diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index 2bb4d8f0dc..be7291c8e4 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -157,6 +157,22 @@ public class AuthenticationManager { } + // Logout all clientSessions of this user and client + public static void backchannelUserFromClient(KeycloakSession session, RealmModel realm, UserModel user, ClientModel client, UriInfo uriInfo, HttpHeaders headers) { + String clientId = client.getId(); + + List userSessions = session.sessions().getUserSessions(realm, user); + for (UserSessionModel userSession : userSessions) { + List clientSessions = userSession.getClientSessions(); + for (ClientSessionModel clientSession : clientSessions) { + if (clientSession.getClient().getId().equals(clientId)) { + AuthenticationManager.backchannelLogoutClientSession(session, realm, clientSession, userSession, uriInfo, headers); + TokenManager.dettachClientSession(session.sessions(), realm, clientSession); + } + } + } + } + public static Response browserLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, UriInfo uriInfo, ClientConnection connection, HttpHeaders headers) { if (userSession == null) return null; UserModel user = userSession.getUser(); diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java index 207c5b7e7e..0adf21590d 100755 --- a/services/src/main/java/org/keycloak/services/resources/AccountService.java +++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java @@ -517,16 +517,7 @@ public class AccountService { user.revokeConsentForClient(client.getId()); // Logout clientSessions for this user and client - List userSessions = session.sessions().getUserSessions(realm, user); - for (UserSessionModel userSession : userSessions) { - List clientSessions = userSession.getClientSessions(); - for (ClientSessionModel clientSession : clientSessions) { - if (clientSession.getClient().getId().equals(clientId)) { - AuthenticationManager.backchannelLogoutClientSession(session, realm, clientSession, userSession, uriInfo, headers); - TokenManager.dettachClientSession(session.sessions(), realm, clientSession); - } - } - } + AuthenticationManager.backchannelUserFromClient(session, realm, user, client, uriInfo, headers); event.event(EventType.REVOKE_GRANT).client(auth.getClient()).user(auth.getUser()).detail(Details.REVOKED_CLIENT, client.getClientId()).success(); setReferrerOnPage(); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index 49abc1d765..666c1daca6 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -76,8 +76,6 @@ public class UsersResource { protected RealmModel realm; private RealmAuth auth; - - private TokenManager tokenManager; @Context protected ClientConnection clientConnection; @@ -94,7 +92,6 @@ public class UsersResource { public UsersResource(RealmModel realm, RealmAuth auth, TokenManager tokenManager) { this.auth = auth; this.realm = realm; - this.tokenManager = tokenManager; auth.init(RealmAuth.Resource.USER); } @@ -357,7 +354,10 @@ public class UsersResource { ClientModel client = realm.getClientByClientId(clientId); boolean revoked = user.revokeConsentForClient(client.getId()); - if (!revoked) { + if (revoked) { + // Logout clientSessions for this user and client + AuthenticationManager.backchannelUserFromClient(session, realm, user, client, uriInfo, headers); + } else { throw new NotFoundException("Consent not found for user " + username + " and client " + clientId); } }