Fix handling of 'renew' parameter

 src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java

@@ -31,15 +31,13 @@
    protected UriInfo uriInfo;
    protected HttpHeaders headers;
    protected EventBuilder event;
    private boolean requireReauth;

    public CASLoginProtocol(KeycloakSession session, RealmModel realm, UriInfo uriInfo, HttpHeaders headers, EventBuilder event, boolean requireReauth) {
    public CASLoginProtocol(KeycloakSession session, RealmModel realm, UriInfo uriInfo, HttpHeaders headers, EventBuilder event) {
        this.session = session;
        this.realm = realm;
        this.uriInfo = uriInfo;
        this.headers = headers;
        this.event = event;
        this.requireReauth = requireReauth;
    }

    public CASLoginProtocol() {
@@ -117,7 +115,7 @@

    @Override
    public boolean requireReauthentication(UserSessionModel userSession, ClientSessionModel clientSession) {
        return requireReauth;
        return "true".equals(clientSession.getNote(CASLoginProtocol.RENEW_PARAM));
    }

    @Override

 src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java

@@ -35,8 +35,8 @@
    public Response build() {
        MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
        String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM);
        boolean renew = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.RENEW_PARAM));
        boolean gateway = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.GATEWAY_PARAM));
        boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);
        boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM);

        checkSsl();
        checkRealm();
@@ -46,8 +46,12 @@
        // So back button doesn't work
        CacheControlUtil.noBackButtonCacheControlHeader();

        if (renew) {
            clientSession.setNote(CASLoginProtocol.RENEW_PARAM, "true");
        }

        this.event.event(EventType.LOGIN);
        return handleBrowserAuthenticationRequest(clientSession, new CASLoginProtocol(session, realm, uriInfo, headers, event, renew), gateway, false);
        return handleBrowserAuthenticationRequest(clientSession, new CASLoginProtocol(session, realm, uriInfo, headers, event), gateway, false);
    }

    private void checkSsl() {

 src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java

@@ -56,7 +56,7 @@
        MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
        String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM);
        String ticket = params.getFirst(CASLoginProtocol.TICKET_PARAM);
        boolean renew = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.RENEW_PARAM));
        boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);

        event.event(EventType.CODE_TO_TOKEN);

@@ -154,6 +154,11 @@

        parseResult.getCode().setAction(null);

        if (requireReauth && AuthenticationManager.isSSOAuthentication(clientSession)) {
            event.error(Errors.SESSION_EXPIRED);
            throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Interactive authentication was requested but not performed", Response.Status.BAD_REQUEST);
        }

        UserSessionModel userSession = clientSession.getUserSession();

        if (userSession == null) {