mirror of https://github.com/jacekkow/keycloak-protocol-cas
src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java
@@ -3,13 +3,15 @@ import org.apache.http.HttpEntity; import org.jboss.logging.Logger; import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.common.util.Time; import org.keycloak.events.EventBuilder; import org.keycloak.events.EventType; import org.keycloak.forms.login.LoginFormsProvider; import org.keycloak.models.*; import org.keycloak.protocol.LoginProtocol; import org.keycloak.protocol.cas.utils.LogoutHelper; import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.protocol.oidc.utils.OAuth2Code; import org.keycloak.protocol.oidc.utils.OAuth2CodeParser; import org.keycloak.services.managers.ResourceAdminManager; import org.keycloak.sessions.AuthenticationSessionModel; @@ -18,6 +20,7 @@ import javax.ws.rs.core.UriInfo; import java.io.IOException; import java.net.URI; import java.util.UUID; public class CASLoginProtocol implements LoginProtocol { private static final Logger logger = Logger.getLogger(CASLoginProtocol.class); @@ -86,14 +89,17 @@ } @Override public Response authenticated(UserSessionModel userSession, ClientSessionContext clientSessionCtx) { public Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx) { AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession(); ClientSessionCode<AuthenticatedClientSessionModel> accessCode = new ClientSessionCode<>(session, realm, clientSession); String service = clientSession.getRedirectUri(); String service = authSession.getRedirectUri(); //TODO validate service String code = accessCode.getOrGenerateCode(); OAuth2Code codeData = new OAuth2Code(UUID.randomUUID(), Time.currentTime() + userSession.getRealm().getAccessCodeLifespan(), null, null, authSession.getRedirectUri(), null, null); String code = OAuth2CodeParser.persistCode(session, clientSession, codeData); KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service); uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code);
@@ -3,7 +3,6 @@ import org.jboss.logging.Logger; import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.common.ClientConnection; import org.keycloak.events.Details; import org.keycloak.events.Errors; import org.keycloak.events.EventBuilder; import org.keycloak.models.*; @@ -12,9 +11,9 @@ import org.keycloak.protocol.cas.mappers.CASAttributeMapper; import org.keycloak.protocol.cas.representations.CASErrorCode; import org.keycloak.protocol.cas.utils.CASValidationException; import org.keycloak.protocol.oidc.utils.OAuth2CodeParser; import org.keycloak.protocol.oidc.utils.RedirectUtils; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.services.util.DefaultClientSessionContext; import javax.ws.rs.core.Context; @@ -93,13 +92,8 @@ String code = ticket.substring(CASLoginProtocol.SERVICE_TICKET_PREFIX.length()); String[] parts = code.split("\\."); if (parts.length == 4) { event.detail(Details.CODE_ID, parts[2]); } ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult = ClientSessionCode.parseResult(code, null, session, realm, client, event, AuthenticatedClientSessionModel.class); if (parseResult.isAuthSessionNotFound() || parseResult.isIllegalHash()) { OAuth2CodeParser.ParseResult parseResult = OAuth2CodeParser.parseCode(session, code, realm, event); if (parseResult.isIllegalCode()) { event.error(Errors.INVALID_CODE); // Attempt to use same code twice should invalidate existing clientSession @@ -113,7 +107,7 @@ clientSession = parseResult.getClientSession(); if (parseResult.isExpiredToken()) { if (parseResult.isExpiredCode()) { event.error(Errors.EXPIRED_CODE); throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST); }
