From 7124d21d6c61cd510d93a888f53802de910f4d64 Mon Sep 17 00:00:00 2001 From: Matthias Piepkorn <mpiepk@gmail.com> Date: Sun, 29 Jan 2017 15:05:44 +0000 Subject: [PATCH] Fix handling of 'renew' parameter --- src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java index 28fbd50..edfa129 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java @@ -56,7 +56,7 @@ MultivaluedMap<String, String> params = uriInfo.getQueryParameters(); String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM); String ticket = params.getFirst(CASLoginProtocol.TICKET_PARAM); - boolean renew = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.RENEW_PARAM)); + boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM); event.event(EventType.CODE_TO_TOKEN); @@ -154,6 +154,11 @@ parseResult.getCode().setAction(null); + if (requireReauth && AuthenticationManager.isSSOAuthentication(clientSession)) { + event.error(Errors.SESSION_EXPIRED); + throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Interactive authentication was requested but not performed", Response.Status.BAD_REQUEST); + } + UserSessionModel userSession = clientSession.getUserSession(); if (userSession == null) { -- Gitblit v1.9.1