@Override protected void forwardToLogoutPage(Request request, HttpServletResponse response, SamlDeployment deployment) { super.forwardToLogoutPage(request, response, deployment); }
@Override public void lifecycleEvent(LifecycleEvent event) { if (Lifecycle.START_EVENT.equals(event.getType())) { cache = false; } else if (Lifecycle.AFTER_START_EVENT.equals(event.getType())) { keycloakInit(); } else if (Lifecycle.BEFORE_STOP_EVENT.equals(event.getType())) { beforeStop(); } }
protected SamlSessionStore createSessionStore(Request request, HttpFacade facade, SamlDeployment resolvedDeployment) { SamlSessionStore store; store = new CatalinaSamlSessionStore(userSessionManagement, createPrincipalFactory(), mapper, idMapperUpdater, request, this, facade, resolvedDeployment); return store; }
protected void addTokenStoreUpdaters() { SessionIdMapperUpdater updater = getIdMapperUpdater(); try { String idMapperSessionUpdaterClasses = context.getServletContext().getInitParameter("keycloak.sessionIdMapperUpdater.classes"); if (idMapperSessionUpdaterClasses == null) { return; } for (String clazz : idMapperSessionUpdaterClasses.split("\\s*,\\s*")) { if (! clazz.isEmpty()) { updater = invokeAddTokenStoreUpdaterMethod(clazz, updater); } } } finally { setIdMapperUpdater(updater); } }
protected boolean authenticateInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException { log.trace("authenticateInternal"); CatalinaHttpFacade facade = new CatalinaHttpFacade(response, request); SamlDeployment deployment = deploymentContext.resolveDeployment(facade); if (deployment == null || !deployment.isConfigured()) { log.trace("deployment not configured"); return false; } SamlSessionStore tokenStore = getSessionStore(request, facade, deployment); SamlAuthenticator authenticator = new CatalinaSamlAuthenticator(facade, deployment, tokenStore); return executeAuthenticator(request, response, facade, deployment, authenticator); }
protected boolean executeAuthenticator(Request request, HttpServletResponse response, CatalinaHttpFacade facade, SamlDeployment deployment, SamlAuthenticator authenticator) { AuthOutcome outcome = authenticator.authenticate(); if (outcome == AuthOutcome.AUTHENTICATED) { log.trace("AUTHENTICATED"); if (facade.isEnded()) { return false; } return true; } if (outcome == AuthOutcome.LOGGED_OUT) { logoutInternal(request); if (deployment.getLogoutPage() != null) { forwardToLogoutPage(request, response, deployment); } log.trace("Logging OUT"); return false; } AuthChallenge challenge = authenticator.getChallenge(); if (challenge != null) { log.trace("challenge"); challenge.challenge(facade); } return false; }
InputStream is = getConfigInputStream(context); final SamlDeployment deployment; if (is == null) { addTokenStoreUpdaters();
@Override protected void addTokenStoreUpdaters() { context.addApplicationListenerInstance(new IdMapperUpdaterSessionListener(mapper)); setIdMapperUpdater(SessionIdMapperUpdater.EXTERNAL); super.addTokenStoreUpdaters(); } }
protected SamlSessionStore getSessionStore(Request request, HttpFacade facade, SamlDeployment resolvedDeployment) { SamlSessionStore store = (SamlSessionStore)request.getNote(TOKEN_STORE_NOTE); if (store != null) { return store; } store = createSessionStore(request, facade, resolvedDeployment); request.setNote(TOKEN_STORE_NOTE, store); return store; }
private static InputStream getConfigInputStream(Context context) { InputStream is = getConfigFromServletContext(context.getServletContext()); if (is == null) { String path = context.getServletContext().getInitParameter("keycloak.config.file"); if (path == null) { log.trace("**** using /WEB-INF/keycloak-saml.xml"); is = context.getServletContext().getResourceAsStream("/WEB-INF/keycloak-saml.xml"); } else { try { is = new FileInputStream(path); } catch (FileNotFoundException e) { log.errorv("NOT FOUND {0}", path); throw new RuntimeException(e); } } } return is; }
protected void logoutInternal(Request request) { CatalinaHttpFacade facade = new CatalinaHttpFacade(null, request); SamlDeployment deployment = deploymentContext.resolveDeployment(facade); SamlSessionStore tokenStore = getSessionStore(request, facade, deployment); tokenStore.logoutAccount(); request.setUserPrincipal(null); }
@Override public void invoke(Request request, Response response) throws IOException, ServletException { log.trace("*********************** SAML ************"); CatalinaHttpFacade facade = new CatalinaHttpFacade(response, request); SamlDeployment deployment = deploymentContext.resolveDeployment(facade); if (request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml")) { if (deployment != null && deployment.isConfigured()) { SamlSessionStore tokenStore = getSessionStore(request, facade, deployment); SamlAuthenticator authenticator = new CatalinaSamlEndpoint(facade, deployment, tokenStore); executeAuthenticator(request, response, facade, deployment, authenticator); return; } } try { getSessionStore(request, facade, deployment).isLoggedIn(); // sets request UserPrincipal if logged in. we do this so that the UserPrincipal is available on unsecured, unconstrainted URLs super.invoke(request, response); } finally { } }