Merge branch 'master' of https://github.com/keycloak/keycloak into prod

distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-login-freemarker/main/module.xml

@@ -16,6 +16,7 @@
         <module name="org.keycloak.keycloak-core"/>
         <module name="org.keycloak.keycloak-services"/>
         <module name="org.keycloak.keycloak-social-core"/>
+        <module name="org.keycloak.keycloak-broker-core"/>
         <module name="javax.ws.rs.api"/>
         <module name="org.jboss.logging"/>
         <module name="org.freemarker"/>

forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js

@@ -762,6 +762,9 @@ module.config([ '$routeProvider', function($routeProvider) {
                 client : function(ClientLoader) {
                     return ClientLoader();
                 },
+                templates : function(ClientTemplateListLoader) {
+                    return ClientTemplateListLoader();
+                },
                 serverInfo : function(ServerInfoLoader) {
                     return ServerInfoLoader();
                 }

forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js

@@ -1419,7 +1419,7 @@ module.controller('AddBuiltinProtocolMapperCtrl', function($scope, realm, client
 
 });
 
-module.controller('ClientProtocolMapperListCtrl', function($scope, realm, client, serverInfo,
+module.controller('ClientProtocolMapperListCtrl', function($scope, realm, client, templates, serverInfo,
                                                            ClientProtocolMappersByProtocol, ClientProtocolMapper,
                                                            $route, Dialog, Notifications) {
     $scope.realm = realm;
@@ -1427,6 +1427,14 @@ module.controller('ClientProtocolMapperListCtrl', function($scope, realm, client
     if (client.protocol == null) {
         client.protocol = 'openid-connect';
     }
+    if (client.clientTemplate) {
+        for (var i = 0; i < templates.length; i++) {
+            if (client.clientTemplate == templates[i].name) {
+                $scope.template = templates[i];
+                break;
+            }
+        }
+    }
 
     var protocolMappers = serverInfo.protocolMapperTypes[client.protocol];
     var mapperTypes = {};

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-mappers.html

@@ -24,6 +24,7 @@
                     <div class="pull-right" data-ng-show="access.manageClients">
                         <a class="btn btn-default" href="#/create/client/{{realm.realm}}/{{client.id}}/mappers">{{:: 'create' | translate}}</a>
                         <a class="btn btn-default" href="#/realms/{{realm.realm}}/clients/{{client.id}}/add-mappers">{{:: 'add-builtin' | translate}}</a>
+                        <a ng-show="template" class="btn btn-default" href="#/realms/{{realm.realm}}/client-templates/{{template.id}}/mappers">Inherited Template Mappers</a>
                     </div>
                 </div>
             </th>

services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java

@@ -11,6 +11,7 @@ import org.keycloak.models.utils.RepresentationToModel;
 import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.services.ErrorResponseException;
 import org.keycloak.services.ForbiddenException;
+import org.keycloak.services.managers.ClientManager;
 
 import javax.ws.rs.core.Response;
 
@@ -33,7 +34,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist
         auth.requireCreate();
 
         try {
-            ClientModel clientModel = RepresentationToModel.createClient(session, session.getContext().getRealm(), client, true);
+            ClientModel clientModel = ClientManager.createClient(session, session.getContext().getRealm(), client, true);
             if (client.getClientId() == null) {
                 clientModel.setClientId(clientModel.getId());
             }

services/src/main/java/org/keycloak/services/managers/ClientManager.java

@@ -7,16 +7,19 @@ import org.keycloak.authentication.ClientAuthenticator;
 import org.keycloak.authentication.ClientAuthenticatorFactory;
 import org.keycloak.common.constants.ServiceAccountConstants;
 import org.keycloak.models.ClientModel;
+import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionProvider;
 import org.keycloak.models.session.UserSessionPersisterProvider;
 import org.keycloak.models.utils.KeycloakModelUtils;
+import org.keycloak.models.utils.RepresentationToModel;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
 import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
 import org.keycloak.representations.adapters.config.BaseRealmConfig;
 import org.keycloak.common.util.Time;
+import org.keycloak.representations.idm.ClientRepresentation;
 
 import java.net.URI;
 import java.util.Collections;
@@ -42,9 +45,18 @@ public class ClientManager {
     public ClientManager() {
     }
 
-    public ClientModel createClient(RealmModel realm, String name) {
+    public static ClientModel createClient(KeycloakSession session, RealmModel realm, ClientRepresentation rep, boolean addDefaultRoles) {
-        return KeycloakModelUtils.createClient(realm, name);
+        ClientModel client = RepresentationToModel.createClient(session, realm, rep, addDefaultRoles);
+
+        // remove default mappers
+        if (rep.getProtocolMappers() == null && rep.getClientTemplate() != null) {
+            Set<ProtocolMapperModel> mappers = client.getProtocolMappers();
+            for (ProtocolMapperModel mapper : mappers) client.removeProtocolMapper(mapper);
         }
+        return client;
+
+    }
+
 
     public boolean removeClient(RealmModel realm, ClientModel client) {
         if (realm.removeClient(client.getId())) {

services/src/main/java/org/keycloak/services/managers/RealmManager.java

@@ -50,7 +50,7 @@ import org.keycloak.timer.TimerProvider;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
-import static java.lang.Boolean.TRUE;
+
 import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.protocol.ProtocolMapperUtils;
 
@@ -136,7 +136,7 @@ public class RealmManager implements RealmImporter {
 
     protected void setupAdminConsole(RealmModel realm) {
         ClientModel adminConsole = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
-        if (adminConsole == null) adminConsole = new ClientManager(this).createClient(realm, Constants.ADMIN_CONSOLE_CLIENT_ID);
+        if (adminConsole == null) adminConsole = KeycloakModelUtils.createClient(realm, Constants.ADMIN_CONSOLE_CLIENT_ID);
         adminConsole.setName("${client_" + Constants.ADMIN_CONSOLE_CLIENT_ID + "}");
         String baseUrl = contextPath + "/admin/" + realm.getName() + "/console";
         adminConsole.setBaseUrl(baseUrl + "/index.html");
@@ -162,7 +162,7 @@ public class RealmManager implements RealmImporter {
     public void setupAdminCli(RealmModel realm) {
         ClientModel adminCli = realm.getClientByClientId(Constants.ADMIN_CLI_CLIENT_ID);
         if (adminCli == null) {
-            adminCli = new ClientManager(this).createClient(realm, Constants.ADMIN_CLI_CLIENT_ID);
+            adminCli = KeycloakModelUtils.createClient(realm, Constants.ADMIN_CLI_CLIENT_ID);
             adminCli.setName("${client_" + Constants.ADMIN_CLI_CLIENT_ID + "}");
             adminCli.setEnabled(true);
             adminCli.setPublicClient(true);
@@ -309,7 +309,7 @@ public class RealmManager implements RealmImporter {
         String realmAdminClientId = getRealmAdminClientId(realm);
         ClientModel realmAdminClient = realm.getClientByClientId(realmAdminClientId);
         if (realmAdminClient == null) {
-            realmAdminClient = clientManager.createClient(realm, realmAdminClientId);
+            realmAdminClient = KeycloakModelUtils.createClient(realm, realmAdminClientId);
             realmAdminClient.setName("${client_" + realmAdminClientId + "}");
         }
         RoleModel adminRole = realmAdminClient.addRole(AdminRoles.REALM_ADMIN);
@@ -330,7 +330,7 @@ public class RealmManager implements RealmImporter {
     private void setupAccountManagement(RealmModel realm) {
         ClientModel client = realm.getClientNameMap().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
         if (client == null) {
-            client = new ClientManager(this).createClient(realm, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
+            client = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
             client.setName("${client_" + Constants.ACCOUNT_MANAGEMENT_CLIENT_ID + "}");
             client.setEnabled(true);
             client.setFullScopeAllowed(false);
@@ -355,7 +355,7 @@ public class RealmManager implements RealmImporter {
     public void setupBrokerService(RealmModel realm) {
         ClientModel client = realm.getClientNameMap().get(Constants.BROKER_SERVICE_CLIENT_ID);
         if (client == null) {
-            client = new ClientManager(this).createClient(realm, Constants.BROKER_SERVICE_CLIENT_ID);
+            client = KeycloakModelUtils.createClient(realm, Constants.BROKER_SERVICE_CLIENT_ID);
             client.setEnabled(true);
             client.setName("${client_" + Constants.BROKER_SERVICE_CLIENT_ID + "}");
             client.setFullScopeAllowed(false);

services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java

@@ -13,6 +13,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.models.utils.RepresentationToModel;
 import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.services.ErrorResponse;
+import org.keycloak.services.managers.ClientManager;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
@@ -95,7 +96,7 @@ public class ClientsResource {
         auth.requireManage();
 
         try {
-            ClientModel clientModel = RepresentationToModel.createClient(session, realm, rep, true);
+            ClientModel clientModel = ClientManager.createClient(session, realm, rep, true);
             
             adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
             

testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java

@@ -35,7 +35,6 @@ import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.representations.AccessToken;
-import org.keycloak.services.managers.ClientManager;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.ApplicationServlet;
 import org.keycloak.testsuite.OAuthClient;
@@ -85,7 +84,7 @@ public class CompositeRoleTest {
             realmRole1User.updateCredential(UserCredentialModel.password("password"));
             realmRole1User.grantRole(realmRole1);
 
-            final ClientModel realmComposite1Application = new ClientManager(manager).createClient(realm, "REALM_COMPOSITE_1_APPLICATION");
+            final ClientModel realmComposite1Application = KeycloakModelUtils.createClient(realm, "REALM_COMPOSITE_1_APPLICATION");
             realmComposite1Application.setFullScopeAllowed(false);
             realmComposite1Application.setEnabled(true);
             realmComposite1Application.addScopeMapping(realmComposite1);
@@ -94,7 +93,7 @@ public class CompositeRoleTest {
             realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
             realmComposite1Application.setSecret("password");
 
-            final ClientModel realmRole1Application = new ClientManager(manager).createClient(realm, "REALM_ROLE_1_APPLICATION");
+            final ClientModel realmRole1Application = KeycloakModelUtils.createClient(realm, "REALM_ROLE_1_APPLICATION");
             realmRole1Application.setFullScopeAllowed(false);
             realmRole1Application.setEnabled(true);
             realmRole1Application.addScopeMapping(realmRole1);
@@ -104,7 +103,7 @@ public class CompositeRoleTest {
             realmRole1Application.setSecret("password");
 
 
-            final ClientModel appRoleApplication = new ClientManager(manager).createClient(realm, "APP_ROLE_APPLICATION");
+            final ClientModel appRoleApplication = KeycloakModelUtils.createClient(realm, "APP_ROLE_APPLICATION");
             appRoleApplication.setFullScopeAllowed(false);
             appRoleApplication.setEnabled(true);
             appRoleApplication.addRedirectUri("http://localhost:8081/app/*");
@@ -127,7 +126,7 @@ public class CompositeRoleTest {
             realmAppRoleUser.updateCredential(UserCredentialModel.password("password"));
             realmAppRoleUser.grantRole(appRole2);
 
-            final ClientModel appCompositeApplication = new ClientManager(manager).createClient(realm, "APP_COMPOSITE_APPLICATION");
+            final ClientModel appCompositeApplication = KeycloakModelUtils.createClient(realm, "APP_COMPOSITE_APPLICATION");
             appCompositeApplication.setFullScopeAllowed(false);
             appCompositeApplication.setEnabled(true);
             appCompositeApplication.addRedirectUri("http://localhost:8081/app/*");

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/LDAPMultipleAttributesTest.java

@@ -2,7 +2,6 @@ package org.keycloak.testsuite.federation;
 
 import java.net.URL;
 import java.util.Arrays;
-import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
@@ -28,12 +27,11 @@ import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserFederationProvider;
 import org.keycloak.models.UserFederationProviderModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
 import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
-import org.keycloak.services.managers.ClientManager;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.OAuthClient;
-import org.keycloak.testsuite.adapter.AdapterTest;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.rule.KeycloakRule;
 import org.keycloak.testsuite.rule.LDAPRule;
@@ -79,7 +77,7 @@ public class LDAPMultipleAttributesTest {
             ldapFedProvider.getLdapIdentityStore().updatePassword(bruce, "password");
 
             // Create ldap-portal client
-            ClientModel ldapClient = new ClientManager(manager).createClient(appRealm, "ldap-portal");
+            ClientModel ldapClient = KeycloakModelUtils.createClient(appRealm, "ldap-portal");
             ldapClient.addRedirectUri("/ldap-portal");
             ldapClient.addRedirectUri("/ldap-portal/*");
             ldapClient.setManagementUrl("/ldap-portal");

testsuite/integration/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java

@@ -34,9 +34,9 @@ import org.keycloak.models.AuthenticationFlowModel;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.RefreshToken;
-import org.keycloak.services.managers.ClientManager;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.OAuthClient;
@@ -125,7 +125,7 @@ public class CustomFlowTest {
             appRealm.addAuthenticatorExecution(execution);
 
             // Set passthrough clientAuthenticator for our clients
-            ClientModel dummyClient = new ClientManager().createClient(appRealm, "dummy-client");
+            ClientModel dummyClient = KeycloakModelUtils.createClient(appRealm, "dummy-client");
             dummyClient.setClientAuthenticatorType(PassThroughClientAuthenticator.PROVIDER_ID);
             dummyClient.setDirectAccessGrantsEnabled(true);
 

testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsBasicAuthTest.java

@@ -22,7 +22,7 @@ import org.keycloak.adapters.HttpClientBuilder;
 import org.keycloak.common.util.Base64;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.RealmModel;
-import org.keycloak.services.managers.ClientManager;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.Constants;
 import org.keycloak.testsuite.rule.KeycloakRule;
@@ -44,7 +44,7 @@ public class JaxrsBasicAuthTest {
 
         @Override
         public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-            ClientModel app = new ClientManager(manager).createClient(appRealm, "jaxrs-app");
+            ClientModel app = KeycloakModelUtils.createClient(appRealm, "jaxrs-app");
             app.setEnabled(true);
             app.setSecret("password");
             app.setFullScopeAllowed(true);

testsuite/integration/src/test/java/org/keycloak/testsuite/model/GroupTest.java

@@ -1,41 +1,27 @@
 package org.keycloak.testsuite.model;
 
-import org.apache.http.HttpResponse;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.impl.client.DefaultHttpClient;
 import org.junit.Assert;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.admin.client.Keycloak;
-import org.keycloak.admin.client.resource.GroupResource;
 import org.keycloak.admin.client.resource.RealmResource;
-import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthenticator;
-import org.keycloak.common.util.Time;
 import org.keycloak.events.Details;
-import org.keycloak.events.Errors;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.Constants;
-import org.keycloak.models.PasswordPolicy;
-import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.protocol.oidc.mappers.GroupMembershipMapper;
 import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
-import org.keycloak.protocol.saml.mappers.AttributeStatementHelper;
-import org.keycloak.protocol.saml.mappers.HardcodedAttributeMapper;
-import org.keycloak.protocol.saml.mappers.HardcodedRole;
-import org.keycloak.protocol.saml.mappers.RoleListMapper;
-import org.keycloak.protocol.saml.mappers.RoleNameMapper;
 import org.keycloak.provider.ProviderConfigProperty;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.RefreshToken;
 import org.keycloak.representations.idm.GroupRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.services.managers.ClientManager;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.OAuthClient;
@@ -61,7 +47,7 @@ public class GroupTest {
     public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
         @Override
         public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-            ClientModel app = new ClientManager(manager).createClient(appRealm, "resource-owner");
+            ClientModel app = KeycloakModelUtils.createClient(appRealm, "resource-owner");
             app.setDirectAccessGrantsEnabled(true);
             app.setSecret("secret");
 

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java

@@ -49,6 +49,7 @@ import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
 import org.keycloak.protocol.oidc.mappers.AddressMapper;
@@ -61,7 +62,6 @@ import org.keycloak.representations.IDToken;
 import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.ClientTemplateRepresentation;
 import org.keycloak.representations.idm.ProtocolMapperRepresentation;
-import org.keycloak.services.managers.ClientManager;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.OAuthClient;
@@ -881,7 +881,7 @@ public class AccessTokenTest {
         keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
             @Override
             public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                ClientModel client = new ClientManager(manager).createClient(appRealm, "sample-public-client");
+                ClientModel client = KeycloakModelUtils.createClient(appRealm, "sample-public-client");
                 client.addRedirectUri("http://localhost:8081/app/auth");
                 client.setEnabled(true);
                 client.setPublicClient(true);

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java

@@ -29,7 +29,7 @@ import org.keycloak.OAuth2Constants;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.Constants;
 import org.keycloak.models.RealmModel;
-import org.keycloak.services.managers.ClientManager;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.OAuthClient;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -51,18 +51,18 @@ public class OAuthRedirectUriTest {
     public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
         @Override
         public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-            ClientModel installedApp = new ClientManager(manager).createClient(appRealm, "test-installed");
+            ClientModel installedApp = KeycloakModelUtils.createClient(appRealm, "test-installed");
             installedApp.setEnabled(true);
             installedApp.addRedirectUri(Constants.INSTALLED_APP_URN);
             installedApp.addRedirectUri(Constants.INSTALLED_APP_URL);
             installedApp.setSecret("password");
 
-            ClientModel installedApp2 = new ClientManager(manager).createClient(appRealm, "test-installed2");
+            ClientModel installedApp2 = KeycloakModelUtils.createClient(appRealm, "test-installed2");
             installedApp2.setEnabled(true);
             installedApp2.addRedirectUri(Constants.INSTALLED_APP_URL + "/myapp");
             installedApp2.setSecret("password");
 
-            ClientModel installedApp3 = new ClientManager(manager).createClient(appRealm, "test-wildcard");
+            ClientModel installedApp3 = KeycloakModelUtils.createClient(appRealm, "test-wildcard");
             installedApp3.setEnabled(true);
             installedApp3.addRedirectUri("http://example.com/foo/*");
             installedApp3.addRedirectUri("http://localhost:8081/foo/*");

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java

@@ -31,6 +31,7 @@ import org.keycloak.models.Constants;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.protocol.oidc.TokenManager;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.RefreshToken;
@@ -66,7 +67,7 @@ public class OfflineTokenTest {
             appRealm.setAccessTokenLifespan(10);
             appRealm.setSsoSessionIdleTimeout(30);
 
-            ClientModel app = new ClientManager(manager).createClient(appRealm, "offline-client");
+            ClientModel app = KeycloakModelUtils.createClient(appRealm, "offline-client");
             app.setDirectAccessGrantsEnabled(true);
             app.setSecret("secret1");
             String testAppRedirectUri = appRealm.getClientByClientId("test-app").getRedirectUris().iterator().next();

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java

@@ -11,9 +11,9 @@ import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthen
 import org.keycloak.events.Details;
 import org.keycloak.events.Errors;
 import org.keycloak.models.*;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.RefreshToken;
-import org.keycloak.services.managers.ClientManager;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.OAuthClient;
@@ -34,11 +34,11 @@ public class ResourceOwnerPasswordCredentialsGrantTest {
     public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
         @Override
         public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-            ClientModel app = new ClientManager(manager).createClient(appRealm, "resource-owner");
+            ClientModel app = KeycloakModelUtils.createClient(appRealm, "resource-owner");
             app.setDirectAccessGrantsEnabled(true);
             app.setSecret("secret");
 
-            ClientModel app2 = new ClientManager(manager).createClient(appRealm, "resource-owner-public");
+            ClientModel app2 = KeycloakModelUtils.createClient(appRealm, "resource-owner-public");
             app2.setDirectAccessGrantsEnabled(true);
             app2.setPublicClient(true);
 

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java

@@ -12,6 +12,7 @@ import org.keycloak.events.Errors;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.RefreshToken;
 import org.keycloak.services.managers.ClientManager;
@@ -34,11 +35,11 @@ public class ServiceAccountTest {
     public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
         @Override
         public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-            ClientModel app = new ClientManager(manager).createClient(appRealm, "service-account-cl");
+            ClientModel app = KeycloakModelUtils.createClient(appRealm, "service-account-cl");
             app.setSecret("secret1");
             new ClientManager(manager).enableServiceAccount(app);
 
-            ClientModel disabledApp = new ClientManager(manager).createClient(appRealm, "service-account-disabled");
+            ClientModel disabledApp = KeycloakModelUtils.createClient(appRealm, "service-account-disabled");
             disabledApp.setSecret("secret1");
 
             UserModel serviceAccountUser = session.users().getUserByUsername(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl", appRealm);