mirror of https://github.com/jacekkow/keycloak-protocol-cas

github-actions
2024-11-22 22bf9bbfea68a3e71d80c31ecff64e6c9d460554
src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java
@@ -1,8 +1,14 @@
package org.keycloak.protocol.cas.endpoints;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import org.keycloak.dom.saml.v1.protocol.SAML11ResponseType;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.cas.CASLoginProtocol;
@@ -12,33 +18,31 @@
import org.keycloak.services.Urls;
import org.xml.sax.InputSource;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.xml.namespace.NamespaceContext;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import java.io.StringReader;
import java.util.*;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import static org.keycloak.protocol.cas.CASLoginProtocol.TARGET_PARAM;
public class SamlValidateEndpoint extends AbstractValidateEndpoint {
    public SamlValidateEndpoint(RealmModel realm, EventBuilder event) {
        super(realm, event.event(EventType.CODE_TO_TOKEN));
    public SamlValidateEndpoint(KeycloakSession session, RealmModel realm, EventBuilder event) {
        super(session, realm, event.event(EventType.CODE_TO_TOKEN));
    }
    @POST
    @Consumes("text/xml;charset=utf-8")
    @Produces("text/xml;charset=utf-8")
    public Response validate(String input) {
        MultivaluedMap<String, String> queryParams = request.getUri().getQueryParameters();
        MultivaluedMap<String, String> queryParams = session.getContext().getUri().getQueryParameters();
        try {
            String soapAction = Optional.ofNullable(request.getHttpHeaders().getHeaderString("SOAPAction")).map(s -> s.trim().replace("\"", "")).orElse("");
            String soapAction = Optional.ofNullable(session.getContext().getRequestHeaders().getHeaderString("SOAPAction")).map(s -> s.trim().replace("\"", "")).orElse("");
            if (!soapAction.equals("http://www.oasis-open.org/committees/security")) {
                throw new CASValidationException(CASErrorCode.INTERNAL_ERROR, "Not a validation request", Response.Status.BAD_REQUEST);
            }
@@ -49,10 +53,10 @@
            checkRealm();
            checkSsl();
            checkClient(service);
            String issuer = Urls.realmIssuer(request.getUri().getBaseUri(), realm.getName());
            String issuer = Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName());
            String ticket = getTicket(input);
            checkTicket(ticket, renew);
            checkTicket(ticket, CASLoginProtocol.SERVICE_TICKET_PREFIX, renew);
            UserModel user = clientSession.getUserSession().getUser();
            Map<String, Object> attributes = getUserAttributes();