.github/workflows/release.yml

@@ -9,107 +9,12 @@

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        name: Checkout code
        uses: actions/checkout@v4

      - id: java
        name: Install Java and Maven
        uses: actions/setup-java@v4
        with:
          distribution: zulu
          java-version: 17

      - id: vars
        name: Get project variables
        run: |
          echo -n "keycloakVersion=" >> $GITHUB_OUTPUT
          mvn -q help:evaluate -Dexpression=keycloak.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT
          echo -n "artifactId=" >> $GITHUB_OUTPUT
          mvn -q help:evaluate -Dexpression=project.artifactId -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT
          echo -n "projectName=" >> $GITHUB_OUTPUT
          mvn -q help:evaluate -Dexpression=project.name -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z :,.-]+$' >> $GITHUB_OUTPUT
          echo -n "projectVersion=" >> $GITHUB_OUTPUT
          mvn -q help:evaluate -Dexpression=project.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT

      - name: Build project
        run: |
          mvn -B test package

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: jar
          path: target/${{ steps.vars.outputs.artifactId }}-${{ steps.vars.outputs.projectVersion }}.jar
          if-no-files-found: error

    outputs:
      artifact_id: ${{ steps.vars.outputs.artifactId }}
      keycloak_version: ${{ steps.vars.outputs.keycloakVersion }}
      project_name: ${{ steps.vars.outputs.projectName }}
      project_version: ${{ steps.vars.outputs.projectVersion }}

  test:
    name: Test
    runs-on: ubuntu-latest
    needs: build
    steps:
      - id: checkout
        name: Checkout code
        uses: actions/checkout@v4

      - id: download_artifact
        name: Download artifact
        uses: actions/download-artifact@v4
        with:
          name: jar

      - id: create_container
        name: Create Keycloak container
        run: |
          docker run -i -t -d -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -p 8080:8080 --name keycloak "quay.io/keycloak/keycloak:${{ needs.build.outputs.keycloak_version }}" start-dev

      - id: deploy
        name: Deploy artifact
        run: |
          CONTAINER="keycloak"
          NAME="${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar"
          FILE="/opt/keycloak/providers/${NAME}"
          docker cp "${NAME}" "${CONTAINER}:${FILE}"
          docker restart "${CONTAINER}"
          for i in {1..60}; do
            if curl --silent --max-time 1 -o /dev/null http://localhost:8080; then
                echo && echo "Deployment succeeded!" && exit 0
            else
                sleep 1
                echo -n "."
            fi
          done
          echo && echo "Deployment timeout!" && exit 1

      - id: configure_keycloak
        name: Configure Keycloak
        run: |
          CONTAINER="keycloak"
          docker exec -i "${CONTAINER}" /bin/bash <<EOF
            /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin
            /opt/keycloak/bin/kcadm.sh create clients -r master -s clientId=test -s protocol=cas -s enabled=true -s publicClient=true \
              -s 'redirectUris=["http://localhost/*"]' -s baseUrl=http://localhost -s adminUrl=http://localhost
            /opt/keycloak/bin/kcadm.sh get serverinfo -r master --fields "providers(login-protocol(providers(cas)))" | grep cas
          EOF

      - id: run_tests
        name: Run tests
        run: |
          integrationTest/suite.sh
    uses: ./.github/workflows/test.yml

  release:
    name: Release
    runs-on: ubuntu-latest
    needs: [build, test]
    needs: [build]
    permissions:
      contents: write
    steps:

 .github/workflows/test.yml

@@ -1,5 +1,15 @@
on:
  pull_request:
  workflow_call:
    outputs:
      artifact_id:
        value: ${{ jobs.build.outputs.artifactId }}
      keycloak_version:
        value: ${{ jobs.build.outputs.keycloakVersion }}
      project_name:
        value: ${{ jobs.build.outputs.projectName }}
      project_version:
        value: ${{ jobs.build.outputs.projectVersion }}

name: Test


 src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java

@@ -44,7 +44,7 @@
    public static final String PROXY_GRANTING_TICKET_IOU_PREFIX = "PGTIOU-";
    public static final String PROXY_GRANTING_TICKET_PREFIX = "PGT-";
    public static final String PROXY_TICKET_PREFIX = "PT-";
    public static final String SESSION_SERVICE_TICKET = "service_ticket";
    public static final String SESSION_TICKET = "service_ticket";

    public static final String LOGOUT_REDIRECT_URI = "CAS_LOGOUT_REDIRECT_URI";

@@ -142,7 +142,7 @@
    @Override
    public Response backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
        String logoutUrl = clientSession.getRedirectUri();
        String serviceTicket = clientSession.getNote(CASLoginProtocol.SESSION_SERVICE_TICKET);
        String serviceTicket = clientSession.getNote(CASLoginProtocol.SESSION_TICKET);
        //check if session is fully authenticated (i.e. serviceValidate has been called)
        if (serviceTicket != null && !serviceTicket.isEmpty()) {
            sendSingleLogoutRequest(logoutUrl, serviceTicket);

 src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java

@@ -151,7 +151,7 @@
            throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
        }

        clientSession.setNote(prefix, ticket);
        clientSession.setNote(CASLoginProtocol.SESSION_TICKET, ticket);

        if (requireReauth && AuthenticationManager.isSSOAuthentication(clientSession)) {
            event.error(Errors.SESSION_EXPIRED);