Commit 7124d21d authored by Matthias Piepkorn's avatar Matthias Piepkorn
Browse files

Fix handling of 'renew' parameter

parent 8a551802
......@@ -31,15 +31,13 @@ public class CASLoginProtocol implements LoginProtocol {
protected UriInfo uriInfo;
protected HttpHeaders headers;
protected EventBuilder event;
private boolean requireReauth;
public CASLoginProtocol(KeycloakSession session, RealmModel realm, UriInfo uriInfo, HttpHeaders headers, EventBuilder event, boolean requireReauth) {
public CASLoginProtocol(KeycloakSession session, RealmModel realm, UriInfo uriInfo, HttpHeaders headers, EventBuilder event) {
this.session = session;
this.realm = realm;
this.uriInfo = uriInfo;
this.headers = headers;
this.event = event;
this.requireReauth = requireReauth;
}
public CASLoginProtocol() {
......@@ -117,7 +115,7 @@ public class CASLoginProtocol implements LoginProtocol {
@Override
public boolean requireReauthentication(UserSessionModel userSession, ClientSessionModel clientSession) {
return requireReauth;
return "true".equals(clientSession.getNote(CASLoginProtocol.RENEW_PARAM));
}
@Override
......
......@@ -35,8 +35,8 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
public Response build() {
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM);
boolean renew = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.RENEW_PARAM));
boolean gateway = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.GATEWAY_PARAM));
boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);
boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM);
checkSsl();
checkRealm();
......@@ -46,8 +46,12 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
// So back button doesn't work
CacheControlUtil.noBackButtonCacheControlHeader();
if (renew) {
clientSession.setNote(CASLoginProtocol.RENEW_PARAM, "true");
}
this.event.event(EventType.LOGIN);
return handleBrowserAuthenticationRequest(clientSession, new CASLoginProtocol(session, realm, uriInfo, headers, event, renew), gateway, false);
return handleBrowserAuthenticationRequest(clientSession, new CASLoginProtocol(session, realm, uriInfo, headers, event), gateway, false);
}
private void checkSsl() {
......
......@@ -56,7 +56,7 @@ public class ValidateEndpoint {
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM);
String ticket = params.getFirst(CASLoginProtocol.TICKET_PARAM);
boolean renew = "true".equalsIgnoreCase(params.getFirst(CASLoginProtocol.RENEW_PARAM));
boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM);
event.event(EventType.CODE_TO_TOKEN);
......@@ -154,6 +154,11 @@ public class ValidateEndpoint {
parseResult.getCode().setAction(null);
if (requireReauth && AuthenticationManager.isSSOAuthentication(clientSession)) {
event.error(Errors.SESSION_EXPIRED);
throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Interactive authentication was requested but not performed", Response.Status.BAD_REQUEST);
}
UserSessionModel userSession = clientSession.getUserSession();
if (userSession == null) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment