modules/keycloak-protocol-cas

			@@ -5,6 +5,7 @@
			import org.keycloak.common.util.KeycloakUriBuilder;
			import org.keycloak.events.EventBuilder;
			import org.keycloak.events.EventType;
			import org.keycloak.forms.login.LoginFormsProvider;
			import org.keycloak.models.*;
			import org.keycloak.protocol.LoginProtocol;
			import org.keycloak.protocol.cas.utils.LogoutHelper;
			@@ -32,6 +33,8 @@

			public static final String SERVICE_TICKET_PREFIX = "ST-";
			public static final String SESSION_SERVICE_TICKET = "service_ticket";

			public static final String LOGOUT_REDIRECT_URI = "CAS_LOGOUT_REDIRECT_URI";

			protected KeycloakSession session;
			protected RealmModel realm;
			@@ -131,9 +134,17 @@

			@Override
			public Response finishLogout(UserSessionModel userSession) {
			String redirectUri = userSession.getNote(CASLoginProtocol.LOGOUT_REDIRECT_URI);

			event.event(EventType.LOGOUT);
			event.user(userSession.getUser()).session(userSession).success();
			return Response.ok().build();
			LoginFormsProvider infoPage = session.getProvider(LoginFormsProvider.class).setSuccess("Logout successful");
			if (redirectUri != null) {
			infoPage.setAttribute("pageRedirectUri", redirectUri);
			} else {
			infoPage.setAttribute("skipLink", true);
			}
			return infoPage.createInfoPage();
			}

			@Override

			@@ -5,13 +5,18 @@
			import org.jboss.resteasy.spi.HttpRequest;
			import org.keycloak.common.ClientConnection;
			import org.keycloak.events.EventBuilder;
			import org.keycloak.models.ClientModel;
			import org.keycloak.models.KeycloakSession;
			import org.keycloak.models.RealmModel;
			import org.keycloak.models.UserSessionModel;
			import org.keycloak.protocol.cas.CASLoginProtocol;
			import org.keycloak.protocol.oidc.utils.RedirectUtils;
			import org.keycloak.services.ErrorPage;
			import org.keycloak.services.managers.AuthenticationManager;
			import org.keycloak.services.messages.Messages;

			import javax.ws.rs.GET;
			import javax.ws.rs.QueryParam;
			import javax.ws.rs.core.Context;
			import javax.ws.rs.core.HttpHeaders;
			import javax.ws.rs.core.Response;
			@@ -37,6 +42,8 @@

			private RealmModel realm;
			private EventBuilder event;
			private ClientModel client;
			private String redirectUri;

			public LogoutEndpoint(RealmModel realm, EventBuilder event) {
			this.realm = realm;
			@@ -45,18 +52,36 @@

			@GET
			@NoCache
			public Response logout() {
			public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) {
			checkClient(service);

			AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false);
			if (authResult != null) {
			UserSessionModel userSession = authResult.getSession();
			userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL);
			if (redirectUri != null) userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri);

			logger.debug("Initiating CAS browser logout");
			Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), uriInfo, clientConnection, headers);
			logger.debug("finishing CAS browser logout");
			return response;
			}
			return Response.ok().build();
			return ErrorPage.error(session, Messages.FAILED_LOGOUT);
			}

			private void checkClient(String service) {
			if (service == null) {
			return;
			}

			client = realm.getClients().stream()
			.filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol()))
			.filter(c -> RedirectUtils.verifyRedirectUri(uriInfo, service, realm, c) != null)
			.findFirst().orElse(null);
			if (client != null) {
			redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client);

			session.getContext().setClient(client);
			}
			}
			}

	src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java	13 ●●●●● patch \| view \| raw \| blame \| history
	src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java	29 ●●●●● patch \| view \| raw \| blame \| history