From 92ea6b15524da2eee8f7f523efca32b29ccab11e Mon Sep 17 00:00:00 2001 From: Jacek Kowalski Date: Mon, 18 Nov 2019 19:47:34 +0100 Subject: [PATCH 1/2] Update to Keycloak 8.0.0 Change redirect/logout methods to match changes in Keycloack --- .travis.yml | 2 +- pom.xml | 2 +- src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java | 2 +- .../protocol/cas/endpoints/AbstractValidateEndpoint.java | 2 +- .../protocol/cas/endpoints/AuthorizationEndpoint.java | 4 ++-- .../org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8d758cd..29fc0ec 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,7 @@ services: - docker env: - - KEYCLOAK_VERSION=7.0.0 + - KEYCLOAK_VERSION=8.0.0 before_install: - if [ "$TRAVIS_EVENT_TYPE" != "cron" ]; then docker pull quay.io/keycloak/keycloak:$KEYCLOAK_VERSION; fi diff --git a/pom.xml b/pom.xml index f130a58..f709adf 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ org.keycloak keycloak-protocol-cas - 7.0.0 + 8.0.0 Keycloak CAS Protocol diff --git a/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java b/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java index c79ddc8..4557c7a 100644 --- a/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java +++ b/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java @@ -123,7 +123,7 @@ public void backchannelLogout(UserSessionModel userSession, AuthenticatedClientS sendSingleLogoutRequest(logoutUrl, serviceTicket); } ClientModel client = clientSession.getClient(); - new ResourceAdminManager(session).logoutClientSession(uriInfo.getRequestUri(), realm, client, clientSession); + new ResourceAdminManager(session).logoutClientSession(realm, client, clientSession); } private void sendSingleLogoutRequest(String logoutUrl, String serviceTicket) { diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java index dd6e1b3..d1acb61 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java @@ -63,7 +63,7 @@ protected void checkClient(String service) { client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) - .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) + .filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java index 865b937..2981732 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java @@ -64,7 +64,7 @@ private void checkClient(String service) { client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) - .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) + .filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); @@ -76,7 +76,7 @@ private void checkClient(String service) { throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED); } - redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, client); + redirectUri = RedirectUtils.verifyRedirectUri(session, service, client); event.client(client.getClientId()); event.detail(Details.REDIRECT_URI, redirectUri); diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java index 09a0469..ce2ac6b 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java @@ -72,10 +72,10 @@ private void checkClient(String service) { client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) - .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) + .filter(c -> RedirectUtils.verifyRedirectUri(session, service, c) != null) .findFirst().orElse(null); if (client != null) { - redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, client); + redirectUri = RedirectUtils.verifyRedirectUri(session, service, client); session.getContext().setClient(client); } From 5cc5c5d508f12f1106964c47c32d58118f117865 Mon Sep 17 00:00:00 2001 From: Phy Date: Fri, 28 Feb 2020 01:07:14 -0500 Subject: [PATCH 2/2] Update to Keycloak 9.0.0 and apply API change - DefaultClientSessionContext.fromClientSessionAndScopeParameter adds session parm - Add SAMLCASConstants to address removed constants from Keycloak --- .travis.yml | 2 +- pom.xml | 2 +- .../cas/endpoints/AbstractValidateEndpoint.java | 2 +- .../cas/representations/SAMLCASConstants.java | 11 +++++++++++ .../cas/representations/SamlResponseHelper.java | 6 +++--- 5 files changed, 17 insertions(+), 6 deletions(-) create mode 100644 src/main/java/org/keycloak/protocol/cas/representations/SAMLCASConstants.java diff --git a/.travis.yml b/.travis.yml index 29fc0ec..fbd27f2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,7 @@ services: - docker env: - - KEYCLOAK_VERSION=8.0.0 + - KEYCLOAK_VERSION=9.0.0 before_install: - if [ "$TRAVIS_EVENT_TYPE" != "cron" ]; then docker pull quay.io/keycloak/keycloak:$KEYCLOAK_VERSION; fi diff --git a/pom.xml b/pom.xml index f709adf..16ed5ae 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ org.keycloak keycloak-protocol-cas - 8.0.0 + 9.0.0 Keycloak CAS Protocol diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java index d1acb61..b480679 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java @@ -153,7 +153,7 @@ protected void checkTicket(String ticket, boolean requireReauth) { protected Map getUserAttributes() { UserSessionModel userSession = clientSession.getUserSession(); // CAS protocol does not support scopes, so pass null scopeParam - ClientSessionContext clientSessionCtx = DefaultClientSessionContext.fromClientSessionAndScopeParameter(clientSession, null); + ClientSessionContext clientSessionCtx = DefaultClientSessionContext.fromClientSessionAndScopeParameter(clientSession, null, session); Set mappings = clientSessionCtx.getProtocolMappers(); KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory(); diff --git a/src/main/java/org/keycloak/protocol/cas/representations/SAMLCASConstants.java b/src/main/java/org/keycloak/protocol/cas/representations/SAMLCASConstants.java new file mode 100644 index 0000000..574142c --- /dev/null +++ b/src/main/java/org/keycloak/protocol/cas/representations/SAMLCASConstants.java @@ -0,0 +1,11 @@ +package org.keycloak.protocol.cas.representations; + +public interface SAMLCASConstants { + + String AUTH_METHOD_PASSWORD = "urn:oasis:names:tc:SAML:1.0:am:password"; + + String FORMAT_EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"; + + String FORMAT_UNSPECIFIED = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"; + +} diff --git a/src/main/java/org/keycloak/protocol/cas/representations/SamlResponseHelper.java b/src/main/java/org/keycloak/protocol/cas/representations/SamlResponseHelper.java index f5db51c..cc8ec8d 100644 --- a/src/main/java/org/keycloak/protocol/cas/representations/SamlResponseHelper.java +++ b/src/main/java/org/keycloak/protocol/cas/representations/SamlResponseHelper.java @@ -74,7 +74,7 @@ public static SAML11ResponseType successResponse(String issuer, String username, conditions.setNotOnOrAfter(factory.newXMLGregorianCalendar(GregorianCalendar.from(nowZoned.plusMinutes(5)))); })); assertion.add(applyTo(new SAML11AuthenticationStatementType( - URI.create(SAML11Constants.AUTH_METHOD_PASSWORD), + URI.create(SAMLCASConstants.AUTH_METHOD_PASSWORD), now ), stmt -> stmt.setSubject(toSubject(username)))); assertion.addAllStatements(toAttributes(username, attributes)); @@ -141,8 +141,8 @@ private static SAML11SubjectType toSubject(String username) { private static URI nameIdFormat(String username) { return URI.create(Validation.isEmailValid(username) ? - SAML11Constants.FORMAT_EMAIL_ADDRESS : - SAML11Constants.FORMAT_UNSPECIFIED + SAMLCASConstants.FORMAT_EMAIL_ADDRESS : + SAMLCASConstants.FORMAT_UNSPECIFIED ); }