Details
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
index 851a450..5443a7e 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
@@ -32,6 +32,7 @@ import org.keycloak.adapters.AdapterConstants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
@@ -45,6 +46,7 @@ import org.keycloak.services.resources.admin.AdminRoot;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
+import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.keycloak.testutils.KeycloakServer;
@@ -64,6 +66,7 @@ import java.net.URI;
import java.net.URL;
import java.security.PublicKey;
import java.util.Map;
+import java.util.concurrent.atomic.AtomicInteger;
/**
* Tests Undertow Adapter
@@ -422,6 +425,11 @@ public class AdapterTest {
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
}
+ /**
+ * KEYCLOAK-732
+ *
+ * @throws Throwable
+ */
@Test
public void testSingleSessionInvalidated() throws Throwable {
AdapterTest browser1 = this;
@@ -457,6 +465,57 @@ public class AdapterTest {
}
}
+ /**
+ * KEYCLOAK-741
+ */
+ @Test
+ public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
+ final AtomicInteger origTokenLifespan = new AtomicInteger();
+
+ // Delete adminUrl and set short accessTokenLifespan
+ keycloakRule.update(new KeycloakRule.KeycloakSetup() {
+ @Override
+ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
+ ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal");
+ sessionPortal.setManagementUrl(null);
+
+ origTokenLifespan.set(demoRealm.getAccessTokenLifespan());
+ demoRealm.setAccessTokenLifespan(1);
+ }
+ }, "demo");
+
+ // Login
+ loginAndCheckSession(driver, loginPage);
+
+ // Logout
+ String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
+ .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/session-portal").build("demo").toString();
+ driver.navigate().to(logoutUri);
+
+ // Wait until accessToken is expired
+ Thread.sleep(2000);
+
+ // Assert that http session was invalidated
+ driver.navigate().to("http://localhost:8081/session-portal");
+ Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
+ loginPage.login("bburke@redhat.com", "password");
+ Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/session-portal");
+ String pageSource = driver.getPageSource();
+ Assert.assertTrue(pageSource.contains("Counter=1"));
+
+ keycloakRule.update(new KeycloakRule.KeycloakSetup() {
+
+ @Override
+ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
+ ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal");
+ sessionPortal.setManagementUrl("http://localhost:8081/session-portal");
+
+ demoRealm.setAccessTokenLifespan(origTokenLifespan.get());
+ }
+
+ }, "demo");
+ }
+
private static void loginAndCheckSession(WebDriver driver, LoginPage loginPage) {
driver.navigate().to("http://localhost:8081/session-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
index b0fd095..7b616f3 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/AbstractKeycloakRule.java
@@ -83,6 +83,25 @@ public abstract class AbstractKeycloakRule extends ExternalResource {
}
}
+ public void update(KeycloakRule.KeycloakSetup configurer, String realmId) {
+ KeycloakSession session = server.getSessionFactory().create();
+ session.getTransaction().begin();
+
+ try {
+ RealmManager manager = new RealmManager(session);
+
+ RealmModel adminstrationRealm = manager.getRealm(Config.getAdminRealm());
+ RealmModel appRealm = manager.getRealm(realmId);
+
+ configurer.session = session;
+ configurer.config(manager, adminstrationRealm, appRealm);
+
+ session.getTransaction().commit();
+ } finally {
+ session.close();
+ }
+ }
+
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java
index 481b1d8..74df6c8 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java
@@ -81,22 +81,7 @@ public class KeycloakRule extends AbstractKeycloakRule {
}
public void update(KeycloakSetup configurer) {
- KeycloakSession session = server.getSessionFactory().create();
- session.getTransaction().begin();
-
- try {
- RealmManager manager = new RealmManager(session);
-
- RealmModel adminstrationRealm = manager.getRealm(Config.getAdminRealm());
- RealmModel appRealm = manager.getRealm("test");
-
- configurer.session = session;
- configurer.config(manager, adminstrationRealm, appRealm);
-
- session.getTransaction().commit();
- } finally {
- session.close();
- }
+ update(configurer, "test");
}
diff --git a/testsuite/integration/src/test/resources/adapter-test/demorealm.json b/testsuite/integration/src/test/resources/adapter-test/demorealm.json
index abc8e40..fc6ebae 100755
--- a/testsuite/integration/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/integration/src/test/resources/adapter-test/demorealm.json
@@ -1,4 +1,5 @@
{
+ "id": "demo",
"realm": "demo",
"enabled": true,
"accessTokenLifespan": 3000,
