mirror of https://github.com/jacekkow/keycloak-protocol-cas

Unknown
2017-07-26 8c9be26e6a05af07a7439ea29afd67e29b97fd5f
commit | author | age
7f7e0c 1 package org.keycloak.protocol.cas;
MP 2
57a6c1 3 import org.apache.http.HttpEntity;
MP 4 import org.jboss.logging.Logger;
7f7e0c 5 import org.keycloak.common.util.KeycloakUriBuilder;
MP 6 import org.keycloak.events.EventBuilder;
7 import org.keycloak.events.EventType;
4a6620 8 import org.keycloak.forms.login.LoginFormsProvider;
7f7e0c 9 import org.keycloak.models.*;
MP 10 import org.keycloak.protocol.LoginProtocol;
57a6c1 11 import org.keycloak.protocol.cas.utils.LogoutHelper;
7f7e0c 12 import org.keycloak.services.managers.ClientSessionCode;
MP 13 import org.keycloak.services.managers.ResourceAdminManager;
14
15 import javax.ws.rs.core.HttpHeaders;
16 import javax.ws.rs.core.Response;
17 import javax.ws.rs.core.UriInfo;
57a6c1 18 import java.io.IOException;
7f7e0c 19 import java.net.URI;
MP 20
21 public class CASLoginProtocol implements LoginProtocol {
57a6c1 22     private static final Logger logger = Logger.getLogger(CASLoginProtocol.class);
MP 23
7f7e0c 24     public static final String LOGIN_PROTOCOL = "cas";
MP 25
26     public static final String SERVICE_PARAM = "service";
27     public static final String RENEW_PARAM = "renew";
28     public static final String GATEWAY_PARAM = "gateway";
29     public static final String TICKET_PARAM = "ticket";
30     public static final String FORMAT_PARAM = "format";
31
32     public static final String TICKET_RESPONSE_PARAM = "ticket";
33
34     public static final String SERVICE_TICKET_PREFIX = "ST-";
57a6c1 35     public static final String SESSION_SERVICE_TICKET = "service_ticket";
4a6620 36
MP 37     public static final String LOGOUT_REDIRECT_URI = "CAS_LOGOUT_REDIRECT_URI";
7f7e0c 38
MP 39     protected KeycloakSession session;
40     protected RealmModel realm;
41     protected UriInfo uriInfo;
42     protected HttpHeaders headers;
43     protected EventBuilder event;
44
7124d2 45     public CASLoginProtocol(KeycloakSession session, RealmModel realm, UriInfo uriInfo, HttpHeaders headers, EventBuilder event) {
7f7e0c 46         this.session = session;
MP 47         this.realm = realm;
48         this.uriInfo = uriInfo;
49         this.headers = headers;
50         this.event = event;
51     }
52
53     public CASLoginProtocol() {
54     }
55
56     @Override
57     public CASLoginProtocol setSession(KeycloakSession session) {
58         this.session = session;
59         return this;
60     }
61
62     @Override
63     public CASLoginProtocol setRealm(RealmModel realm) {
64         this.realm = realm;
65         return this;
66     }
67
68     @Override
69     public CASLoginProtocol setUriInfo(UriInfo uriInfo) {
70         this.uriInfo = uriInfo;
71         return this;
72     }
73
74     @Override
75     public CASLoginProtocol setHttpHeaders(HttpHeaders headers) {
76         this.headers = headers;
77         return this;
78     }
79
80     @Override
81     public CASLoginProtocol setEventBuilder(EventBuilder event) {
82         this.event = event;
83         return this;
84     }
85
86     @Override
87     public Response authenticated(UserSessionModel userSession, ClientSessionCode accessCode) {
88         ClientSessionModel clientSession = accessCode.getClientSession();
89
90         String service = clientSession.getRedirectUri();
91         //TODO validate service
92         accessCode.setAction(ClientSessionModel.Action.CODE_TO_TOKEN.name());
93         KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service);
94         uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + accessCode.getCode());
95
96         URI redirectUri = uriBuilder.build();
97
98         Response.ResponseBuilder location = Response.status(302).location(redirectUri);
99         return location.build();
100     }
101
102     @Override
103     public Response sendError(ClientSessionModel clientSession, Error error) {
104         return Response.serverError().entity(error).build();
105     }
106
107     @Override
108     public void backchannelLogout(UserSessionModel userSession, ClientSessionModel clientSession) {
57a6c1 109         String logoutUrl = clientSession.getRedirectUri();
MP 110         String serviceTicket = clientSession.getNote(CASLoginProtocol.SESSION_SERVICE_TICKET);
111         //check if session is fully authenticated (i.e. serviceValidate has been called)
112         if (serviceTicket != null && !serviceTicket.isEmpty()) {
113             sendSingleLogoutRequest(logoutUrl, serviceTicket);
114         }
7f7e0c 115         ClientModel client = clientSession.getClient();
MP 116         new ResourceAdminManager(session).logoutClientSession(uriInfo.getRequestUri(), realm, client, clientSession);
117     }
118
57a6c1 119     private void sendSingleLogoutRequest(String logoutUrl, String serviceTicket) {
MP 120         HttpEntity requestEntity = LogoutHelper.buildSingleLogoutRequest(serviceTicket);
121         try {
122             LogoutHelper.postWithRedirect(session, logoutUrl, requestEntity);
123             logger.debug("Sent CAS single logout for service " + logoutUrl);
124         } catch (IOException e) {
125             logger.warn("Failed to call CAS service for logout: " + logoutUrl, e);
126         }
127     }
128
7f7e0c 129     @Override
MP 130     public Response frontchannelLogout(UserSessionModel userSession, ClientSessionModel clientSession) {
131         // todo oidc redirect support
132         throw new RuntimeException("NOT IMPLEMENTED");
133     }
134
135     @Override
136     public Response finishLogout(UserSessionModel userSession) {
4a6620 137         String redirectUri = userSession.getNote(CASLoginProtocol.LOGOUT_REDIRECT_URI);
MP 138
7f7e0c 139         event.event(EventType.LOGOUT);
MP 140         event.user(userSession.getUser()).session(userSession).success();
4a6620 141         LoginFormsProvider infoPage = session.getProvider(LoginFormsProvider.class).setSuccess("Logout successful");
MP 142         if (redirectUri != null) {
143             infoPage.setAttribute("pageRedirectUri", redirectUri);
144         } else {
145             infoPage.setAttribute("skipLink", true);
146         }
147         return infoPage.createInfoPage();
7f7e0c 148     }
MP 149
150     @Override
151     public boolean requireReauthentication(UserSessionModel userSession, ClientSessionModel clientSession) {
7124d2 152         return "true".equals(clientSession.getNote(CASLoginProtocol.RENEW_PARAM));
7f7e0c 153     }
MP 154
155     @Override
156     public void close() {
157
158     }
159 }