mirror of https://github.com/jacekkow/keycloak-protocol-cas
parent: 4a0a62f7 | patch | commit | ignore whitespace
Daniel Ramos
2022-03-30 89148473d76316a111e59740cbbd791be7d12017 
SAML 1.1 - return "SAMLart" instead of "ticket" if "TARGET" is specified
2 files modified
22 ■■■■■ changed files
src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java 11 ●●●●● patch | view | raw | blame | history
src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java 11 ●●●●● patch | view | raw | blame | history 
 src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java


@@ -36,6 +36,7 @@


    public static final String FORMAT_PARAM = "format";




    public static final String TICKET_RESPONSE_PARAM = "ticket";


    public static final String SAMLART_RESPONSE_PARAM = "SAMLart";




    public static final String SERVICE_TICKET_PREFIX = "ST-";


    public static final String SESSION_SERVICE_TICKET = "service_ticket";


@@ -102,7 +103,15 @@


        String code = OAuth2CodeParser.persistCode(session, clientSession, codeData);




        KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service);


        uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code);




        String loginTicket = SERVICE_TICKET_PREFIX + code;




        if (authSession.getClientNotes().containsKey(CASLoginProtocol.TARGET_PARAM)) {


            // This was a SAML 1.1 auth request so return the ticket ID as "SAMLart" instead of "ticket"


            uriBuilder.queryParam(SAMLART_RESPONSE_PARAM, loginTicket);


        } else {


            uriBuilder.queryParam(TICKET_RESPONSE_PARAM, loginTicket);


        }




        URI redirectUri = uriBuilder.build();






 src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java


@@ -35,6 +35,13 @@


    public Response build() {


        MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters();


        String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM);




        boolean isSaml11Request = false;


        if (service == null && params.containsKey(CASLoginProtocol.TARGET_PARAM)) {


            // SAML 1.1 authorization uses the TARGET parameter instead of service


            service = params.getFirst(CASLoginProtocol.TARGET_PARAM);


            isSaml11Request = true;


        }


        boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);


        boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM);




@@ -54,6 +61,10 @@


        if (gateway) {


            authenticationSession.setClientNote(CASLoginProtocol.GATEWAY_PARAM, "true");


        }


        if (isSaml11Request) {


            // Flag the session so we can return the ticket as "SAMLart" in the response


            authenticationSession.setClientNote(CASLoginProtocol.TARGET_PARAM, "true");


        }




        this.event.event(EventType.LOGIN);


        return handleBrowserAuthenticationRequest(authenticationSession, new CASLoginProtocol(session, realm, session.getContext().getUri(), headers, event), gateway, false);