diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index 47675588ff..afd24063df 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -122,13 +122,13 @@ public class RealmManager { } if (rep.getRequiredApplicationCredentials() != null) { - for (String requiredCred : rep.getRequiredCredentials()) { + for (String requiredCred : rep.getRequiredApplicationCredentials()) { addResourceRequiredCredential(newRealm, requiredCred); } } if (rep.getRequiredOAuthClientCredentials() != null) { - for (String requiredCred : rep.getRequiredCredentials()) { + for (String requiredCred : rep.getRequiredOAuthClientCredentials()) { addOAuthClientRequiredCredential(newRealm, requiredCred); } } diff --git a/services/src/main/java/org/keycloak/services/models/picketlink/ApplicationAdapter.java b/services/src/main/java/org/keycloak/services/models/picketlink/ApplicationAdapter.java index 24fcce40f6..d58ede8095 100755 --- a/services/src/main/java/org/keycloak/services/models/picketlink/ApplicationAdapter.java +++ b/services/src/main/java/org/keycloak/services/models/picketlink/ApplicationAdapter.java @@ -154,6 +154,7 @@ public class ApplicationAdapter implements ApplicationModel { ScopeRelationship scope = new ScopeRelationship(); scope.setClient(((UserAdapter)agent).getUser()); scope.setScope(((RoleAdapter)role).getRole()); + getRelationshipManager().add(scope); } @Override diff --git a/services/src/test/java/org/keycloak/test/ImportTest.java b/services/src/test/java/org/keycloak/test/ImportTest.java index dce085fb03..68cd9edb9a 100755 --- a/services/src/test/java/org/keycloak/test/ImportTest.java +++ b/services/src/test/java/org/keycloak/test/ImportTest.java @@ -87,6 +87,13 @@ public class ImportTest { List realms = identitySession.getRealms(admin); Assert.assertEquals(1, realms.size()); + // Test scope relationship + ApplicationModel application = realm.getResourceNameMap().get("Application"); + UserModel oauthClient = realm.getUser("oauthclient"); + Assert.assertNotNull(application); + Assert.assertNotNull(oauthClient); + Set appScopes = application.getScope(oauthClient); + Assert.assertTrue(appScopes.contains("user")); } @Test @@ -109,10 +116,15 @@ public class ImportTest { RealmModel realm = manager.createRealm("demo", rep.getRealm()); manager.importRealm(rep, realm); realm.addRealmAdmin(admin); + + verifyRequiredCredentials(realm.getRequiredCredentials(), "password"); + verifyRequiredCredentials(realm.getRequiredApplicationCredentials(), "totp"); + verifyRequiredCredentials(realm.getRequiredOAuthClientCredentials(), "cert"); } - - - + private void verifyRequiredCredentials(List requiredCreds, String expectedType) { + Assert.assertEquals(1, requiredCreds.size()); + Assert.assertEquals(expectedType, requiredCreds.get(0).getType()); + } } diff --git a/services/src/test/resources/testrealm-demo.json b/services/src/test/resources/testrealm-demo.json index d8497a87b7..75007a3ca1 100755 --- a/services/src/test/resources/testrealm-demo.json +++ b/services/src/test/resources/testrealm-demo.json @@ -8,8 +8,8 @@ "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=", "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", "requiredCredentials": [ "password" ], - "requiredApplicationCredentials": [ "password" ], - "requiredOAuthClientCredentials": [ "password" ], + "requiredApplicationCredentials": [ "totp" ], + "requiredOAuthClientCredentials": [ "cert" ], "users" : [ { "username" : "bburke@redhat.com", @@ -65,8 +65,9 @@ "useRealmMappings": true, "credentials": [ { - "type": "password", - "value": "password" + "type": "totp", + "value": "12345", + "device": "67890" } ] }, @@ -77,8 +78,9 @@ "useRealmMappings": true, "credentials": [ { - "type": "password", - "value": "password" + "type": "totp", + "value": "12345", + "device": "67890" } ] } diff --git a/social/core/src/main/java/org/keycloak/social/SocialRequestManager.java b/social/core/src/main/java/org/keycloak/social/SocialRequestManager.java index 684254aaf5..2993a9a289 100644 --- a/social/core/src/main/java/org/keycloak/social/SocialRequestManager.java +++ b/social/core/src/main/java/org/keycloak/social/SocialRequestManager.java @@ -59,10 +59,11 @@ public class SocialRequestManager { } private void pruneExpired() { + long currentTime = System.currentTimeMillis(); Iterator> itr = expires.entrySet().iterator(); while (itr.hasNext()) { Entry e = itr.next(); - if (e.getValue() < System.currentTimeMillis()) { + if (e.getValue() < currentTime) { itr.remove(); map.remove(e.getKey()); } else {