mirror of https://github.com/jacekkow/keycloak-protocol-cas

Jacek Kowalski
2023-04-26 fe16b8019010fe752d45e8204f50d186a0fa150a
commit | author | age
7f7e0c 1 package org.keycloak.protocol.cas.endpoints;
MP 2
3 import org.jboss.logging.Logger;
4 import org.keycloak.events.Details;
5 import org.keycloak.events.Errors;
6 import org.keycloak.events.EventBuilder;
7 import org.keycloak.events.EventType;
8 import org.keycloak.models.ClientModel;
58cce9 9 import org.keycloak.models.KeycloakSession;
7f7e0c 10 import org.keycloak.protocol.AuthorizationEndpointBase;
MP 11 import org.keycloak.protocol.cas.CASLoginProtocol;
12 import org.keycloak.protocol.oidc.utils.RedirectUtils;
13 import org.keycloak.services.ErrorPageException;
14 import org.keycloak.services.messages.Messages;
15 import org.keycloak.services.util.CacheControlUtil;
f75caf 16 import org.keycloak.sessions.AuthenticationSessionModel;
7f7e0c 17
MP 18 import javax.ws.rs.GET;
19 import javax.ws.rs.core.MultivaluedMap;
20 import javax.ws.rs.core.Response;
21
22 public class AuthorizationEndpoint extends AuthorizationEndpointBase {
23     private static final Logger logger = Logger.getLogger(AuthorizationEndpoint.class);
24
25     private ClientModel client;
f75caf 26     private AuthenticationSessionModel authenticationSession;
7f7e0c 27     private String redirectUri;
MP 28
58cce9 29     public AuthorizationEndpoint(KeycloakSession session, EventBuilder event) {
G 30         super(session, event);
7f7e0c 31         event.event(EventType.LOGIN);
MP 32     }
33
34     @GET
35     public Response build() {
dee145 36         MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters();
7f7e0c 37         String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM);
891484 38
DR 39         boolean isSaml11Request = false;
40         if (service == null && params.containsKey(CASLoginProtocol.TARGET_PARAM)) {
41             // SAML 1.1 authorization uses the TARGET parameter instead of service
42             service = params.getFirst(CASLoginProtocol.TARGET_PARAM);
43             isSaml11Request = true;
44         }
7124d2 45         boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);
MP 46         boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM);
7f7e0c 47
MP 48         checkSsl();
49         checkRealm();
50         checkClient(service);
51
6638b8 52         authenticationSession = createAuthenticationSession(client, null);
f75caf 53         updateAuthenticationSession();
MP 54
7f7e0c 55         // So back button doesn't work
58cce9 56         CacheControlUtil.noBackButtonCacheControlHeader(session);
7f7e0c 57
7124d2 58         if (renew) {
f75caf 59             authenticationSession.setClientNote(CASLoginProtocol.RENEW_PARAM, "true");
7124d2 60         }
3882f0 61         if (gateway) {
JK 62             authenticationSession.setClientNote(CASLoginProtocol.GATEWAY_PARAM, "true");
63         }
891484 64         if (isSaml11Request) {
DR 65             // Flag the session so we can return the ticket as "SAMLart" in the response
66             authenticationSession.setClientNote(CASLoginProtocol.TARGET_PARAM, "true");
67         }
7124d2 68
7f7e0c 69         this.event.event(EventType.LOGIN);
dee145 70         return handleBrowserAuthenticationRequest(authenticationSession, new CASLoginProtocol(session, realm, session.getContext().getUri(), headers, event), gateway, false);
7f7e0c 71     }
MP 72
73     private void checkClient(String service) {
74         if (service == null) {
75             event.error(Errors.INVALID_REQUEST);
6638b8 76             throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM);
7f7e0c 77         }
MP 78
b88dc3 79         event.detail(Details.REDIRECT_URI, service);
AP 80
ea9555 81         client = realm.getClientsStream()
7f7e0c 82                 .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol()))
019db5 83                 .filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null)
7f7e0c 84                 .findFirst().orElse(null);
MP 85         if (client == null) {
86             event.error(Errors.CLIENT_NOT_FOUND);
6638b8 87             throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND);
7f7e0c 88         }
MP 89
90         if (!client.isEnabled()) {
91             event.error(Errors.CLIENT_DISABLED);
6638b8 92             throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED);
7f7e0c 93         }
MP 94
019db5 95         redirectUri = RedirectUtils.verifyRedirectUri(session, service, client);
7f7e0c 96
MP 97         event.client(client.getClientId());
98         event.detail(Details.REDIRECT_URI, redirectUri);
99
100         session.getContext().setClient(client);
101     }
102
f75caf 103     private void updateAuthenticationSession() {
MP 104         authenticationSession.setProtocol(CASLoginProtocol.LOGIN_PROTOCOL);
105         authenticationSession.setRedirectUri(redirectUri);
106         authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
7f7e0c 107     }
MP 108 }