From 7124d21d6c61cd510d93a888f53802de910f4d64 Mon Sep 17 00:00:00 2001
From: Matthias Piepkorn <mpiepk@gmail.com>
Date: Sun, 29 Jan 2017 15:05:44 +0000
Subject: [PATCH] Fix handling of 'renew' parameter

---
 src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java
index 28fbd50..edfa129 100644
--- a/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java
+++ b/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java
@@ -56,7 +56,7 @@
         MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
         String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM);
         String ticket = params.getFirst(CASLoginProtocol.TICKET_PARAM);
-        boolean renew = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.RENEW_PARAM));
+        boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);
 
         event.event(EventType.CODE_TO_TOKEN);
 
@@ -154,6 +154,11 @@
 
         parseResult.getCode().setAction(null);
 
+        if (requireReauth && AuthenticationManager.isSSOAuthentication(clientSession)) {
+            event.error(Errors.SESSION_EXPIRED);
+            throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Interactive authentication was requested but not performed", Response.Status.BAD_REQUEST);
+        }
+
         UserSessionModel userSession = clientSession.getUserSession();
 
         if (userSession == null) {

--
Gitblit v1.9.1