Commit 6638b842 authored by Matthias Piepkorn's avatar Matthias Piepkorn

update for Keycloak 3.4.3, version now matches Keycloak version

parent 0ae1021c
......@@ -13,12 +13,6 @@ services:
- docker
env:
# - KEYCLOAK_VERSION=2.5.5.Final
# - KEYCLOAK_VERSION=3.0.0.Final
# - KEYCLOAK_VERSION=3.1.0.Final
- KEYCLOAK_VERSION=3.2.1.Final
- KEYCLOAK_VERSION=3.3.0.Final
- KEYCLOAK_VERSION=3.4.0.Final
- KEYCLOAK_VERSION=3.4.3.Final
before_install:
......
......@@ -12,7 +12,7 @@ get_ticket() {
exit 1
fi
login_url=${BASH_REMATCH[1]}
login_url=${BASH_REMATCH[1]//&/&}
redirect_response=$(curl --fail --silent -D - -b /tmp/cookies --data 'username=admin&password=admin' "$login_url")
if [[ !($redirect_response =~ $ticket_pattern) ]] ; then
echo "No service ticket found in response"
......
......@@ -22,12 +22,12 @@
<groupId>org.keycloak</groupId>
<artifactId>keycloak-protocol-cas</artifactId>
<version>2.1.1-SNAPSHOT</version>
<version>3.4.3</version>
<name>Keycloak CAS Protocol</name>
<description />
<properties>
<keycloak.version>3.2.0.Final</keycloak.version>
<keycloak.version>${project.version}.Final</keycloak.version>
<jboss.logging.version>3.3.0.Final</jboss.logging.version>
<jboss.logging.tools.version>2.0.1.Final</jboss.logging.tools.version>
<junit.version>4.12</junit.version>
......
......@@ -12,13 +12,11 @@ import org.keycloak.protocol.cas.utils.LogoutHelper;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.CommonClientSessionModel;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URI;
public class CASLoginProtocol implements LoginProtocol {
......@@ -93,16 +91,7 @@ public class CASLoginProtocol implements LoginProtocol {
String service = clientSession.getRedirectUri();
//TODO validate service
String code;
try {
// Keycloak >3.4 branch: Method getCode was renamed to getOrGenerateCode, CODE_TO_TOKEN was removed
Method getOrGenerateCode = ClientSessionCode.class.getMethod("getOrGenerateCode");
code = (String) getOrGenerateCode.invoke(accessCode);
} catch (ReflectiveOperationException e) {
// Keycloak <=3.3 branch
accessCode.setAction(CommonClientSessionModel.Action.CODE_TO_TOKEN.name());
code = accessCode.getCode();
}
String code = accessCode.getOrGenerateCode();
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service);
uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code);
......
......@@ -42,12 +42,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
checkRealm();
checkClient(service);
AuthorizationEndpointChecks checks = getOrCreateAuthenticationSession(client, null);
if (checks.response != null) {
return checks.response;
}
authenticationSession = checks.authSession;
authenticationSession = createAuthenticationSession(client, null);
updateAuthenticationSession();
// So back button doesn't work
......@@ -64,7 +59,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
private void checkClient(String service) {
if (service == null) {
event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM);
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM);
}
client = realm.getClients().stream()
......@@ -73,12 +68,12 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
.findFirst().orElse(null);
if (client == null) {
event.error(Errors.CLIENT_NOT_FOUND);
throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND);
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND);
}
if (!client.isEnabled()) {
event.error(Errors.CLIENT_DISABLED);
throw new ErrorPageException(session, Messages.CLIENT_DISABLED);
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED);
}
redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client);
......@@ -94,9 +89,4 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
authenticationSession.setRedirectUri(redirectUri);
authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
}
@Override
protected boolean isNewRequest(AuthenticationSessionModel authSession, ClientModel clientFromRequest, String requestState) {
return true;
}
}
......@@ -66,7 +66,7 @@ public class LogoutEndpoint {
logger.debug("finishing CAS browser logout");
return response;
}
return ErrorPage.error(session, Messages.FAILED_LOGOUT);
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT);
}
private void checkClient(String service) {
......
......@@ -18,7 +18,6 @@ import org.keycloak.services.managers.ClientSessionCode;
import javax.ws.rs.GET;
import javax.ws.rs.core.*;
import java.lang.reflect.Method;
public class ValidateEndpoint {
protected static final Logger logger = Logger.getLogger(ValidateEndpoint.class);
......@@ -137,24 +136,14 @@ public class ValidateEndpoint {
event.detail(Details.CODE_ID, parts[2]);
}
ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult;
try {
// Keycloak >3.4 branch: Parameter event was added to ClientSessionCode.parseResult
Method parseResultMethod = ClientSessionCode.class.getMethod("parseResult",
String.class, KeycloakSession.class, RealmModel.class, EventBuilder.class, Class.class);
parseResult = (ClientSessionCode.ParseResult<AuthenticatedClientSessionModel>) parseResultMethod.invoke(
null, code, session, realm, event, AuthenticatedClientSessionModel.class);
} catch (ReflectiveOperationException e) {
// Keycloak <=3.3 branch
parseResult = ClientSessionCode.parseResult(code, session, realm, AuthenticatedClientSessionModel.class);
}
ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult = ClientSessionCode.parseResult(code, null, session, realm, client, event, AuthenticatedClientSessionModel.class);
if (parseResult.isAuthSessionNotFound() || parseResult.isIllegalHash()) {
event.error(Errors.INVALID_CODE);
// Attempt to use same code twice should invalidate existing clientSession
AuthenticatedClientSessionModel clientSession = parseResult.getClientSession();
if (clientSession != null) {
clientSession.setUserSession(null);
clientSession.detachFromUserSession();
}
throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST);
......@@ -162,21 +151,9 @@ public class ValidateEndpoint {
clientSession = parseResult.getClientSession();
try {
// Keycloak >3.4 branch: Method isExpiredToken was added
Method isExpiredToken = ClientSessionCode.ParseResult.class.getMethod("isExpiredToken");
if ((Boolean) isExpiredToken.invoke(parseResult)) {
event.error(Errors.EXPIRED_CODE);
throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
}
} catch (ReflectiveOperationException e) {
// Keycloak <=3.3 branch
if (!parseResult.getCode().isValid(AuthenticatedClientSessionModel.Action.CODE_TO_TOKEN.name(), ClientSessionCode.ActionType.CLIENT)) {
event.error(Errors.INVALID_CODE);
throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
}
parseResult.getCode().setAction(null);
if (parseResult.isExpiredToken()) {
event.error(Errors.EXPIRED_CODE);
throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
}
clientSession.setNote(CASLoginProtocol.SESSION_SERVICE_TICKET, ticket);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment