From 03b521926a444336b78aab7fb4c4db492416b110 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Wed, 10 Jun 2015 17:00:56 +0200
Subject: [PATCH] KEYCLOAK-1260 Fix saml backchannel logout with JPA
 UserSession provider on MySQL + PostgreSQL

---
 .../java/org/keycloak/protocol/saml/SamlService.java | 12 +++++++++++-
 .../SAMLKeyCloakServerBrokerWithSignatureTest.java   |  5 +++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
index 09b033b9d7..40ea8fdadb 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -374,11 +374,21 @@ public class SamlService {
                 for (String sessionIndex : logoutRequest.getSessionIndex()) {
                     ClientSessionModel clientSession = session.sessions().getClientSession(realm, sessionIndex);
                     if (clientSession == null) continue;
+                    UserSessionModel userSession = clientSession.getUserSession();
                     if (clientSession.getClient().getClientId().equals(client.getClientId())) {
                         // remove requesting client from logout
                         clientSession.setAction(ClientSessionModel.Action.LOGGED_OUT);
+
+                        // Remove also other clientSessions of this client as there could be more in this UserSession
+                        if (userSession != null) {
+                            for (ClientSessionModel clientSession2 : userSession.getClientSessions()) {
+                                if (clientSession2.getClient().getId().equals(client.getId())) {
+                                    clientSession2.setAction(ClientSessionModel.Action.LOGGED_OUT);
+                                }
+                            }
+                        }
                     }
-                    UserSessionModel userSession = clientSession.getUserSession();
+
                     try {
                         authManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true);
                     } catch (Exception e) {
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
index 34c10d5e3f..b94f4df193 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
@@ -45,6 +45,11 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP
         }
     };
 
+    // @Test
+    public void testSleep() throws Exception {
+        Thread.sleep(100000000);
+    }
+
     @Override
     protected String getProviderId() {
         return "kc-saml-signed-idp";