diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java
index 6f76085..14f4c0f 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java
@@ -25,6 +25,7 @@ import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.cache.infinispan.entities.CachedClient;
+import java.security.MessageDigest;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -199,7 +200,7 @@ public class ClientAdapter implements ClientModel {
}
public boolean validateSecret(String secret) {
- return secret.equals(getSecret());
+ return MessageDigest.isEqual(secret.getBytes(), getSecret().getBytes());
}
public String getSecret() {
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
index 866f18a..ac1a738 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
@@ -32,6 +32,7 @@ import org.keycloak.models.jpa.entities.RoleEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import javax.persistence.EntityManager;
+import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@@ -208,7 +209,7 @@ public class ClientAdapter implements ClientModel, JpaModel<ClientEntity> {
@Override
public boolean validateSecret(String secret) {
- return secret.equals(entity.getSecret());
+ return MessageDigest.isEqual(secret.getBytes(), entity.getSecret().getBytes());
}
@Override
