From 8a16ab52a98e26ad07b413a78969408b3c28930f Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Fri, 3 Feb 2017 11:53:22 +0100
Subject: [PATCH] KEYCLOAK-4371 Offline Tokens still useless When SSO Session
 Max is Reached and normal userSession expired

---
 .../org/keycloak/services/managers/AuthenticationManager.java  | 2 +-
 .../java/org/keycloak/testsuite/oauth/OfflineTokenTest.java    | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index 5d467da5f6..9646ecceb2 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -740,7 +740,7 @@ public class AuthenticationManager {
             if (!isSessionValid(realm, userSession)) {
                 // Check if accessToken was for the offline session.
                 if (!isCookie) {
-                    UserSessionModel offlineUserSession = session.sessions().getUserSession(realm, token.getSessionState());
+                    UserSessionModel offlineUserSession = session.sessions().getOfflineUserSession(realm, token.getSessionState());
                     if (isOfflineSessionValid(realm, offlineUserSession)) {
                         return new AuthResult(user, offlineUserSession, token);
                     }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
index f4cf19ca2a..150ff6b3cb 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
@@ -465,6 +465,9 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
         // Set the time offset, so that "normal" userSession expires
         setTimeOffset(86400);
 
+        // Remove expired sessions. This will remove "normal" userSession
+        testingClient.testing().removeUserSessions(appRealm.toRepresentation().getId());
+
         // Refresh with the offline token
         tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "secret1");