mirror of https://github.com/jacekkow/keycloak-protocol-cas
blame | history | patch | commit | commitdiff | ignore whitespace
Jacek Kowalski
2024-07-16 3458cda2598eaebc3a85211f1f2ea9af8a9014a9 
 src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java


@@ -1,8 +1,14 @@


package org.keycloak.protocol.cas.endpoints;




import jakarta.ws.rs.Consumes;


import jakarta.ws.rs.POST;


import jakarta.ws.rs.Produces;


import jakarta.ws.rs.core.MultivaluedMap;


import jakarta.ws.rs.core.Response;


import org.keycloak.dom.saml.v1.protocol.SAML11ResponseType;


import org.keycloak.events.EventBuilder;


import org.keycloak.events.EventType;


import org.keycloak.models.KeycloakSession;


import org.keycloak.models.RealmModel;


import org.keycloak.models.UserModel;


import org.keycloak.protocol.cas.CASLoginProtocol;


@@ -12,33 +18,31 @@


import org.keycloak.services.Urls;


import org.xml.sax.InputSource;




import javax.ws.rs.Consumes;


import javax.ws.rs.POST;


import javax.ws.rs.Produces;


import javax.ws.rs.core.MultivaluedMap;


import javax.ws.rs.core.Response;


import javax.xml.namespace.NamespaceContext;


import javax.xml.xpath.XPath;


import javax.xml.xpath.XPathExpression;


import javax.xml.xpath.XPathExpressionException;


import javax.xml.xpath.XPathFactory;


import java.io.StringReader;


import java.util.*;


import java.util.Collections;


import java.util.Iterator;


import java.util.Map;


import java.util.Optional;




import static org.keycloak.protocol.cas.CASLoginProtocol.TARGET_PARAM;




public class SamlValidateEndpoint extends AbstractValidateEndpoint {


    public SamlValidateEndpoint(RealmModel realm, EventBuilder event) {


        super(realm, event.event(EventType.CODE_TO_TOKEN));


    public SamlValidateEndpoint(KeycloakSession session, RealmModel realm, EventBuilder event) {


        super(session, realm, event.event(EventType.CODE_TO_TOKEN));


    }




    @POST


    @Consumes("text/xml;charset=utf-8")


    @Produces("text/xml;charset=utf-8")


    public Response validate(String input) {


        MultivaluedMap<String, String> queryParams = request.getUri().getQueryParameters();


        MultivaluedMap<String, String> queryParams = session.getContext().getUri().getQueryParameters();


        try {


            String soapAction = Optional.ofNullable(request.getHttpHeaders().getHeaderString("SOAPAction")).map(s -> s.trim().replace("\"", "")).orElse("");


            String soapAction = Optional.ofNullable(session.getContext().getRequestHeaders().getHeaderString("SOAPAction")).map(s -> s.trim().replace("\"", "")).orElse("");


            if (!soapAction.equals("http://www.oasis-open.org/committees/security")) {


                throw new CASValidationException(CASErrorCode.INTERNAL_ERROR, "Not a validation request", Response.Status.BAD_REQUEST);


            }


@@ -49,10 +53,10 @@


            checkRealm();


            checkSsl();


            checkClient(service);


            String issuer = Urls.realmIssuer(request.getUri().getBaseUri(), realm.getName());


            String issuer = Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName());


            String ticket = getTicket(input);




            checkTicket(ticket, renew);


            checkTicket(ticket, CASLoginProtocol.SERVICE_TICKET_PREFIX, renew);


            UserModel user = clientSession.getUserSession().getUser();




            Map<String, Object> attributes = getUserAttributes();