="#/realms/{{realm.realm}}/sessions/revocation">Revocation</a></li>
         <li><a href="#/realms/{{realm.realm}}/sessions/brute-force">Brute Force</a></li>
     </ul>
     <div id="content">
@@ -15,17 +15,37 @@
         <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
             <fieldset class="border-top">
                 <div class="form-group input-select">
-                    <label class="col-sm-2 control-label" for="centralLoginLifespan">Central Login Lifespan</label>
+                    <label class="col-sm-2 control-label" for="ssoSessionIdleTimeout">SSO Session Idle Timeout</label>
                     <div class="col-sm-10">
                         <div class="row">
                             <div class="col-sm-2">
                                 <input class="form-control" type="number" required min="1"
-                                       max="31536000" data-ng-model="realm.centralLoginLifespan"
-                                       id="centralLoginLifespan" name="centralLoginLifespan"/>
+                                       max="31536000" data-ng-model="realm.ssoSessionIdleTimeout"
+                                       id="ssoSessionIdleTimeout" name="ssoSessionIdleTimeout"/>
                             </div>
                             <div class="col-sm-2 select-kc">
-                                <select name="centralLoginLifespanUnit" data-ng-model="realm.centralLoginLifespanUnit" >
-                                    <option data-ng-selected="!realm.centralLoginLifespanUnit">Seconds</option>
+                                <select name="ssoSessionIdleTimeoutUnit" data-ng-model="realm.ssoSessionIdleTimeoutUnit" >
+                                    <option data-ng-selected="!realm.ssoSessionIdleTimeoutUnit">Seconds</option>
+                                    <option>Minutes</option>
+                                    <option>Hours</option>
+                                    <option>Days</option>
+                                </select>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div class="form-group input-select">
+                    <label class="col-sm-2 control-label" for="ssoSessionMaxLifespan">SSO Session Max Lifespan</label>
+                    <div class="col-sm-10">
+                        <div class="row">
+                            <div class="col-sm-2">
+                                <input class="form-control" type="number" required min="1"
+                                       max="31536000" data-ng-model="realm.ssoSessionMaxLifespan"
+                                       id="ssoSessionMaxLifespan" name="ssoSessionMaxLifespan"/>
+                            </div>
+                            <div class="col-sm-2 select-kc">
+                                <select name="ssoSessionMaxLifespanUnit" data-ng-model="realm.ssoSessionMaxLifespanUnit" >
+                                    <option data-ng-selected="!realm.ssoSessionMaxLifespanUnit">Seconds</option>
                                     <option>Minutes</option>
                                     <option>Hours</option>
                                     <option>Days</option>
@@ -90,26 +110,6 @@
                         </div>
                     </div>
                 </div>
-                <div class="form-group input-select">
-                    <label class="col-sm-2 control-label" for="refreshTokenLifespan">Refresh token lifespan</label>
-                    <div class="col-sm-10">
-                        <div class="row">
-                            <div class="col-sm-2">
-                                <input class="form-control" type="number" required min="1"
-                                       max="31536000" data-ng-model="realm.refreshTokenLifespan"
-                                       id="refreshTokenLifespan" name="refreshTokenLifespan"/>
-                            </div>
-                            <div class="col-sm-2 select-kc">
-                                <select name="refreshTokenLifespanUnit" data-ng-model="realm.refreshTokenLifespanUnit" >
-                                    <option data-ng-selected="!realm.refreshTokenLifespanUnit">Seconds</option>
-                                    <option>Minutes</option>
-                                    <option>Hours</option>
-                                    <option>Days</option>
-                                </select>
-                            </div>
-                        </div>
-                    </div>
-                </div>
             </fieldset>
             <div class="pull-right form-actions" data-ng-show="access.manageRealm">
                 <button kc-reset data-ng-show="changed">Clear changes</button>

model/api/src/main/java/org/keycloak/models/RealmModel.java

@@ -59,25 +59,23 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
 
     void setResetPasswordAllowed(boolean resetPasswordAllowed);
 
-    int getCentralLoginLifespan();
+    int getSsoSessionIdleTimeout();
+    void setSsoSessionIdleTimeout(int seconds);
 
-    void setCentralLoginLifespan(int lifespan);
+    int getSsoSessionMaxLifespan();
+    void setSsoSessionMaxLifespan(int seconds);
 
     int getAccessTokenLifespan();
 
-    void setAccessTokenLifespan(int tokenLifespan);
-
-    int getRefreshTokenLifespan();
-
-    void setRefreshTokenLifespan(int tokenLifespan);
+    void setAccessTokenLifespan(int seconds);
 
     int getAccessCodeLifespan();
 
-    void setAccessCodeLifespan(int accessCodeLifespan);
+    void setAccessCodeLifespan(int seconds);
 
     int getAccessCodeLifespanUserAction();
 
-    void setAccessCodeLifespanUserAction(int accessCodeLifespanUserAction);
+    void setAccessCodeLifespanUserAction(int seconds);
 
     String getPublicKeyPem();
 

model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java

@@ -30,11 +30,11 @@ public class RealmEntity extends AbstractIdentifiableEntity {
     private int failureFactor;
     //--- end brute force settings
 
-    private int centralLoginLifespan;
+    private int ssoSessionIdleTimeout;
+    private int ssoSessionMaxLifespan;
     private int accessTokenLifespan;
     private int accessCodeLifespan;
     private int accessCodeLifespanUserAction;
-    private int refreshTokenLifespan;
     private int notBefore;
 
     private String publicKeyPem;
@@ -196,12 +196,20 @@ public class RealmEntity extends AbstractIdentifiableEntity {
         this.failureFactor = failureFactor;
     }
 
-    public int getCentralLoginLifespan() {
-        return centralLoginLifespan;
+    public int getSsoSessionIdleTimeout() {
+        return ssoSessionIdleTimeout;
     }
 
-    public void setCentralLoginLifespan(int centralLoginLifespan) {
-        this.centralLoginLifespan = centralLoginLifespan;
+    public void setSsoSessionIdleTimeout(int ssoSessionIdleTimeout) {
+        this.ssoSessionIdleTimeout = ssoSessionIdleTimeout;
+    }
+
+    public int getSsoSessionMaxLifespan() {
+        return ssoSessionMaxLifespan;
+    }
+
+    public void setSsoSessionMaxLifespan(int ssoSessionMaxLifespan) {
+        this.ssoSessionMaxLifespan = ssoSessionMaxLifespan;
     }
 
     public int getAccessTokenLifespan() {
@@ -228,14 +236,6 @@ public class RealmEntity extends AbstractIdentifiableEntity {
         this.accessCodeLifespanUserAction = accessCodeLifespanUserAction;
     }
 
-    public int getRefreshTokenLifespan() {
-        return refreshTokenLifespan;
-    }
-
-    public void setRefreshTokenLifespan(int refreshTokenLifespan) {
-        this.refreshTokenLifespan = refreshTokenLifespan;
-    }
-
     public int getNotBefore() {
         return notBefore;
     }

model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java

@@ -246,25 +246,23 @@ public class RealmAdapter implements RealmModel {
     }
 
     @Override
-    public int getCentralLoginLifespan() {
-        return realm.getCentralLoginLifespan();
+    public int getSsoSessionIdleTimeout() {
+        return realm.getSsoSessionIdleTimeout();
     }
 
     @Override
-    public void setCentralLoginLifespan(int lifespan) {
-        realm.setCentralLoginLifespan(lifespan);
-        em.flush();
+    public void setSsoSessionIdleTimeout(int seconds) {
+        realm.setSsoSessionIdleTimeout(seconds);
     }
 
     @Override
-    public int getRefreshTokenLifespan() {
-        return realm.getRefreshTokenLifespan();
+    public int getSsoSessionMaxLifespan() {
+        return realm.getSsoSessionMaxLifespan();
     }
 
     @Override
-    public void setRefreshTokenLifespan(int tokenLifespan) {
-        realm.setRefreshTokenLifespan(tokenLifespan);
-        em.flush();
+    public void setSsoSessionMaxLifespan(int seconds) {
+        realm.setSsoSessionMaxLifespan(seconds);
     }
 
     @Override
@@ -1391,7 +1389,7 @@ public class RealmAdapter implements RealmModel {
         entity.setIpAddress(ipAddress);
 
         int currentTime = Time.currentTime();
-        int expires = currentTime + realm.getCentralLoginLifespan();
+        int expires = currentTime + realm.getSsoSessionIdleTimeout();
 
         entity.setStarted(currentTime);
         entity.setExpires(expires);

model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java

@@ -60,11 +60,11 @@ public class RealmEntity {
     protected boolean updateProfileOnInitialSocialLogin;
     protected String passwordPolicy;
 
-    protected int centralLoginLifespan;
+    private int ssoSessionIdleTimeout;
+    private int ssoSessionMaxLifespan;
     protected int accessTokenLifespan;
     protected int accessCodeLifespan;
     protected int accessCodeLifespanUserAction;
-    protected int refreshTokenLifespan;
     protected int notBefore;
 
     @Column(length = 2048)
@@ -201,20 +201,20 @@ public class RealmEntity {
         this.updateProfileOnInitialSocialLogin = updateProfileOnInitialSocialLogin;
     }
 
-    public int getCentralLoginLifespan() {
-        return centralLoginLifespan;
+    public int getSsoSessionIdleTimeout() {
+        return ssoSessionIdleTimeout;
     }
 
-    public void setCentralLoginLifespan(int centralLoginLifespan) {
-        this.centralLoginLifespan = centralLoginLifespan;
+    public void setSsoSessionIdleTimeout(int ssoSessionIdleTimeout) {
+        this.ssoSessionIdleTimeout = ssoSessionIdleTimeout;
     }
 
-    public int getRefreshTokenLifespan() {
-        return refreshTokenLifespan;
+    public int getSsoSessionMaxLifespan() {
+        return ssoSessionMaxLifespan;
     }
 
-    public void setRefreshTokenLifespan(int refreshTokenLifespan) {
-        this.refreshTokenLifespan = refreshTokenLifespan;
+    public void setSsoSessionMaxLifespan(int ssoSessionMaxLifespan) {
+        this.ssoSessionMaxLifespan = ssoSessionMaxLifespan;
     }
 
     public int getAccessTokenLifespan() {

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java

@@ -280,6 +280,26 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
     }
 
 
+    @Override
+    public int getSsoSessionIdleTimeout() {
+        return realm.getSsoSessionIdleTimeout();
+    }
+
+    @Override
+    public void setSsoSessionIdleTimeout(int seconds) {
+        realm.setSsoSessionIdleTimeout(seconds);
+    }
+
+    @Override
+    public int getSsoSessionMaxLifespan() {
+        return realm.getSsoSessionMaxLifespan();
+    }
+
+    @Override
+    public void setSsoSessionMaxLifespan(int seconds) {
+        realm.setSsoSessionMaxLifespan(seconds);
+    }
+
     @Override
     public int getAccessTokenLifespan() {
         return realm.getAccessTokenLifespan();
@@ -291,28 +311,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
         updateRealm();
     }
 
-    @Override
-    public int getCentralLoginLifespan() {
-        return realm.getCentralLoginLifespan();
-    }
 
-    @Override
-    public void setCentralLoginLifespan(int lifespan) {
-        realm.setCentralLoginLifespan(lifespan);
-        updateRealm();
-    }
-
-
-    @Override
-    public int getRefreshTokenLifespan() {
-        return realm.getRefreshTokenLifespan();
-    }
-
-    @Override
-    public void setRefreshTokenLifespan(int tokenLifespan) {
-        realm.setRefreshTokenLifespan(tokenLifespan);
-        updateRealm();
-    }
 
     @Override
     public int getAccessCodeLifespan() {
@@ -1357,7 +1356,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
         entity.setIpAddress(ipAddress);
 
         int currentTime = Time.currentTime();
-        int expires = currentTime + realm.getCentralLoginLifespan();
+        int expires = currentTime + realm.getSsoSessionIdleTimeout();
 
         entity.setStarted(currentTime);
         entity.setExpires(expires);

model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java

@@ -726,7 +726,7 @@ public class AdapterTest extends AbstractModelTest {
     @Test
     public void userSessions() throws InterruptedException {
         realmManager.createRealm("userSessions");
-        realmManager.getRealmByName("userSessions").setCentralLoginLifespan(5);
+        realmManager.getRealmByName("userSessions").setSsoSessionIdleTimeout(5);
 
         UserModel user = realmManager.getRealmByName("userSessions").addUser("userSessions1");
 
@@ -749,7 +749,7 @@ public class AdapterTest extends AbstractModelTest {
 
         assertNull(realmManager.getRealmByName("userSessions").getUserSession(userSession.getId()));
 
-        realmManager.getRealmByName("userSessions").setCentralLoginLifespan(1);
+        realmManager.getRealmByName("userSessions").setSsoSessionIdleTimeout(1);
 
         userSession = realmManager.getRealmByName("userSessions").createUserSession(user, "127.0.0.1");
         commit();

services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java

@@ -54,9 +54,9 @@ public class ApplianceBootstrap {
         realm.setName(adminRealmName);
         realm.setEnabled(true);
         realm.addRequiredCredential(CredentialRepresentation.PASSWORD);
-        realm.setCentralLoginLifespan(3000);
+        realm.setSsoSessionIdleTimeout(300);
         realm.setAccessTokenLifespan(60);
-        realm.setRefreshTokenLifespan(3600);
+        realm.setSsoSessionMaxLifespan(36000);
         realm.setAccessCodeLifespan(60);
         realm.setAccessCodeLifespanUserAction(300);
         realm.setSslNotRequired(true);

services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java

@@ -71,26 +71,25 @@ public class AuthenticationManager {
         if (session != null) {
             token.setSessionState(session.getId());
         }
-        if (realm.getCentralLoginLifespan() > 0) {
-            token.expiration(Time.currentTime() + realm.getCentralLoginLifespan());
+        if (realm.getSsoSessionIdleTimeout() > 0) {
+            token.expiration(Time.currentTime() + realm.getSsoSessionIdleTimeout());
         }
         return token;
     }
 
     public void createLoginCookie(Response.ResponseBuilder builder, RealmModel realm, UserModel user, UserSessionModel session, UriInfo uriInfo, boolean rememberMe) {
         logger.info("createLoginCookie");
-        String cookieName = KEYCLOAK_IDENTITY_COOKIE;
         String cookiePath = getIdentityCookiePath(realm, uriInfo);
         AccessToken identityToken = createIdentityToken(realm, user, session);
         String encoded = encodeToken(realm, identityToken);
         boolean secureOnly = !realm.isSslNotRequired();
-        logger.debugv("creatingLoginCookie - name: {0} path: {1}", cookieName, cookiePath);
+        logger.debugv("creatingLoginCookie - name: {0} path: {1}", KEYCLOAK_IDENTITY_COOKIE, cookiePath);
         int maxAge = NewCookie.DEFAULT_MAX_AGE;
         if (rememberMe) {
-            maxAge = realm.getCentralLoginLifespan();
+            maxAge = realm.getSsoSessionIdleTimeout();
             logger.info("createLoginCookie maxAge: " + maxAge);
         }
-        CookieHelper.addCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly, true);
+        CookieHelper.addCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, cookiePath, null, null, maxAge, secureOnly, true);
         //builder.cookie(new NewCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly));// todo httponly , true);
 
         String sessionCookieValue = realm.getName() + "-" + user.getId();
@@ -107,7 +106,7 @@ public class AuthenticationManager {
         boolean secureOnly = !realm.isSslNotRequired();
         // remember me cookie should be persistent
         //NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true);
-        CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly, true);
+        CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getSsoSessionIdleTimeout(), secureOnly, true);
     }
 
     protected String encodeToken(RealmModel realm, Object token) {

services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java

@@ -90,8 +90,8 @@ public class ModelToRepresentation {
         rep.setVerifyEmail(realm.isVerifyEmail());
         rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
         rep.setAccessTokenLifespan(realm.getAccessTokenLifespan());
-        rep.setCentralLoginLifespan(realm.getCentralLoginLifespan());
-        rep.setRefreshTokenLifespan(realm.getRefreshTokenLifespan());
+        rep.setSsoSessionIdleTimeout(realm.getSsoSessionIdleTimeout());
+        rep.setSsoSessionMaxLifespan(realm.getSsoSessionMaxLifespan());
         rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
         rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());
         rep.setSmtpServer(realm.getSmtpConfig());

services/src/main/java/org/keycloak/services/managers/RealmManager.java

@@ -186,8 +186,8 @@ public class RealmManager {
             realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
         if (rep.getNotBefore() != null) realm.setNotBefore(rep.getNotBefore());
         if (rep.getAccessTokenLifespan() != null) realm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
-        if (rep.getRefreshTokenLifespan() != null) realm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan());
-        if (rep.getCentralLoginLifespan() != null) realm.setCentralLoginLifespan(rep.getCentralLoginLifespan());
+        if (rep.getSsoSessionIdleTimeout() != null) realm.setSsoSessionIdleTimeout(rep.getSsoSessionIdleTimeout());
+        if (rep.getSsoSessionMaxLifespan() != null) realm.setSsoSessionMaxLifespan(rep.getSsoSessionMaxLifespan());
         if (rep.getRequiredCredentials() != null) {
             realm.updateRequiredCredentials(rep.getRequiredCredentials());
         }
@@ -313,10 +313,10 @@ public class RealmManager {
         if (rep.getAccessTokenLifespan() != null) newRealm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
         else newRealm.setAccessTokenLifespan(300);
 
-        if (rep.getRefreshTokenLifespan() != null) newRealm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan());
-        else newRealm.setRefreshTokenLifespan(36000);
-        if (rep.getCentralLoginLifespan() != null) newRealm.setCentralLoginLifespan(rep.getCentralLoginLifespan());
-        else newRealm.setCentralLoginLifespan(300);
+        if (rep.getSsoSessionIdleTimeout() != null) newRealm.setSsoSessionIdleTimeout(rep.getSsoSessionIdleTimeout());
+        else newRealm.setSsoSessionIdleTimeout(600);
+        if (rep.getSsoSessionMaxLifespan() != null) newRealm.setSsoSessionMaxLifespan(rep.getSsoSessionMaxLifespan());
+        else newRealm.setSsoSessionMaxLifespan(36000);
 
         if (rep.getAccessCodeLifespan() != null) newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
         else newRealm.setAccessCodeLifespan(60);

services/src/main/java/org/keycloak/services/managers/TokenManager.java

@@ -375,7 +375,7 @@ public class TokenManager {
             refreshToken = new RefreshToken(accessToken);
             refreshToken.id(KeycloakModelUtils.generateId());
             refreshToken.issuedNow();
-            refreshToken.expiration(Time.currentTime() + realm.getRefreshTokenLifespan());
+            refreshToken.expiration(Time.currentTime() + realm.getSsoSessionIdleTimeout());
             return this;
         }
 

testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java

@@ -60,9 +60,9 @@ public class CompositeRoleTest {
             RealmModel realm = manager.createRealm("Test");
             manager.generateRealmKeys(realm);
             realmPublicKey = realm.getPublicKey();
-            realm.setCentralLoginLifespan(3000);
+            realm.setSsoSessionIdleTimeout(3000);
             realm.setAccessTokenLifespan(10000);
-            realm.setRefreshTokenLifespan(10000);
+            realm.setSsoSessionMaxLifespan(10000);
             realm.setAccessCodeLifespanUserAction(1000);
             realm.setAccessCodeLifespan(1000);
             realm.setSslNotRequired(true);

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java

@@ -93,7 +93,8 @@ public class RefreshTokenTest {
         Assert.assertEquals("bearer", tokenResponse.getTokenType());
 
         Assert.assertThat(token.getExpiration() - Time.currentTime(), allOf(greaterThanOrEqualTo(250), lessThanOrEqualTo(300)));
-        Assert.assertThat(refreshToken.getExpiration() - Time.currentTime(), allOf(greaterThanOrEqualTo(35950), lessThanOrEqualTo(36000)));
+        int actual = refreshToken.getExpiration() - Time.currentTime();
+        Assert.assertThat(actual, allOf(greaterThanOrEqualTo(559), lessThanOrEqualTo(600)));
 
         Assert.assertEquals(sessionId, refreshToken.getSessionState());