Commit 6638b842 authored by Matthias Piepkorn's avatar Matthias Piepkorn

update for Keycloak 3.4.3, version now matches Keycloak version

parent 0ae1021c
...@@ -13,12 +13,6 @@ services: ...@@ -13,12 +13,6 @@ services:
- docker - docker
env: env:
# - KEYCLOAK_VERSION=2.5.5.Final
# - KEYCLOAK_VERSION=3.0.0.Final
# - KEYCLOAK_VERSION=3.1.0.Final
- KEYCLOAK_VERSION=3.2.1.Final
- KEYCLOAK_VERSION=3.3.0.Final
- KEYCLOAK_VERSION=3.4.0.Final
- KEYCLOAK_VERSION=3.4.3.Final - KEYCLOAK_VERSION=3.4.3.Final
before_install: before_install:
......
...@@ -12,7 +12,7 @@ get_ticket() { ...@@ -12,7 +12,7 @@ get_ticket() {
exit 1 exit 1
fi fi
login_url=${BASH_REMATCH[1]} login_url=${BASH_REMATCH[1]//&/&}
redirect_response=$(curl --fail --silent -D - -b /tmp/cookies --data 'username=admin&password=admin' "$login_url") redirect_response=$(curl --fail --silent -D - -b /tmp/cookies --data 'username=admin&password=admin' "$login_url")
if [[ !($redirect_response =~ $ticket_pattern) ]] ; then if [[ !($redirect_response =~ $ticket_pattern) ]] ; then
echo "No service ticket found in response" echo "No service ticket found in response"
......
...@@ -22,12 +22,12 @@ ...@@ -22,12 +22,12 @@
<groupId>org.keycloak</groupId> <groupId>org.keycloak</groupId>
<artifactId>keycloak-protocol-cas</artifactId> <artifactId>keycloak-protocol-cas</artifactId>
<version>2.1.1-SNAPSHOT</version> <version>3.4.3</version>
<name>Keycloak CAS Protocol</name> <name>Keycloak CAS Protocol</name>
<description /> <description />
<properties> <properties>
<keycloak.version>3.2.0.Final</keycloak.version> <keycloak.version>${project.version}.Final</keycloak.version>
<jboss.logging.version>3.3.0.Final</jboss.logging.version> <jboss.logging.version>3.3.0.Final</jboss.logging.version>
<jboss.logging.tools.version>2.0.1.Final</jboss.logging.tools.version> <jboss.logging.tools.version>2.0.1.Final</jboss.logging.tools.version>
<junit.version>4.12</junit.version> <junit.version>4.12</junit.version>
......
...@@ -12,13 +12,11 @@ import org.keycloak.protocol.cas.utils.LogoutHelper; ...@@ -12,13 +12,11 @@ import org.keycloak.protocol.cas.utils.LogoutHelper;
import org.keycloak.services.managers.ClientSessionCode; import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.ResourceAdminManager; import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.sessions.AuthenticationSessionModel; import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.CommonClientSessionModel;
import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo; import javax.ws.rs.core.UriInfo;
import java.io.IOException; import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URI; import java.net.URI;
public class CASLoginProtocol implements LoginProtocol { public class CASLoginProtocol implements LoginProtocol {
...@@ -93,16 +91,7 @@ public class CASLoginProtocol implements LoginProtocol { ...@@ -93,16 +91,7 @@ public class CASLoginProtocol implements LoginProtocol {
String service = clientSession.getRedirectUri(); String service = clientSession.getRedirectUri();
//TODO validate service //TODO validate service
String code; String code = accessCode.getOrGenerateCode();
try {
// Keycloak >3.4 branch: Method getCode was renamed to getOrGenerateCode, CODE_TO_TOKEN was removed
Method getOrGenerateCode = ClientSessionCode.class.getMethod("getOrGenerateCode");
code = (String) getOrGenerateCode.invoke(accessCode);
} catch (ReflectiveOperationException e) {
// Keycloak <=3.3 branch
accessCode.setAction(CommonClientSessionModel.Action.CODE_TO_TOKEN.name());
code = accessCode.getCode();
}
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service); KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service);
uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code); uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code);
......
...@@ -42,12 +42,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { ...@@ -42,12 +42,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
checkRealm(); checkRealm();
checkClient(service); checkClient(service);
AuthorizationEndpointChecks checks = getOrCreateAuthenticationSession(client, null); authenticationSession = createAuthenticationSession(client, null);
if (checks.response != null) {
return checks.response;
}
authenticationSession = checks.authSession;
updateAuthenticationSession(); updateAuthenticationSession();
// So back button doesn't work // So back button doesn't work
...@@ -64,7 +59,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { ...@@ -64,7 +59,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
private void checkClient(String service) { private void checkClient(String service) {
if (service == null) { if (service == null) {
event.error(Errors.INVALID_REQUEST); event.error(Errors.INVALID_REQUEST);
throw new ErrorPageException(session, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM);
} }
client = realm.getClients().stream() client = realm.getClients().stream()
...@@ -73,12 +68,12 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { ...@@ -73,12 +68,12 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
.findFirst().orElse(null); .findFirst().orElse(null);
if (client == null) { if (client == null) {
event.error(Errors.CLIENT_NOT_FOUND); event.error(Errors.CLIENT_NOT_FOUND);
throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND);
} }
if (!client.isEnabled()) { if (!client.isEnabled()) {
event.error(Errors.CLIENT_DISABLED); event.error(Errors.CLIENT_DISABLED);
throw new ErrorPageException(session, Messages.CLIENT_DISABLED); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED);
} }
redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client); redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client);
...@@ -94,9 +89,4 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase { ...@@ -94,9 +89,4 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
authenticationSession.setRedirectUri(redirectUri); authenticationSession.setRedirectUri(redirectUri);
authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name()); authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
} }
@Override
protected boolean isNewRequest(AuthenticationSessionModel authSession, ClientModel clientFromRequest, String requestState) {
return true;
}
} }
...@@ -66,7 +66,7 @@ public class LogoutEndpoint { ...@@ -66,7 +66,7 @@ public class LogoutEndpoint {
logger.debug("finishing CAS browser logout"); logger.debug("finishing CAS browser logout");
return response; return response;
} }
return ErrorPage.error(session, Messages.FAILED_LOGOUT); return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT);
} }
private void checkClient(String service) { private void checkClient(String service) {
......
...@@ -18,7 +18,6 @@ import org.keycloak.services.managers.ClientSessionCode; ...@@ -18,7 +18,6 @@ import org.keycloak.services.managers.ClientSessionCode;
import javax.ws.rs.GET; import javax.ws.rs.GET;
import javax.ws.rs.core.*; import javax.ws.rs.core.*;
import java.lang.reflect.Method;
public class ValidateEndpoint { public class ValidateEndpoint {
protected static final Logger logger = Logger.getLogger(ValidateEndpoint.class); protected static final Logger logger = Logger.getLogger(ValidateEndpoint.class);
...@@ -137,24 +136,14 @@ public class ValidateEndpoint { ...@@ -137,24 +136,14 @@ public class ValidateEndpoint {
event.detail(Details.CODE_ID, parts[2]); event.detail(Details.CODE_ID, parts[2]);
} }
ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult; ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult = ClientSessionCode.parseResult(code, null, session, realm, client, event, AuthenticatedClientSessionModel.class);
try {
// Keycloak >3.4 branch: Parameter event was added to ClientSessionCode.parseResult
Method parseResultMethod = ClientSessionCode.class.getMethod("parseResult",
String.class, KeycloakSession.class, RealmModel.class, EventBuilder.class, Class.class);
parseResult = (ClientSessionCode.ParseResult<AuthenticatedClientSessionModel>) parseResultMethod.invoke(
null, code, session, realm, event, AuthenticatedClientSessionModel.class);
} catch (ReflectiveOperationException e) {
// Keycloak <=3.3 branch
parseResult = ClientSessionCode.parseResult(code, session, realm, AuthenticatedClientSessionModel.class);
}
if (parseResult.isAuthSessionNotFound() || parseResult.isIllegalHash()) { if (parseResult.isAuthSessionNotFound() || parseResult.isIllegalHash()) {
event.error(Errors.INVALID_CODE); event.error(Errors.INVALID_CODE);
// Attempt to use same code twice should invalidate existing clientSession // Attempt to use same code twice should invalidate existing clientSession
AuthenticatedClientSessionModel clientSession = parseResult.getClientSession(); AuthenticatedClientSessionModel clientSession = parseResult.getClientSession();
if (clientSession != null) { if (clientSession != null) {
clientSession.setUserSession(null); clientSession.detachFromUserSession();
} }
throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST); throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST);
...@@ -162,22 +151,10 @@ public class ValidateEndpoint { ...@@ -162,22 +151,10 @@ public class ValidateEndpoint {
clientSession = parseResult.getClientSession(); clientSession = parseResult.getClientSession();
try { if (parseResult.isExpiredToken()) {
// Keycloak >3.4 branch: Method isExpiredToken was added
Method isExpiredToken = ClientSessionCode.ParseResult.class.getMethod("isExpiredToken");
if ((Boolean) isExpiredToken.invoke(parseResult)) {
event.error(Errors.EXPIRED_CODE); event.error(Errors.EXPIRED_CODE);
throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST); throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
} }
} catch (ReflectiveOperationException e) {
// Keycloak <=3.3 branch
if (!parseResult.getCode().isValid(AuthenticatedClientSessionModel.Action.CODE_TO_TOKEN.name(), ClientSessionCode.ActionType.CLIENT)) {
event.error(Errors.INVALID_CODE);
throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
}
parseResult.getCode().setAction(null);
}
clientSession.setNote(CASLoginProtocol.SESSION_SERVICE_TICKET, ticket); clientSession.setNote(CASLoginProtocol.SESSION_SERVICE_TICKET, ticket);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment