KEYCLOAK-4371 Offline Tokens still useless When SSO Session Max is Reached and normal userSession expired

2017-02-03 11:53:22 +01:00 · 2017-02-03 11:53:22 +01:00 · 8a16ab52a9
commit 8a16ab52a9
parent 652152f167
2 changed files with 4 additions and 1 deletions
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@ -740,7 +740,7 @@ public class AuthenticationManager {
            if (!isSessionValid(realm, userSession)) {
                // Check if accessToken was for the offline session.
                if (!isCookie) {
-                    UserSessionModel offlineUserSession = session.sessions().getUserSession(realm, token.getSessionState());
+                    UserSessionModel offlineUserSession = session.sessions().getOfflineUserSession(realm, token.getSessionState());
                    if (isOfflineSessionValid(realm, offlineUserSession)) {
                        return new AuthResult(user, offlineUserSession, token);
                    }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
@ -465,6 +465,9 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
        // Set the time offset, so that "normal" userSession expires
        setTimeOffset(86400);

+        // Remove expired sessions. This will remove "normal" userSession
+        testingClient.testing().removeUserSessions(appRealm.toRepresentation().getId());
+
        // Refresh with the offline token
        tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "secret1");