Always filter on the master realm

src/IdServer/SimpleIdServer.IdServer.Startup/Program.cs

@@ -394,7 +394,6 @@ async void SeedData(WebApplication application, string scimBaseUrl)
         {
             var isInMemory = dbContext.Database.IsInMemory();
             if (!isInMemory) dbContext.Database.Migrate();
-            if (dbContext.Translations.Any()) return;
             var masterRealm = dbContext.Realms.FirstOrDefault(r => r.Name == SimpleIdServer.IdServer.Constants.StandardRealms.Master.Name) ?? SimpleIdServer.IdServer.Constants.StandardRealms.Master;
             if (!dbContext.Realms.Any())
                 dbContext.Realms.AddRange(SimpleIdServer.IdServer.Startup.IdServerConfiguration.Realms);

src/IdServer/SimpleIdServer.IdServer.Store.EF/ClientRepository.cs

@@ -60,13 +60,15 @@ public Task<List<Client>> GetByClientIds(string realm, List<string> clientIds, C
                 .ToListAsync(cancellationToken);
     }
 
-    public Task<List<Client>> GetByClientIdsAndExistingBackchannelLogoutUri(List<string> clientIds, CancellationToken cancellationToken)
+    public Task<List<Client>> GetByClientIdsAndExistingBackchannelLogoutUri(string realm, List<string> clientIds, CancellationToken cancellationToken)
     {
         return _dbContext.Clients
-            .Where(c => clientIds.Contains(c.ClientId) && !string.IsNullOrWhiteSpace(c.BackChannelLogoutUri))
+            .Include(c => c.Realms)
+            .Where(c => clientIds.Contains(c.ClientId) && c.Realms.Any(r => r.Name == realm) && !string.IsNullOrWhiteSpace(c.BackChannelLogoutUri))
             .ToListAsync();
     }
 
+
     public Task<List<Client>> GetByClientIdsAndExistingFrontchannelLogoutUri(string realm, List<string> clientIds, CancellationToken cancellationToken)
     {
         return _dbContext.Clients

src/IdServer/SimpleIdServer.IdServer.Store.SqlSugar/ClientRepository.cs

@@ -117,10 +117,11 @@ public async Task<List<Client>> GetByClientIds(string realm, List<string> client
             return result.Select(r => r.ToDomain()).ToList(); 
         }
 
-        public async Task<List<Client>> GetByClientIdsAndExistingBackchannelLogoutUri(List<string> clientIds, CancellationToken cancellationToken)
+        public async Task<List<Client>> GetByClientIdsAndExistingBackchannelLogoutUri(string realm, List<string> clientIds, CancellationToken cancellationToken)
         {
             var result = await _dbContext.Client.Queryable<SugarClient>()
-                .Where(c => clientIds.Contains(c.ClientId) && !string.IsNullOrWhiteSpace(c.BackChannelLogoutUri))
+                .Includes(c => c.Realms)
+                .Where(c => clientIds.Contains(c.ClientId) && c.Realms.Any(r => r.RealmsName == realm) && !string.IsNullOrWhiteSpace(c.BackChannelLogoutUri))
                 .ToListAsync();
             return result.Select(r => r.ToDomain()).ToList();
         }

src/IdServer/SimpleIdServer.IdServer/Api/Realms/RealmsController.cs

@@ -99,11 +99,11 @@ public async Task<IActionResult> Add([FromRoute] string prefix, [FromBody] AddRe
                     var realm = new Realm { Name = request.Name, Description = request.Description, CreateDateTime = DateTime.UtcNow, UpdateDateTime = DateTime.UtcNow };
                     var administratorRole = RealmRoleBuilder.BuildAdministrativeRole(realm);
                     var users = await _userRepository.GetUsersBySubjects(Constants.RealmStandardUsers, Constants.DefaultRealm, cancellationToken);
-                    var groups = await _groupRepository.GetAllByStrictFullPath(Constants.RealmStandardGroupsFullPath, cancellationToken);
-                    var clients = await _clientRepository.GetByClientIds(Constants.RealmStandardClients, cancellationToken);
-                    var scopes = await _scopeRepository.GetByNames(Constants.RealmStandardScopes, cancellationToken);
-                    var keys = await _fileSerializedKeyStore.GetByKeyIds(Constants.StandardKeyIds, cancellationToken);
-                    var acrs = await _authenticationContextClassReferenceRepository.GetByNames(Constants.StandardAcrNames, cancellationToken);
+                    var groups = await _groupRepository.GetAllByStrictFullPath(Constants.DefaultRealm, Constants.RealmStandardGroupsFullPath, cancellationToken);
+                    var clients = await _clientRepository.GetAll(Constants.DefaultRealm, Constants.RealmStandardClients, cancellationToken);
+                    var scopes = await _scopeRepository.GetAll(Constants.DefaultRealm, Constants.RealmStandardScopes, cancellationToken);
+                    var keys = await _fileSerializedKeyStore.GetAll(Constants.DefaultRealm, cancellationToken);
+                    var acrs = await _authenticationContextClassReferenceRepository.GetAll(cancellationToken);
                     _realmRepository.Add(realm);
                     foreach (var user in users)
                     {

src/IdServer/SimpleIdServer.IdServer/Api/Realms/RemoveRealmCommandConsumer.cs

@@ -77,7 +77,7 @@ private async Task RevokeRealmUserSessions(string realm, CancellationToken cance
                     .Where(s => !string.IsNullOrWhiteSpace(s))
                     .Distinct();
                 var sub = _authenticationHelper.GetLogin(activeSession.User);
-                var targetedClients = await _clientRepository.GetByClientIdsAndExistingBackchannelLogoutUri(clientIds.ToList(), CancellationToken.None);
+                var targetedClients = await _clientRepository.GetByClientIdsAndExistingBackchannelLogoutUri(realm, clientIds.ToList(), CancellationToken.None);
                 var sessionClients = targetedClients.Where(c => activeSession.ClientIds.Contains(c.ClientId));
                 activeSession.State = UserSessionStates.Rejected;
                 _userSessionRepository.Update(activeSession);

src/IdServer/SimpleIdServer.IdServer/Jobs/UserSessionJob.cs

@@ -56,7 +56,7 @@ public async Task Execute()
                             .Where(s => !string.IsNullOrWhiteSpace(s))
                             .Distinct();
 
-                        var targetedClients = await _clientRepository.GetByClientIdsAndExistingBackchannelLogoutUri(clientIds.ToList(), CancellationToken.None);
+                        var targetedClients = await _clientRepository.GetByClientIdsAndExistingBackchannelLogoutUri(group.Key, clientIds.ToList(), CancellationToken.None);
                         var sigCredentials = _keyStore.GetAllSigningKeys(group.Key);
                         await Parallel.ForEachAsync(group.Select(_ => _), async (inactiveSession, c) =>
                         {

src/IdServer/SimpleIdServer.IdServer/Stores/IClientRepository.cs

@@ -14,7 +14,7 @@ public interface IClientRepository
         Task<Client> GetByClientId(string realm, string clientId, CancellationToken cancellationToken);
         Task<List<Client>> GetByClientIds(List<string> clientIds, CancellationToken cancellationToken);
         Task<List<Client>> GetByClientIds(string realm, List<string> clientIds, CancellationToken cancellationToken);
-        Task<List<Client>> GetByClientIdsAndExistingBackchannelLogoutUri(List<string> clientIds, CancellationToken cancellationToken);
+        Task<List<Client>> GetByClientIdsAndExistingBackchannelLogoutUri(string realm, List<string> clientIds, CancellationToken cancellationToken);
         Task<List<Client>> GetByClientIdsAndExistingFrontchannelLogoutUri(string realm, List<string> clientIds, CancellationToken cancellationToken);
         Task<List<Client>> GetAll(string realm, CancellationToken cancellationToken);
         Task<List<Client>> GetAll(string realm, List<string> clientIds, CancellationToken cancellationToken);