public static AuthenticationSessionCompoundId fromAuthSession(AuthenticationSessionModel authSession) { return decoded(authSession.getParentSession().getId(), authSession.getTabId(), authSession.getClient().getId()); }
@Override public boolean requireReauthentication(UserSessionModel userSession, AuthenticationSessionModel authSession) { return "true".equals(authSession.getClientNote(CASLoginProtocol.RENEW_PARAM)); }
private void updateAuthenticationSession() { authenticationSession.setProtocol(CASLoginProtocol.LOGIN_PROTOCOL); authenticationSession.setRedirectUri(redirectUri); authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name()); } }
@Override public AuthenticationSessionModel getAuthenticationSession(ClientModel client, String tabId) { if (client == null || tabId == null) { return null; } AuthenticationSessionModel authSession = getAuthenticationSessions().get(tabId); if (authSession != null && client.equals(authSession.getClient())) { return authSession; } else { return null; } }
public static void addMainSecretToUserSession(UserSecretAdapter userSecretStorage, AuthenticationFlowContext context, UserModel user, UserCredentialModel credentialModel ){ String userSecret = userSecretStorage.retrieveMainSecret(context.getRealm(), user, credentialModel); // copy notes into the user session // Hint: it might have been interesting to distinguish between the different type of notes // that can be returned by a user storage provider like: // - UserSesionNote // - AuthNote // - ClientNote // Hint: even roles could be transported using these notes. Object scope = credentialModel.getNote(Constants.CUSTOM_SCOPE_NOTE_KEY); if (userSecret != null) { context.getAuthenticationSession().setUserSessionNote(UserSecretAdapter.USER_MAIN_SECRET_NOTE_KEY,userSecret); } if(scope!=null){ context.getAuthenticationSession().setUserSessionNote(UserSecretAdapter.AUTH_SESSION_SCOPE_NOTE_KEY,scope.toString()); } } }
@Override public Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx) { AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession(); String service = authSession.getRedirectUri(); //TODO validate service OAuth2Code codeData = new OAuth2Code(UUID.randomUUID(), Time.currentTime() + userSession.getRealm().getAccessCodeLifespan(), null, null, authSession.getRedirectUri(), null, null); String code = OAuth2CodeParser.persistCode(session, clientSession, codeData); KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service); uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code); URI redirectUri = uriBuilder.build(); Response.ResponseBuilder location = Response.status(302).location(redirectUri); return location.build(); }
@GET public Response build() { MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters(); String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM); boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM); boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM); checkSsl(); checkRealm(); checkClient(service); authenticationSession = createAuthenticationSession(client, null); updateAuthenticationSession(); // So back button doesn't work CacheControlUtil.noBackButtonCacheControlHeader(); if (renew) { authenticationSession.setClientNote(CASLoginProtocol.RENEW_PARAM, "true"); } this.event.event(EventType.LOGIN); return handleBrowserAuthenticationRequest(authenticationSession, new CASLoginProtocol(session, realm, session.getContext().getUri(), headers, event), gateway, false); }
public static Optional<String> readScope(AuthenticationFlowContext context) { Object scope = context.getAuthenticationSession().getClientNote(OAuth2Constants.SCOPE); return Optional.ofNullable(scope) .map(Object::toString); }