mirror of https://github.com/jacekkow/keycloak-protocol-cas

Jakub Malinowski
2024-10-30 32997b7c31fc3b27a8df6911e0f8e8e1bcc58437
#129 Client session note service ticket fix
2 files modified
6 ■■■■ changed files
src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java 4 ●●●● patch | view | raw | blame | history
src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java 2 ●●● patch | view | raw | blame | history
src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java
@@ -44,7 +44,7 @@
    public static final String PROXY_GRANTING_TICKET_IOU_PREFIX = "PGTIOU-";
    public static final String PROXY_GRANTING_TICKET_PREFIX = "PGT-";
    public static final String PROXY_TICKET_PREFIX = "PT-";
    public static final String SESSION_SERVICE_TICKET = "service_ticket";
    public static final String SESSION_TICKET = "service_ticket";
    public static final String LOGOUT_REDIRECT_URI = "CAS_LOGOUT_REDIRECT_URI";
@@ -142,7 +142,7 @@
    @Override
    public Response backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
        String logoutUrl = clientSession.getRedirectUri();
        String serviceTicket = clientSession.getNote(CASLoginProtocol.SESSION_SERVICE_TICKET);
        String serviceTicket = clientSession.getNote(CASLoginProtocol.SESSION_TICKET);
        //check if session is fully authenticated (i.e. serviceValidate has been called)
        if (serviceTicket != null && !serviceTicket.isEmpty()) {
            sendSingleLogoutRequest(logoutUrl, serviceTicket);
src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java
@@ -151,7 +151,7 @@
            throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
        }
        clientSession.setNote(prefix, ticket);
        clientSession.setNote(CASLoginProtocol.SESSION_TICKET, ticket);
        if (requireReauth && AuthenticationManager.isSSOAuthentication(clientSession)) {
            event.error(Errors.SESSION_EXPIRED);