From 32997b7c31fc3b27a8df6911e0f8e8e1bcc58437 Mon Sep 17 00:00:00 2001
From: Jakub Malinowski <jakub@malinowski.net.pl>
Date: Wed, 30 Oct 2024 09:05:21 +0000
Subject: [PATCH] #129 Client session note service ticket fix

---
 README.md |   66 ++++++++++++++++++++++-----------
 1 files changed, 44 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md
index cfdd4a1..3c48f4b 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,13 @@
 # keycloak-protocol-cas
-This plugin for Keycloak Identity and Access Management (http://www.keycloak.org) adds the CAS 3.0 SSO protocol as an available client protocol to the Keycloak system. It implements the required Service Provider Interfaces (SPIs) for a Login Protocol and will be picked up and made available by Keycloak automatically once installed.
 
-[![Build Status](https://travis-ci.org/Doccrazy/keycloak-protocol-cas.svg?branch=master)](https://travis-ci.org/Doccrazy/keycloak-protocol-cas)
+This plugin for Keycloak Identity and Access Management (http://www.keycloak.org) adds the CAS 3.0 SSO protocol
+as an available client protocol to the Keycloak system. It implements the required Service Provider Interfaces (SPIs)
+for a Login Protocol and will be picked up and made available by Keycloak automatically once installed.
+
+![Build status](https://github.com/jacekkow/keycloak-protocol-cas/workflows/Release/badge.svg)
 
 ## Features
+
 The following CAS features are currently implemented:
 * CAS 1.0/2.0/3.0 compliant Login/Logout and Service Ticket Validation
 * Single Logout (SLO)
@@ -11,39 +15,57 @@
 * JSON and XML response types
 * Mapping of custom user attributes to CAS assertion attributes
 
-The following features are **currently missing**:
-* #2: Proxy ticket service and proxy ticket validation [CAS 2.0]
-* #1: SAML request/response [CAS 3.0 - optional]
+The following features are **missing**:
+* SAML request/response [CAS 3.0 - optional]
 
 The following features are out of scope:
 * Long-Term Tickets - Remember-Me [CAS 3.0 - optional]
 
+## Compatibility
+
+The CAS plugin has been tested against the same Keycloak version as the plugin version.
+
+As a rule of thumb plugin version should **match your Keycloak version**.
+
 ## Installation
-The CAS plugin has been tested against the following Keycloak versions. Please ensure your version is compatible before deploying.  
-Please report test results with other versions!
 
-Plugin version | Keycloak 2.5.x | Keycloak 3.0.x | Keycloak 3.1.x | Keycloak 3.2.x | Keycloak 3.3.x | Keycloak 3.4.x
------------- | ------------- | ------------- | ------------- | ------------- | ------------- | -------------
-1.x |  :white_check_mark: |  :white_check_mark: |  :white_check_mark: |  :x: |  :x: |  :x:
-2.x |  :x: |  :x: |  :x: |  :white_check_mark: | :white_check_mark: | :white_check_mark:
+Quarkus is the default distribution method of Keycloak 17.0.0 and newer. For legacy installations using WildFly, please refer to the [old README](https://github.com/jacekkow/keycloak-protocol-cas/blob/16.1.1/README.md).
 
-1. Download the latest release compatible with your Keycloak version from the [releases page](https://github.com/Doccrazy/keycloak-protocol-cas/releases)
-2. Copy the JAR file into the `standalone/deployments` directory in your Keycloak server's root
-3. Restart Keycloak (optional, hot deployment should work)
+1. Download the latest release compatible with your Keycloak version from the [releases page](https://github.com/jacekkow/keycloak-protocol-cas/releases).
+2. Put the downloaded JAR file into the `providers/` directory inside Keycloak installation folder. If necessary, adjust the permissions/ownership so that the user Keycloak runs as is able to read this file.
+3. Stop the Keycloak server.
+4. (Re-)build the installation using `kc.sh build` command.
+5. Start the Keycloak: `kc.sh start`
+
+Remember to update plugin artifact with each Keycloak server upgrade!
 
 ## Configuration
-To use the new protocol, you have to create a client within Keycloak as usual.  
-**Important: Due to [KEYCLOAK-4270](https://issues.jboss.org/browse/KEYCLOAK-4270), you may have to select the `openid-connect` protocol when creating the client and change it after saving. This has been fixed in Keycloak 3.0.0.**  
-As the CAS protocol does not transmit a client ID, the client will be identified by the redirect URIs (mapped to CAS service). No further configuration is necessary.
 
-Enter `https://your.keycloak.host/auth/realms/master/protocol/cas` as the CAS URL into your SP.
+To use the new protocol, you have to create a client within Keycloak as usual, selecting `cas` as protocol.
+As there is no client ID indication in protocol, the client will be identified by the redirect URIs
+configured in Keycloak.
+
+Enter `https://your.keycloak.host/realms/master/protocol/cas` as the CAS URL into your SP.
+This assumes that you use the default `master` realm - if not, modify the URL accordingly.
+
+Note that some client implementations require you to enter login and validate URLs, not CAS URL!
+This manifests with "Page Not Found" error on login attempt
+(see [issue #27](https://github.com/jacekkow/keycloak-protocol-cas/issues/27) for example).
+In such case append `/login` to the CAS URL to get the "login URL".
+Similarly append `/serviceValidate` to get the "validate URL".
 
 ## Disclaimer
-This plugin was implemented from scratch to comply to the official CAS protocol specification, and is based heavily on the OpenID Connect implementation in Keycloak.  
+
+This plugin was implemented from scratch to comply to the official CAS protocol specification,
+and is based heavily on the OpenID Connect implementation in Keycloak.
 It is licensed under the Apache License 2.0.
 
+This repo is a fork of https://github.com/Doccrazy/keycloak-protocol-cas
+and includes changes for Keycloak 8 and newer that were not merged by the owner for half a year.
+
 ## References
-[1] http://www.keycloak.org  
-[2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol)  
-[3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html  
+
+[1] https://www.keycloak.org/
+[2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol)
+[3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html
 [4] https://keycloak.gitbooks.io/server-developer-guide/content/topics/providers.html

--
Gitblit v1.9.1