keycloak-aplcache
Changes
forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js 24(+12 -12)
forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-tokens.html 54(+27 -27)
Details
diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index 66a0147..9c43eb6 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -10,13 +10,12 @@ import java.util.Set;
* @version $Revision: 1 $
*/
public class RealmRepresentation {
- protected String self; // link
protected String id;
protected String realm;
protected Integer notBefore;
protected Integer accessTokenLifespan;
- protected Integer refreshTokenLifespan;
- protected Integer centralLoginLifespan;
+ protected Integer ssoSessionIdleTimeout;
+ protected Integer ssoSessionMaxLifespan;
protected Integer accessCodeLifespan;
protected Integer accessCodeLifespanUserAction;
protected Boolean enabled;
@@ -62,14 +61,6 @@ public class RealmRepresentation {
protected long auditExpiration;
protected List<String> auditListeners;
- public String getSelf() {
- return self;
- }
-
- public void setSelf(String self) {
- this.self = self;
- }
-
public String getId() {
return id;
}
@@ -142,20 +133,20 @@ public class RealmRepresentation {
this.accessTokenLifespan = accessTokenLifespan;
}
- public Integer getRefreshTokenLifespan() {
- return refreshTokenLifespan;
+ public Integer getSsoSessionIdleTimeout() {
+ return ssoSessionIdleTimeout;
}
- public Integer getCentralLoginLifespan() {
- return centralLoginLifespan;
+ public void setSsoSessionIdleTimeout(Integer ssoSessionIdleTimeout) {
+ this.ssoSessionIdleTimeout = ssoSessionIdleTimeout;
}
- public void setCentralLoginLifespan(Integer centralLoginLifespan) {
- this.centralLoginLifespan = centralLoginLifespan;
+ public Integer getSsoSessionMaxLifespan() {
+ return ssoSessionMaxLifespan;
}
- public void setRefreshTokenLifespan(Integer refreshTokenLifespan) {
- this.refreshTokenLifespan = refreshTokenLifespan;
+ public void setSsoSessionMaxLifespan(Integer ssoSessionMaxLifespan) {
+ this.ssoSessionMaxLifespan = ssoSessionMaxLifespan;
}
public List<UserRoleMappingRepresentation> getRoleMappings() {
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js
index dd02ff2..5908977 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js
@@ -623,16 +623,16 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
$scope.realm.accessTokenLifespan = TimeUnit.convert($scope.realm.accessTokenLifespan, from, to);
});
- $scope.realm.centralLoginLifespanUnit = TimeUnit.autoUnit(realm.centralLoginLifespan);
- $scope.realm.centralLoginLifespan = TimeUnit.toUnit(realm.centralLoginLifespan, $scope.realm.centralLoginLifespanUnit);
- $scope.$watch('realm.centralLoginLifespanUnit', function(to, from) {
- $scope.realm.centralLoginLifespan = TimeUnit.convert($scope.realm.centralLoginLifespan, from, to);
+ $scope.realm.ssoSessionIdleTimeoutUnit = TimeUnit.autoUnit(realm.ssoSessionIdleTimeout);
+ $scope.realm.ssoSessionIdleTimeout = TimeUnit.toUnit(realm.ssoSessionIdleTimeout, $scope.realm.ssoSessionIdleTimeoutUnit);
+ $scope.$watch('realm.ssoSessionIdleTimeoutUnit', function(to, from) {
+ $scope.realm.ssoSessionIdleTimeout = TimeUnit.convert($scope.realm.ssoSessionIdleTimeout, from, to);
});
- $scope.realm.refreshTokenLifespanUnit = TimeUnit.autoUnit(realm.refreshTokenLifespan);
- $scope.realm.refreshTokenLifespan = TimeUnit.toUnit(realm.refreshTokenLifespan, $scope.realm.refreshTokenLifespanUnit);
- $scope.$watch('realm.refreshTokenLifespanUnit', function(to, from) {
- $scope.realm.refreshTokenLifespan = TimeUnit.convert($scope.realm.refreshTokenLifespan, from, to);
+ $scope.realm.ssoSessionMaxLifespanUnit = TimeUnit.autoUnit(realm.ssoSessionMaxLifespan);
+ $scope.realm.ssoSessionMaxLifespan = TimeUnit.toUnit(realm.ssoSessionMaxLifespan, $scope.realm.ssoSessionMaxLifespanUnit);
+ $scope.$watch('realm.ssoSessionMaxLifespanUnit', function(to, from) {
+ $scope.realm.ssoSessionMaxLifespan = TimeUnit.convert($scope.realm.ssoSessionMaxLifespan, from, to);
});
$scope.realm.accessCodeLifespanUnit = TimeUnit.autoUnit(realm.accessCodeLifespan);
@@ -660,14 +660,14 @@ module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http,
$scope.save = function() {
var realmCopy = angular.copy($scope.realm);
delete realmCopy["accessTokenLifespanUnit"];
- delete realmCopy["refreshTokenLifespanUnit"];
+ delete realmCopy["ssoSessionMaxLifespanUnit"];
delete realmCopy["accessCodeLifespanUnit"];
- delete realmCopy["centralLoginLifespanUnit"];
+ delete realmCopy["ssoSessionIdleTimeoutUnit"];
delete realmCopy["accessCodeLifespanUserActionUnit"];
realmCopy.accessTokenLifespan = TimeUnit.toSeconds($scope.realm.accessTokenLifespan, $scope.realm.accessTokenLifespanUnit)
- realmCopy.centralLoginLifespan = TimeUnit.toSeconds($scope.realm.centralLoginLifespan, $scope.realm.centralLoginLifespanUnit)
- realmCopy.refreshTokenLifespan = TimeUnit.toSeconds($scope.realm.refreshTokenLifespan, $scope.realm.refreshTokenLifespanUnit)
+ realmCopy.ssoSessionIdleTimeout = TimeUnit.toSeconds($scope.realm.ssoSessionIdleTimeout, $scope.realm.ssoSessionIdleTimeoutUnit)
+ realmCopy.ssoSessionMaxLifespan = TimeUnit.toSeconds($scope.realm.ssoSessionMaxLifespan, $scope.realm.ssoSessionMaxLifespanUnit)
realmCopy.accessCodeLifespan = TimeUnit.toSeconds($scope.realm.accessCodeLifespan, $scope.realm.accessCodeLifespanUnit)
realmCopy.accessCodeLifespanUserAction = TimeUnit.toSeconds($scope.realm.accessCodeLifespanUserAction, $scope.realm.accessCodeLifespanUserActionUnit)
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-tokens.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-tokens.html
index ba455e4..4dc0ffc 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-tokens.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-tokens.html
@@ -2,8 +2,8 @@
<div id="content-area" class="col-sm-9" role="main">
<ul class="nav nav-tabs nav-tabs-pf" data-ng-show="!create">
<li><a href="#/realms/{{realm.realm}}/sessions/realm">Realm Sessions</a></li>
- <li><a href="#/realms/{{realm.realm}}/token-settings">Token Settings</a></li>
- <li class="active"><a href="#/realms/{{realm.realm}}/sessions/revocation">Revocation</a></li>
+ <li class="active"><a href="#/realms/{{realm.realm}}/token-settings">Token Settings</a></li>
+ <li><a href="#/realms/{{realm.realm}}/sessions/revocation">Revocation</a></li>
<li><a href="#/realms/{{realm.realm}}/sessions/brute-force">Brute Force</a></li>
</ul>
<div id="content">
@@ -15,17 +15,37 @@
<form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
<fieldset class="border-top">
<div class="form-group input-select">
- <label class="col-sm-2 control-label" for="centralLoginLifespan">Central Login Lifespan</label>
+ <label class="col-sm-2 control-label" for="ssoSessionIdleTimeout">SSO Session Idle Timeout</label>
<div class="col-sm-10">
<div class="row">
<div class="col-sm-2">
<input class="form-control" type="number" required min="1"
- max="31536000" data-ng-model="realm.centralLoginLifespan"
- id="centralLoginLifespan" name="centralLoginLifespan"/>
+ max="31536000" data-ng-model="realm.ssoSessionIdleTimeout"
+ id="ssoSessionIdleTimeout" name="ssoSessionIdleTimeout"/>
</div>
<div class="col-sm-2 select-kc">
- <select name="centralLoginLifespanUnit" data-ng-model="realm.centralLoginLifespanUnit" >
- <option data-ng-selected="!realm.centralLoginLifespanUnit">Seconds</option>
+ <select name="ssoSessionIdleTimeoutUnit" data-ng-model="realm.ssoSessionIdleTimeoutUnit" >
+ <option data-ng-selected="!realm.ssoSessionIdleTimeoutUnit">Seconds</option>
+ <option>Minutes</option>
+ <option>Hours</option>
+ <option>Days</option>
+ </select>
+ </div>
+ </div>
+ </div>
+ </div>
+ <div class="form-group input-select">
+ <label class="col-sm-2 control-label" for="ssoSessionMaxLifespan">SSO Session Max Lifespan</label>
+ <div class="col-sm-10">
+ <div class="row">
+ <div class="col-sm-2">
+ <input class="form-control" type="number" required min="1"
+ max="31536000" data-ng-model="realm.ssoSessionMaxLifespan"
+ id="ssoSessionMaxLifespan" name="ssoSessionMaxLifespan"/>
+ </div>
+ <div class="col-sm-2 select-kc">
+ <select name="ssoSessionMaxLifespanUnit" data-ng-model="realm.ssoSessionMaxLifespanUnit" >
+ <option data-ng-selected="!realm.ssoSessionMaxLifespanUnit">Seconds</option>
<option>Minutes</option>
<option>Hours</option>
<option>Days</option>
@@ -90,26 +110,6 @@
</div>
</div>
</div>
- <div class="form-group input-select">
- <label class="col-sm-2 control-label" for="refreshTokenLifespan">Refresh token lifespan</label>
- <div class="col-sm-10">
- <div class="row">
- <div class="col-sm-2">
- <input class="form-control" type="number" required min="1"
- max="31536000" data-ng-model="realm.refreshTokenLifespan"
- id="refreshTokenLifespan" name="refreshTokenLifespan"/>
- </div>
- <div class="col-sm-2 select-kc">
- <select name="refreshTokenLifespanUnit" data-ng-model="realm.refreshTokenLifespanUnit" >
- <option data-ng-selected="!realm.refreshTokenLifespanUnit">Seconds</option>
- <option>Minutes</option>
- <option>Hours</option>
- <option>Days</option>
- </select>
- </div>
- </div>
- </div>
- </div>
</fieldset>
<div class="pull-right form-actions" data-ng-show="access.manageRealm">
<button kc-reset data-ng-show="changed">Clear changes</button>
diff --git a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
index d7fde9c..d19ca09 100755
--- a/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
@@ -30,11 +30,11 @@ public class RealmEntity extends AbstractIdentifiableEntity {
private int failureFactor;
//--- end brute force settings
- private int centralLoginLifespan;
+ private int ssoSessionIdleTimeout;
+ private int ssoSessionMaxLifespan;
private int accessTokenLifespan;
private int accessCodeLifespan;
private int accessCodeLifespanUserAction;
- private int refreshTokenLifespan;
private int notBefore;
private String publicKeyPem;
@@ -196,12 +196,20 @@ public class RealmEntity extends AbstractIdentifiableEntity {
this.failureFactor = failureFactor;
}
- public int getCentralLoginLifespan() {
- return centralLoginLifespan;
+ public int getSsoSessionIdleTimeout() {
+ return ssoSessionIdleTimeout;
}
- public void setCentralLoginLifespan(int centralLoginLifespan) {
- this.centralLoginLifespan = centralLoginLifespan;
+ public void setSsoSessionIdleTimeout(int ssoSessionIdleTimeout) {
+ this.ssoSessionIdleTimeout = ssoSessionIdleTimeout;
+ }
+
+ public int getSsoSessionMaxLifespan() {
+ return ssoSessionMaxLifespan;
+ }
+
+ public void setSsoSessionMaxLifespan(int ssoSessionMaxLifespan) {
+ this.ssoSessionMaxLifespan = ssoSessionMaxLifespan;
}
public int getAccessTokenLifespan() {
@@ -228,14 +236,6 @@ public class RealmEntity extends AbstractIdentifiableEntity {
this.accessCodeLifespanUserAction = accessCodeLifespanUserAction;
}
- public int getRefreshTokenLifespan() {
- return refreshTokenLifespan;
- }
-
- public void setRefreshTokenLifespan(int refreshTokenLifespan) {
- this.refreshTokenLifespan = refreshTokenLifespan;
- }
-
public int getNotBefore() {
return notBefore;
}
diff --git a/model/api/src/main/java/org/keycloak/models/RealmModel.java b/model/api/src/main/java/org/keycloak/models/RealmModel.java
index ac91fc7..c48613b 100755
--- a/model/api/src/main/java/org/keycloak/models/RealmModel.java
+++ b/model/api/src/main/java/org/keycloak/models/RealmModel.java
@@ -59,25 +59,23 @@ public interface RealmModel extends RoleContainerModel, RoleMapperModel, ScopeMa
void setResetPasswordAllowed(boolean resetPasswordAllowed);
- int getCentralLoginLifespan();
+ int getSsoSessionIdleTimeout();
+ void setSsoSessionIdleTimeout(int seconds);
- void setCentralLoginLifespan(int lifespan);
+ int getSsoSessionMaxLifespan();
+ void setSsoSessionMaxLifespan(int seconds);
int getAccessTokenLifespan();
- void setAccessTokenLifespan(int tokenLifespan);
-
- int getRefreshTokenLifespan();
-
- void setRefreshTokenLifespan(int tokenLifespan);
+ void setAccessTokenLifespan(int seconds);
int getAccessCodeLifespan();
- void setAccessCodeLifespan(int accessCodeLifespan);
+ void setAccessCodeLifespan(int seconds);
int getAccessCodeLifespanUserAction();
- void setAccessCodeLifespanUserAction(int accessCodeLifespanUserAction);
+ void setAccessCodeLifespanUserAction(int seconds);
String getPublicKeyPem();
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
index 2051109..c5bf40c 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
@@ -60,11 +60,11 @@ public class RealmEntity {
protected boolean updateProfileOnInitialSocialLogin;
protected String passwordPolicy;
- protected int centralLoginLifespan;
+ private int ssoSessionIdleTimeout;
+ private int ssoSessionMaxLifespan;
protected int accessTokenLifespan;
protected int accessCodeLifespan;
protected int accessCodeLifespanUserAction;
- protected int refreshTokenLifespan;
protected int notBefore;
@Column(length = 2048)
@@ -201,20 +201,20 @@ public class RealmEntity {
this.updateProfileOnInitialSocialLogin = updateProfileOnInitialSocialLogin;
}
- public int getCentralLoginLifespan() {
- return centralLoginLifespan;
+ public int getSsoSessionIdleTimeout() {
+ return ssoSessionIdleTimeout;
}
- public void setCentralLoginLifespan(int centralLoginLifespan) {
- this.centralLoginLifespan = centralLoginLifespan;
+ public void setSsoSessionIdleTimeout(int ssoSessionIdleTimeout) {
+ this.ssoSessionIdleTimeout = ssoSessionIdleTimeout;
}
- public int getRefreshTokenLifespan() {
- return refreshTokenLifespan;
+ public int getSsoSessionMaxLifespan() {
+ return ssoSessionMaxLifespan;
}
- public void setRefreshTokenLifespan(int refreshTokenLifespan) {
- this.refreshTokenLifespan = refreshTokenLifespan;
+ public void setSsoSessionMaxLifespan(int ssoSessionMaxLifespan) {
+ this.ssoSessionMaxLifespan = ssoSessionMaxLifespan;
}
public int getAccessTokenLifespan() {
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index d462e65..1ac2b6d 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -246,25 +246,23 @@ public class RealmAdapter implements RealmModel {
}
@Override
- public int getCentralLoginLifespan() {
- return realm.getCentralLoginLifespan();
+ public int getSsoSessionIdleTimeout() {
+ return realm.getSsoSessionIdleTimeout();
}
@Override
- public void setCentralLoginLifespan(int lifespan) {
- realm.setCentralLoginLifespan(lifespan);
- em.flush();
+ public void setSsoSessionIdleTimeout(int seconds) {
+ realm.setSsoSessionIdleTimeout(seconds);
}
@Override
- public int getRefreshTokenLifespan() {
- return realm.getRefreshTokenLifespan();
+ public int getSsoSessionMaxLifespan() {
+ return realm.getSsoSessionMaxLifespan();
}
@Override
- public void setRefreshTokenLifespan(int tokenLifespan) {
- realm.setRefreshTokenLifespan(tokenLifespan);
- em.flush();
+ public void setSsoSessionMaxLifespan(int seconds) {
+ realm.setSsoSessionMaxLifespan(seconds);
}
@Override
@@ -1391,7 +1389,7 @@ public class RealmAdapter implements RealmModel {
entity.setIpAddress(ipAddress);
int currentTime = Time.currentTime();
- int expires = currentTime + realm.getCentralLoginLifespan();
+ int expires = currentTime + realm.getSsoSessionIdleTimeout();
entity.setStarted(currentTime);
entity.setExpires(expires);
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index 9791740..d9590bb 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -281,39 +281,38 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
@Override
- public int getAccessTokenLifespan() {
- return realm.getAccessTokenLifespan();
+ public int getSsoSessionIdleTimeout() {
+ return realm.getSsoSessionIdleTimeout();
}
@Override
- public void setAccessTokenLifespan(int tokenLifespan) {
- realm.setAccessTokenLifespan(tokenLifespan);
- updateRealm();
+ public void setSsoSessionIdleTimeout(int seconds) {
+ realm.setSsoSessionIdleTimeout(seconds);
}
@Override
- public int getCentralLoginLifespan() {
- return realm.getCentralLoginLifespan();
+ public int getSsoSessionMaxLifespan() {
+ return realm.getSsoSessionMaxLifespan();
}
@Override
- public void setCentralLoginLifespan(int lifespan) {
- realm.setCentralLoginLifespan(lifespan);
- updateRealm();
+ public void setSsoSessionMaxLifespan(int seconds) {
+ realm.setSsoSessionMaxLifespan(seconds);
}
-
@Override
- public int getRefreshTokenLifespan() {
- return realm.getRefreshTokenLifespan();
+ public int getAccessTokenLifespan() {
+ return realm.getAccessTokenLifespan();
}
@Override
- public void setRefreshTokenLifespan(int tokenLifespan) {
- realm.setRefreshTokenLifespan(tokenLifespan);
+ public void setAccessTokenLifespan(int tokenLifespan) {
+ realm.setAccessTokenLifespan(tokenLifespan);
updateRealm();
}
+
+
@Override
public int getAccessCodeLifespan() {
return realm.getAccessCodeLifespan();
@@ -1357,7 +1356,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
entity.setIpAddress(ipAddress);
int currentTime = Time.currentTime();
- int expires = currentTime + realm.getCentralLoginLifespan();
+ int expires = currentTime + realm.getSsoSessionIdleTimeout();
entity.setStarted(currentTime);
entity.setExpires(expires);
diff --git a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
index b15de5d..be26f44 100755
--- a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java
@@ -726,7 +726,7 @@ public class AdapterTest extends AbstractModelTest {
@Test
public void userSessions() throws InterruptedException {
realmManager.createRealm("userSessions");
- realmManager.getRealmByName("userSessions").setCentralLoginLifespan(5);
+ realmManager.getRealmByName("userSessions").setSsoSessionIdleTimeout(5);
UserModel user = realmManager.getRealmByName("userSessions").addUser("userSessions1");
@@ -749,7 +749,7 @@ public class AdapterTest extends AbstractModelTest {
assertNull(realmManager.getRealmByName("userSessions").getUserSession(userSession.getId()));
- realmManager.getRealmByName("userSessions").setCentralLoginLifespan(1);
+ realmManager.getRealmByName("userSessions").setSsoSessionIdleTimeout(1);
userSession = realmManager.getRealmByName("userSessions").createUserSession(user, "127.0.0.1");
commit();
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
index aff58a7..1ef7d7c 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
@@ -54,9 +54,9 @@ public class ApplianceBootstrap {
realm.setName(adminRealmName);
realm.setEnabled(true);
realm.addRequiredCredential(CredentialRepresentation.PASSWORD);
- realm.setCentralLoginLifespan(3000);
+ realm.setSsoSessionIdleTimeout(300);
realm.setAccessTokenLifespan(60);
- realm.setRefreshTokenLifespan(3600);
+ realm.setSsoSessionMaxLifespan(36000);
realm.setAccessCodeLifespan(60);
realm.setAccessCodeLifespanUserAction(300);
realm.setSslNotRequired(true);
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index c3b9eec..e6816c0 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -71,26 +71,25 @@ public class AuthenticationManager {
if (session != null) {
token.setSessionState(session.getId());
}
- if (realm.getCentralLoginLifespan() > 0) {
- token.expiration(Time.currentTime() + realm.getCentralLoginLifespan());
+ if (realm.getSsoSessionIdleTimeout() > 0) {
+ token.expiration(Time.currentTime() + realm.getSsoSessionIdleTimeout());
}
return token;
}
public void createLoginCookie(Response.ResponseBuilder builder, RealmModel realm, UserModel user, UserSessionModel session, UriInfo uriInfo, boolean rememberMe) {
logger.info("createLoginCookie");
- String cookieName = KEYCLOAK_IDENTITY_COOKIE;
String cookiePath = getIdentityCookiePath(realm, uriInfo);
AccessToken identityToken = createIdentityToken(realm, user, session);
String encoded = encodeToken(realm, identityToken);
boolean secureOnly = !realm.isSslNotRequired();
- logger.debugv("creatingLoginCookie - name: {0} path: {1}", cookieName, cookiePath);
+ logger.debugv("creatingLoginCookie - name: {0} path: {1}", KEYCLOAK_IDENTITY_COOKIE, cookiePath);
int maxAge = NewCookie.DEFAULT_MAX_AGE;
if (rememberMe) {
- maxAge = realm.getCentralLoginLifespan();
+ maxAge = realm.getSsoSessionIdleTimeout();
logger.info("createLoginCookie maxAge: " + maxAge);
}
- CookieHelper.addCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly, true);
+ CookieHelper.addCookie(KEYCLOAK_IDENTITY_COOKIE, encoded, cookiePath, null, null, maxAge, secureOnly, true);
//builder.cookie(new NewCookie(cookieName, encoded, cookiePath, null, null, maxAge, secureOnly));// todo httponly , true);
String sessionCookieValue = realm.getName() + "-" + user.getId();
@@ -107,7 +106,7 @@ public class AuthenticationManager {
boolean secureOnly = !realm.isSslNotRequired();
// remember me cookie should be persistent
//NewCookie cookie = new NewCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly);// todo httponly , true);
- CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getCentralLoginLifespan(), secureOnly, true);
+ CookieHelper.addCookie(KEYCLOAK_REMEMBER_ME, "true", path, null, null, realm.getSsoSessionIdleTimeout(), secureOnly, true);
}
protected String encodeToken(RealmModel realm, Object token) {
diff --git a/services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java b/services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java
index f2d34b8..91c7686 100755
--- a/services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java
+++ b/services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java
@@ -90,8 +90,8 @@ public class ModelToRepresentation {
rep.setVerifyEmail(realm.isVerifyEmail());
rep.setResetPasswordAllowed(realm.isResetPasswordAllowed());
rep.setAccessTokenLifespan(realm.getAccessTokenLifespan());
- rep.setCentralLoginLifespan(realm.getCentralLoginLifespan());
- rep.setRefreshTokenLifespan(realm.getRefreshTokenLifespan());
+ rep.setSsoSessionIdleTimeout(realm.getSsoSessionIdleTimeout());
+ rep.setSsoSessionMaxLifespan(realm.getSsoSessionMaxLifespan());
rep.setAccessCodeLifespan(realm.getAccessCodeLifespan());
rep.setAccessCodeLifespanUserAction(realm.getAccessCodeLifespanUserAction());
rep.setSmtpServer(realm.getSmtpConfig());
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index 8410776..43e9630 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -186,8 +186,8 @@ public class RealmManager {
realm.setAccessCodeLifespanUserAction(rep.getAccessCodeLifespanUserAction());
if (rep.getNotBefore() != null) realm.setNotBefore(rep.getNotBefore());
if (rep.getAccessTokenLifespan() != null) realm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
- if (rep.getRefreshTokenLifespan() != null) realm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan());
- if (rep.getCentralLoginLifespan() != null) realm.setCentralLoginLifespan(rep.getCentralLoginLifespan());
+ if (rep.getSsoSessionIdleTimeout() != null) realm.setSsoSessionIdleTimeout(rep.getSsoSessionIdleTimeout());
+ if (rep.getSsoSessionMaxLifespan() != null) realm.setSsoSessionMaxLifespan(rep.getSsoSessionMaxLifespan());
if (rep.getRequiredCredentials() != null) {
realm.updateRequiredCredentials(rep.getRequiredCredentials());
}
@@ -313,10 +313,10 @@ public class RealmManager {
if (rep.getAccessTokenLifespan() != null) newRealm.setAccessTokenLifespan(rep.getAccessTokenLifespan());
else newRealm.setAccessTokenLifespan(300);
- if (rep.getRefreshTokenLifespan() != null) newRealm.setRefreshTokenLifespan(rep.getRefreshTokenLifespan());
- else newRealm.setRefreshTokenLifespan(36000);
- if (rep.getCentralLoginLifespan() != null) newRealm.setCentralLoginLifespan(rep.getCentralLoginLifespan());
- else newRealm.setCentralLoginLifespan(300);
+ if (rep.getSsoSessionIdleTimeout() != null) newRealm.setSsoSessionIdleTimeout(rep.getSsoSessionIdleTimeout());
+ else newRealm.setSsoSessionIdleTimeout(600);
+ if (rep.getSsoSessionMaxLifespan() != null) newRealm.setSsoSessionMaxLifespan(rep.getSsoSessionMaxLifespan());
+ else newRealm.setSsoSessionMaxLifespan(36000);
if (rep.getAccessCodeLifespan() != null) newRealm.setAccessCodeLifespan(rep.getAccessCodeLifespan());
else newRealm.setAccessCodeLifespan(60);
diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
index 4995e81..9e4b60a 100755
--- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java
@@ -375,7 +375,7 @@ public class TokenManager {
refreshToken = new RefreshToken(accessToken);
refreshToken.id(KeycloakModelUtils.generateId());
refreshToken.issuedNow();
- refreshToken.expiration(Time.currentTime() + realm.getRefreshTokenLifespan());
+ refreshToken.expiration(Time.currentTime() + realm.getSsoSessionIdleTimeout());
return this;
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
index 5954d10..aa5004b 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
@@ -60,9 +60,9 @@ public class CompositeRoleTest {
RealmModel realm = manager.createRealm("Test");
manager.generateRealmKeys(realm);
realmPublicKey = realm.getPublicKey();
- realm.setCentralLoginLifespan(3000);
+ realm.setSsoSessionIdleTimeout(3000);
realm.setAccessTokenLifespan(10000);
- realm.setRefreshTokenLifespan(10000);
+ realm.setSsoSessionMaxLifespan(10000);
realm.setAccessCodeLifespanUserAction(1000);
realm.setAccessCodeLifespan(1000);
realm.setSslNotRequired(true);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
index 030bec7..b661790 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
@@ -93,7 +93,8 @@ public class RefreshTokenTest {
Assert.assertEquals("bearer", tokenResponse.getTokenType());
Assert.assertThat(token.getExpiration() - Time.currentTime(), allOf(greaterThanOrEqualTo(250), lessThanOrEqualTo(300)));
- Assert.assertThat(refreshToken.getExpiration() - Time.currentTime(), allOf(greaterThanOrEqualTo(35950), lessThanOrEqualTo(36000)));
+ int actual = refreshToken.getExpiration() - Time.currentTime();
+ Assert.assertThat(actual, allOf(greaterThanOrEqualTo(559), lessThanOrEqualTo(600)));
Assert.assertEquals(sessionId, refreshToken.getSessionState());