mirror of https://github.com/jacekkow/keycloak-protocol-cas

Gabriel Landais
2022-04-22 d5f868839f07638596a8da48d5b42c083108b121
commit | author | age
7f7e0c 1 package org.keycloak.protocol.cas.endpoints;
MP 2
3 import org.jboss.logging.Logger;
4 import org.keycloak.events.Details;
5 import org.keycloak.events.Errors;
6 import org.keycloak.events.EventBuilder;
7 import org.keycloak.events.EventType;
8 import org.keycloak.models.ClientModel;
9 import org.keycloak.models.RealmModel;
10 import org.keycloak.protocol.AuthorizationEndpointBase;
11 import org.keycloak.protocol.cas.CASLoginProtocol;
12 import org.keycloak.protocol.oidc.utils.RedirectUtils;
13 import org.keycloak.services.ErrorPageException;
14 import org.keycloak.services.messages.Messages;
15 import org.keycloak.services.util.CacheControlUtil;
f75caf 16 import org.keycloak.sessions.AuthenticationSessionModel;
7f7e0c 17
MP 18 import javax.ws.rs.GET;
19 import javax.ws.rs.core.MultivaluedMap;
20 import javax.ws.rs.core.Response;
21
22 public class AuthorizationEndpoint extends AuthorizationEndpointBase {
23     private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class);
24
25     private ClientModel client;
f75caf 26     private AuthenticationSessionModel authenticationSession;
7f7e0c 27     private String redirectUri;
MP 28
29     public AuthorizationEndpoint(RealmModel realm, EventBuilder event) {
30         super(realm, event);
31         event.event(EventType.LOGIN);
32     }
33
34     @GET
35     public Response build() {
dee145 36         MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters();
7f7e0c 37         String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM);
891484 38
DR 39         boolean isSaml11Request = false;
40         if (service == null && params.containsKey(CASLoginProtocol.TARGET_PARAM)) {
41             // SAML 1.1 authorization uses the TARGET parameter instead of service
42             service = params.getFirst(CASLoginProtocol.TARGET_PARAM);
43             isSaml11Request = true;
44         }
7124d2 45         boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);
MP 46         boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM);
7f7e0c 47
MP 48         checkSsl();
49         checkRealm();
50         checkClient(service);
51
6638b8 52         authenticationSession = createAuthenticationSession(client, null);
f75caf 53         updateAuthenticationSession();
MP 54
7f7e0c 55         // So back button doesn't work
MP 56         CacheControlUtil.noBackButtonCacheControlHeader();
57
7124d2 58         if (renew) {
f75caf 59             authenticationSession.setClientNote(CASLoginProtocol.RENEW_PARAM, "true");
7124d2 60         }
3882f0 61         if (gateway) {
JK 62             authenticationSession.setClientNote(CASLoginProtocol.GATEWAY_PARAM, "true");
63         }
891484 64         if (isSaml11Request) {
DR 65             // Flag the session so we can return the ticket as "SAMLart" in the response
66             authenticationSession.setClientNote(CASLoginProtocol.TARGET_PARAM, "true");
67         }
7124d2 68
7f7e0c 69         this.event.event(EventType.LOGIN);
dee145 70         return handleBrowserAuthenticationRequest(authenticationSession, new CASLoginProtocol(session, realm, session.getContext().getUri(), headers, event), gateway, false);
7f7e0c 71     }
MP 72
73     private void checkClient(String service) {
74         if (service == null) {
75             event.error(Errors.INVALID_REQUEST);
6638b8 76             throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM);
7f7e0c 77         }
MP 78
79         client = realm.getClients().stream()
80                 .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol()))
019db5 81                 .filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null)
7f7e0c 82                 .findFirst().orElse(null);
MP 83         if (client == null) {
84             event.error(Errors.CLIENT_NOT_FOUND);
6638b8 85             throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND);
7f7e0c 86         }
MP 87
88         if (!client.isEnabled()) {
89             event.error(Errors.CLIENT_DISABLED);
6638b8 90             throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED);
7f7e0c 91         }
MP 92
019db5 93         redirectUri = RedirectUtils.verifyRedirectUri(session, service, client);
7f7e0c 94
MP 95         event.client(client.getClientId());
96         event.detail(Details.REDIRECT_URI, redirectUri);
97
98         session.getContext().setClient(client);
99     }
100
f75caf 101     private void updateAuthenticationSession() {
MP 102         authenticationSession.setProtocol(CASLoginProtocol.LOGIN_PROTOCOL);
103         authenticationSession.setRedirectUri(redirectUri);
104         authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
7f7e0c 105     }
MP 106 }