KEYCLOAK-732 AuthenticationManager.logout should logout just current userSession

services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java

@@ -86,7 +86,7 @@ public class AuthenticationManager {
         expireIdentityCookie(realm, uriInfo, connection);
         expireRememberMeCookie(realm, uriInfo, connection);
 
-        new ResourceAdminManager().logoutUser(uriInfo.getRequestUri(), realm, user.getId(), userSession);
+        new ResourceAdminManager().logoutSession(uriInfo.getRequestUri(), realm, userSession);
 
         session.sessions().removeUserSession(realm, userSession);
     }

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java

@@ -23,8 +23,10 @@ package org.keycloak.testsuite.adapter;
 
 import org.junit.Assert;
 import org.junit.ClassRule;
+import org.junit.FixMethodOrder;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.runners.MethodSorters;
 import org.keycloak.Config;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.Version;
@@ -70,6 +72,7 @@ import java.util.Map;
  *
  * @author <a href="mailto:bburke@redhat.com">Bill Burke</a>
  */
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
 public class AdapterTest {
 
     public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
@@ -92,6 +95,10 @@ public class AdapterTest {
             url = getClass().getResource("/adapter-test/product-keycloak.json");
             deployApplication("product-portal", "/product-portal", ProductServlet.class, url.getPath(), "user");
 
+            // Test that replacing system properties works for adapters
+            System.setProperty("my.host.name", "localhost");
+            url = getClass().getResource("/adapter-test/session-keycloak.json");
+            deployApplication("session-portal", "/session-portal", SessionServlet.class, url.getPath(), "user");
         }
     };
 
@@ -416,6 +423,55 @@ public class AdapterTest {
         Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
     }
 
+    @Test
+    public void testSingleSessionInvalidated() throws Throwable {
+        AdapterTest browser1 = this;
+        AdapterTest browser2 = new AdapterTest();
 
+        loginAndCheckSession(browser1.driver, browser1.loginPage);
+
+        // Open browser2
+        browser2.webRule.before();
+        try {
+            browser2.loginAndCheckSession(browser2.driver, browser2.loginPage);
+
+            // Logout in browser1
+            String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
+                    .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/session-portal").build("demo").toString();
+            browser1.driver.navigate().to(logoutUri);
+            Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
+
+            // Assert that I am logged out in browser1
+            browser1.driver.navigate().to("http://localhost:8081/session-portal");
+            Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
+
+            // Assert that I am still logged in browser2 and same session is still preserved
+            browser2.driver.navigate().to("http://localhost:8081/session-portal");
+            Assert.assertEquals(browser2.driver.getCurrentUrl(), "http://localhost:8081/session-portal");
+            String pageSource = browser2.driver.getPageSource();
+            Assert.assertTrue(pageSource.contains("Counter=3"));
+
+            browser2.driver.navigate().to(logoutUri);
+            Assert.assertTrue(browser2.driver.getCurrentUrl().startsWith(LOGIN_URL));
+        } finally {
+            browser2.webRule.after();
+        }
+    }
+
+    private static void loginAndCheckSession(WebDriver driver, LoginPage loginPage) {
+        driver.navigate().to("http://localhost:8081/session-portal");
+        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+        loginPage.login("bburke@redhat.com", "password");
+        System.out.println("Current url: " + driver.getCurrentUrl());
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/session-portal");
+        String pageSource = driver.getPageSource();
+        Assert.assertTrue(pageSource.contains("Counter=1"));
+
+        // Counter increased now
+        driver.navigate().to("http://localhost:8081/session-portal");
+        pageSource = driver.getPageSource();
+        Assert.assertTrue(pageSource.contains("Counter=2"));
+
+    }
 
 }

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CustomerServlet.java

@@ -7,6 +7,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
 import javax.ws.rs.client.WebTarget;

testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/SessionServlet.java

@@ -0,0 +1,38 @@
+package org.keycloak.testsuite.adapter;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class SessionServlet extends HttpServlet {
+
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        String counter = increaseAndGetCounter(req);
+
+        resp.setContentType("text/html");
+        PrintWriter pw = resp.getWriter();
+        pw.printf("<html><head><title>%s</title></head><body>", "Session Test");
+        pw.printf("Counter=%s", counter);
+        pw.print("</body></html>");
+        pw.flush();
+
+
+    }
+
+    private String increaseAndGetCounter(HttpServletRequest req) {
+        HttpSession session = req.getSession();
+        Integer counter = (Integer)session.getAttribute("counter");
+        counter = (counter == null) ? 1 : counter + 1;
+        session.setAttribute("counter", counter);
+        return String.valueOf(counter);
+    }
+}

testsuite/integration/src/test/java/org/keycloak/testsuite/rule/WebRule.java

@@ -46,7 +46,7 @@ public class WebRule extends ExternalResource {
     }
 
     @Override
-    protected void before() throws Throwable {
+    public void before() throws Throwable {
         driver = createWebDriver();
         oauth = new OAuthClient(driver);
         initWebResources(test);
@@ -121,7 +121,7 @@ public class WebRule extends ExternalResource {
     }
 
     @Override
-    protected void after() {
+    public void after() {
         driver.manage().deleteAllCookies();
         driver.close();
     }

testsuite/integration/src/test/resources/adapter-test/demorealm.json

@@ -105,6 +105,16 @@
                 "http://localhost:8081/secure-portal/*"
             ],
             "secret": "password"
+        },
+        {
+            "name": "session-portal",
+            "enabled": true,
+            "adminUrl": "http://localhost:8081/session-portal",
+            "baseUrl": "http://localhost:8081/session-portal",
+            "redirectUris": [
+                "http://localhost:8081/session-portal/*"
+            ],
+            "secret": "password"
         }
     ],
     "oauthClients": [

testsuite/integration/src/test/resources/adapter-test/session-keycloak.json

@@ -0,0 +1,10 @@
+{
+  "realm" : "demo",
+  "resource" : "session-portal",
+  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "auth-server-url" : "http://${my.host.name}:8081/auth",
+  "ssl-required" : "external",
+  "credentials" : {
+      "secret": "password"
+   }
+}