From b1c0c9d40edcf1877698afb865f46c7f498ce7d7 Mon Sep 17 00:00:00 2001 From: Jacek Kowalski <Jacek@jacekk.info> Date: Thu, 27 Apr 2023 20:49:29 +0000 Subject: [PATCH] GitHub Actions: limit permissions of GITHUB_TOKEN --- src/main/java/org/keycloak/protocol/cas/utils/LogoutHelper.java | 11 +++++++++-- 1 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/keycloak/protocol/cas/utils/LogoutHelper.java b/src/main/java/org/keycloak/protocol/cas/utils/LogoutHelper.java index ec365cd..5e26e8d 100644 --- a/src/main/java/org/keycloak/protocol/cas/utils/LogoutHelper.java +++ b/src/main/java/org/keycloak/protocol/cas/utils/LogoutHelper.java @@ -2,8 +2,11 @@ import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; +import org.apache.http.NameValuePair; import org.apache.http.client.HttpClient; +import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.HttpPost; +import org.apache.http.message.BasicNameValuePair; import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; import org.keycloak.connections.httpclient.HttpClientProvider; @@ -16,6 +19,8 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.UUID; +import java.util.LinkedList; +import java.util.List; public class LogoutHelper { //although it looks alike, the CAS SLO protocol has nothing to do with SAML; so we build the format @@ -25,12 +30,14 @@ " <samlp:SessionIndex>$SESSION_IDENTIFIER</samlp:SessionIndex>\n" + "</samlp:LogoutRequest>"; - public static HttpEntity buildSingleLogoutRequest(String serviceTicket) { + public static HttpEntity buildSingleLogoutRequest(String serviceTicket) throws IOException { String id = "ID_" + UUID.randomUUID().toString(); String issueInstant = new SimpleDateFormat("yyyy-MM-dd'T'H:mm:ss").format(new Date()); String document = TEMPLATE.replace("$ID", id).replace("$ISSUE_INSTANT", issueInstant) .replace("$SESSION_IDENTIFIER", serviceTicket); - return new StringEntity(document, ContentType.APPLICATION_XML.withCharset(StandardCharsets.UTF_8)); + List<NameValuePair> parameters = new LinkedList<>(); + parameters.add(new BasicNameValuePair("logoutRequest", document)); + return new UrlEncodedFormEntity(parameters); } public static void postWithRedirect(KeycloakSession session, String url, HttpEntity postBody) throws IOException { -- Gitblit v1.9.1