From 755fd78fa0ee0f2a67417a119382c63e02c1091e Mon Sep 17 00:00:00 2001
From: Alexandre Rocha Wendling <alexandrerw@celepar.pr.gov.br>
Date: Tue, 16 Jul 2024 14:15:23 +0000
Subject: [PATCH] Proxy ticket service and proxy ticket validation Proxy endpoints improvements suggested by Jacek Kowalski Add ticket type to storage key Rename isreuse to isReusable Remove "parsing" of "codeUUID" that is String, not UUID Improve error reporting in CAS ticket validation

---
 README.md |   20 +++++++++++++++-----
 1 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 87b69d4..3c48f4b 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,6 @@
 
 The following features are **missing**:
 * SAML request/response [CAS 3.0 - optional]
-* Proxy ticket service and proxy ticket validation [CAS 2.0]
 
 The following features are out of scope:
 * Long-Term Tickets - Remember-Me [CAS 3.0 - optional]
@@ -30,10 +29,13 @@
 
 ## Installation
 
-Installation of a compatible plugin version is simple and can be done without a Keycloak server restart.
+Quarkus is the default distribution method of Keycloak 17.0.0 and newer. For legacy installations using WildFly, please refer to the [old README](https://github.com/jacekkow/keycloak-protocol-cas/blob/16.1.1/README.md).
 
 1. Download the latest release compatible with your Keycloak version from the [releases page](https://github.com/jacekkow/keycloak-protocol-cas/releases).
-2. Copy the JAR file into the `standalone/deployments` directory in your Keycloak server's root.
+2. Put the downloaded JAR file into the `providers/` directory inside Keycloak installation folder. If necessary, adjust the permissions/ownership so that the user Keycloak runs as is able to read this file.
+3. Stop the Keycloak server.
+4. (Re-)build the installation using `kc.sh build` command.
+5. Start the Keycloak: `kc.sh start`
 
 Remember to update plugin artifact with each Keycloak server upgrade!
 
@@ -43,7 +45,14 @@
 As there is no client ID indication in protocol, the client will be identified by the redirect URIs
 configured in Keycloak.
 
-Enter `https://your.keycloak.host/auth/realms/master/protocol/cas` as the CAS URL into your SP.
+Enter `https://your.keycloak.host/realms/master/protocol/cas` as the CAS URL into your SP.
+This assumes that you use the default `master` realm - if not, modify the URL accordingly.
+
+Note that some client implementations require you to enter login and validate URLs, not CAS URL!
+This manifests with "Page Not Found" error on login attempt
+(see [issue #27](https://github.com/jacekkow/keycloak-protocol-cas/issues/27) for example).
+In such case append `/login` to the CAS URL to get the "login URL".
+Similarly append `/serviceValidate` to get the "validate URL".
 
 ## Disclaimer
 
@@ -55,7 +64,8 @@
 and includes changes for Keycloak 8 and newer that were not merged by the owner for half a year.
 
 ## References
-[1] http://www.keycloak.org
+
+[1] https://www.keycloak.org/
 [2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol)
 [3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html
 [4] https://keycloak.gitbooks.io/server-developer-guide/content/topics/providers.html

--
Gitblit v1.9.1