From 5a0869a771f65f87fa2a4ed402fb1f3597b92198 Mon Sep 17 00:00:00 2001 From: Matthias Piepkorn <mpiepk@gmail.com> Date: Sun, 05 Feb 2017 11:32:25 +0000 Subject: [PATCH] Handle service ticket validation on proxyValidate endpoint, return error on proxy endpoint --- src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java | 10 ++++++++-- 1 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java index 28fbd50..b2b0702 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java @@ -20,7 +20,7 @@ import javax.ws.rs.core.*; public class ValidateEndpoint { - protected static final Logger logger = Logger.getLogger(org.keycloak.protocol.oidc.endpoints.LogoutEndpoint.class); + protected static final Logger logger = Logger.getLogger(ValidateEndpoint.class); private static final String RESPONSE_OK = "yes\n"; private static final String RESPONSE_FAILED = "no\n"; @@ -56,7 +56,7 @@ MultivaluedMap<String, String> params = uriInfo.getQueryParameters(); String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM); String ticket = params.getFirst(CASLoginProtocol.TICKET_PARAM); - boolean renew = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.RENEW_PARAM)); + boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM); event.event(EventType.CODE_TO_TOKEN); @@ -152,8 +152,14 @@ throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST); } + clientSession.setNote(CASLoginProtocol.SESSION_SERVICE_TICKET, ticket); parseResult.getCode().setAction(null); + if (requireReauth && AuthenticationManager.isSSOAuthentication(clientSession)) { + event.error(Errors.SESSION_EXPIRED); + throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Interactive authentication was requested but not performed", Response.Status.BAD_REQUEST); + } + UserSessionModel userSession = clientSession.getUserSession(); if (userSession == null) { -- Gitblit v1.9.1