Commit 4a662000 authored by Matthias Piepkorn's avatar Matthias Piepkorn
Browse files

Show info page after successful logout, including a link to the passed service url

parent 6580a6e7
......@@ -5,6 +5,7 @@ import org.jboss.logging.Logger;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.*;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.cas.utils.LogoutHelper;
......@@ -33,6 +34,8 @@ public class CASLoginProtocol implements LoginProtocol {
public static final String SERVICE_TICKET_PREFIX = "ST-";
public static final String SESSION_SERVICE_TICKET = "service_ticket";
public static final String LOGOUT_REDIRECT_URI = "CAS_LOGOUT_REDIRECT_URI";
protected KeycloakSession session;
protected RealmModel realm;
protected UriInfo uriInfo;
......@@ -131,9 +134,17 @@ public class CASLoginProtocol implements LoginProtocol {
@Override
public Response finishLogout(UserSessionModel userSession) {
String redirectUri = userSession.getNote(CASLoginProtocol.LOGOUT_REDIRECT_URI);
event.event(EventType.LOGOUT);
event.user(userSession.getUser()).session(userSession).success();
return Response.ok().build();
LoginFormsProvider infoPage = session.getProvider(LoginFormsProvider.class).setSuccess("Logout successful");
if (redirectUri != null) {
infoPage.setAttribute("pageRedirectUri", redirectUri);
} else {
infoPage.setAttribute("skipLink", true);
}
return infoPage.createInfoPage();
}
@Override
......
......@@ -5,13 +5,18 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.cas.CASLoginProtocol;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.services.ErrorPage;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.messages.Messages;
import javax.ws.rs.GET;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
......@@ -37,6 +42,8 @@ public class LogoutEndpoint {
private RealmModel realm;
private EventBuilder event;
private ClientModel client;
private String redirectUri;
public LogoutEndpoint(RealmModel realm, EventBuilder event) {
this.realm = realm;
......@@ -45,18 +52,36 @@ public class LogoutEndpoint {
@GET
@NoCache
public Response logout() {
public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String service) {
checkClient(service);
AuthenticationManager.AuthResult authResult = AuthenticationManager.authenticateIdentityCookie(session, realm, false);
if (authResult != null) {
UserSessionModel userSession = authResult.getSession();
userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, CASLoginProtocol.LOGIN_PROTOCOL);
if (redirectUri != null) userSession.setNote(CASLoginProtocol.LOGOUT_REDIRECT_URI, redirectUri);
logger.debug("Initiating CAS browser logout");
Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), uriInfo, clientConnection, headers);
logger.debug("finishing CAS browser logout");
return response;
}
return Response.ok().build();
return ErrorPage.error(session, Messages.FAILED_LOGOUT);
}
private void checkClient(String service) {
if (service == null) {
return;
}
client = realm.getClients().stream()
.filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol()))
.filter(c -> RedirectUtils.verifyRedirectUri(uriInfo, service, realm, c) != null)
.findFirst().orElse(null);
if (client != null) {
redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client);
session.getContext().setClient(client);
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment