From fb26284c00e09e656732eb7ca4570afd052e0067 Mon Sep 17 00:00:00 2001 From: Jacek Kowalski <Jacek@jacekk.info> Date: Fri, 21 Jun 2024 11:47:01 +0000 Subject: [PATCH] Improve error reporting in CAS ticket validation --- src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java | 28 ++++++++++++++++------------ 1 files changed, 16 insertions(+), 12 deletions(-) diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java index 3d7f3c3..211a0c9 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/SamlValidateEndpoint.java @@ -1,8 +1,14 @@ package org.keycloak.protocol.cas.endpoints; +import jakarta.ws.rs.Consumes; +import jakarta.ws.rs.POST; +import jakarta.ws.rs.Produces; +import jakarta.ws.rs.core.MultivaluedMap; +import jakarta.ws.rs.core.Response; import org.keycloak.dom.saml.v1.protocol.SAML11ResponseType; import org.keycloak.events.EventBuilder; import org.keycloak.events.EventType; +import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.protocol.cas.CASLoginProtocol; @@ -12,33 +18,31 @@ import org.keycloak.services.Urls; import org.xml.sax.InputSource; -import javax.ws.rs.Consumes; -import javax.ws.rs.POST; -import javax.ws.rs.Produces; -import javax.ws.rs.core.MultivaluedMap; -import javax.ws.rs.core.Response; import javax.xml.namespace.NamespaceContext; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathExpression; import javax.xml.xpath.XPathExpressionException; import javax.xml.xpath.XPathFactory; import java.io.StringReader; -import java.util.*; +import java.util.Collections; +import java.util.Iterator; +import java.util.Map; +import java.util.Optional; import static org.keycloak.protocol.cas.CASLoginProtocol.TARGET_PARAM; public class SamlValidateEndpoint extends AbstractValidateEndpoint { - public SamlValidateEndpoint(RealmModel realm, EventBuilder event) { - super(realm, event.event(EventType.CODE_TO_TOKEN)); + public SamlValidateEndpoint(KeycloakSession session, RealmModel realm, EventBuilder event) { + super(session, realm, event.event(EventType.CODE_TO_TOKEN)); } @POST @Consumes("text/xml;charset=utf-8") @Produces("text/xml;charset=utf-8") public Response validate(String input) { - MultivaluedMap<String, String> queryParams = request.getUri().getQueryParameters(); + MultivaluedMap<String, String> queryParams = session.getContext().getUri().getQueryParameters(); try { - String soapAction = Optional.ofNullable(request.getHttpHeaders().getHeaderString("SOAPAction")).map(s -> s.trim().replace("\"", "")).orElse(""); + String soapAction = Optional.ofNullable(session.getContext().getRequestHeaders().getHeaderString("SOAPAction")).map(s -> s.trim().replace("\"", "")).orElse(""); if (!soapAction.equals("http://www.oasis-open.org/committees/security")) { throw new CASValidationException(CASErrorCode.INTERNAL_ERROR, "Not a validation request", Response.Status.BAD_REQUEST); } @@ -49,10 +53,10 @@ checkRealm(); checkSsl(); checkClient(service); - String issuer = Urls.realmIssuer(request.getUri().getBaseUri(), realm.getName()); + String issuer = Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()); String ticket = getTicket(input); - checkTicket(ticket, renew); + checkTicket(ticket, CASLoginProtocol.SERVICE_TICKET_PREFIX, renew); UserModel user = clientSession.getUserSession().getUser(); Map<String, Object> attributes = getUserAttributes(); -- Gitblit v1.9.1