From 655123c67bbcb1c2e3d56f3b56942d82b430112c Mon Sep 17 00:00:00 2001
From: Laurent Meunier <lme@atolcd.com>
Date: Fri, 21 Jun 2024 09:47:31 +0000
Subject: [PATCH] Fix NPE in backchannel logout
---
src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java | 28 ++++++++++++++++------------
1 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java
index 3d7f3c3..211a0c9 100644
--- a/src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java
+++ b/src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java
@@ -1,8 +1,14 @@
package org.keycloak.protocol.cas.endpoints;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
import org.keycloak.dom.saml.v1.protocol.SAML11ResponseType;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
+import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.cas.CASLoginProtocol;
@@ -12,33 +18,31 @@
import org.keycloak.services.Urls;
import org.xml.sax.InputSource;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
import javax.xml.namespace.NamespaceContext;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import java.io.StringReader;
-import java.util.*;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Optional;
import static org.keycloak.protocol.cas.CASLoginProtocol.TARGET_PARAM;
public class SamlValidateEndpoint extends AbstractValidateEndpoint {
- public SamlValidateEndpoint(RealmModel realm, EventBuilder event) {
- super(realm, event.event(EventType.CODE_TO_TOKEN));
+ public SamlValidateEndpoint(KeycloakSession session, RealmModel realm, EventBuilder event) {
+ super(session, realm, event.event(EventType.CODE_TO_TOKEN));
}
@POST
@Consumes("text/xml;charset=utf-8")
@Produces("text/xml;charset=utf-8")
public Response validate(String input) {
- MultivaluedMap<String, String> queryParams = request.getUri().getQueryParameters();
+ MultivaluedMap<String, String> queryParams = session.getContext().getUri().getQueryParameters();
try {
- String soapAction = Optional.ofNullable(request.getHttpHeaders().getHeaderString("SOAPAction")).map(s -> s.trim().replace("\"", "")).orElse("");
+ String soapAction = Optional.ofNullable(session.getContext().getRequestHeaders().getHeaderString("SOAPAction")).map(s -> s.trim().replace("\"", "")).orElse("");
if (!soapAction.equals("http://www.oasis-open.org/committees/security")) {
throw new CASValidationException(CASErrorCode.INTERNAL_ERROR, "Not a validation request", Response.Status.BAD_REQUEST);
}
@@ -49,10 +53,10 @@
checkRealm();
checkSsl();
checkClient(service);
- String issuer = Urls.realmIssuer(request.getUri().getBaseUri(), realm.getName());
+ String issuer = Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName());
String ticket = getTicket(input);
- checkTicket(ticket, renew);
+ checkTicket(ticket, CASLoginProtocol.SERVICE_TICKET_PREFIX, renew);
UserModel user = clientSession.getUserSession().getUser();
Map<String, Object> attributes = getUserAttributes();
--
Gitblit v1.9.1