@Override public void saveAccountInfo(OidcKeycloakAccount account) { RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) account.getKeycloakSecurityContext(); Set<String> roles = account.getRoles(); SerializableKeycloakAccount sAccount = new SerializableKeycloakAccount(roles, account.getPrincipal(), securityContext); HttpSession httpSession = request.getSession(); httpSession.setAttribute(KeycloakAccount.class.getName(), sAccount); httpSession.setAttribute(KeycloakSecurityContext.class.getName(), sAccount.getKeycloakSecurityContext()); if (idMapper != null) idMapper.map(account.getKeycloakSecurityContext().getToken().getSessionState(), account.getPrincipal().getName(), httpSession.getId()); //String username = securityContext.getToken().getSubject(); //log.fine("userSessionManagement.login: " + username); }
/** * @see io.apicurio.hub.api.security.ILinkedAccountsProvider#deleteLinkedAccount(io.apicurio.hub.api.beans.LinkedAccountType) */ @Override public void deleteLinkedAccount(LinkedAccountType type) throws IOException { try { KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); String authServerRootUrl = config.getKeycloakAuthUrl(); String realm = config.getKeycloakRealm(); String provider = type.alias(); session.getToken().getSessionState(); String url = KeycloakUriBuilder.fromUri(authServerRootUrl) .path("/realms/{realm}/account/federated-identity-update") .queryParam("action", "REMOVE").queryParam("provider_id", provider).build(realm) .toString(); logger.debug("Deleting identity provider using URL: {}", url); HttpGet get = new HttpGet(url); get.addHeader("Accept", "application/json"); get.addHeader("Authorization", "Bearer " + session.getTokenString()); try (CloseableHttpResponse response = httpClient.execute(get)) { if (response.getStatusLine().getStatusCode() != 200) { logger.debug("HTTP Response Status Code when deleting identity provider: {}", response.getStatusLine().getStatusCode()); } } } catch (Exception e) { throw new IOException("Error deleting linked account.", e); } }
private UserSessionModel findValidSession(AccessToken token, ClientModel client, RealmModel realm, KeycloakSession session) { UserSessionModel userSession = new UserSessionCrossDCManager(session).getUserSessionWithClient(realm, token.getSessionState(), false, client.getId()); UserSessionModel offlineUserSession = null; if (AuthenticationManager.isSessionValid(realm, userSession)) { return userSession; } else { offlineUserSession = new UserSessionCrossDCManager(session).getUserSessionWithClient(realm, token.getSessionState(), true, client.getId()); if (AuthenticationManager.isOfflineSessionValid(realm, offlineUserSession)) { return offlineUserSession; } } if (userSession == null && offlineUserSession == null) { LOG.debug("User session not found or doesn't have client attached on it"); } else { LOG.debug("Session expired"); } return null; }
@Override public String createSignupLink(HttpServletRequest request, Principal principal, Provider providerEnum, String redirectUrl) { String provider = providerEnum.name().toLowerCase(); AccessToken token = ((KeycloakAuthenticationToken) principal).getAccount().getKeycloakSecurityContext().getToken(); String clientId = token.getIssuedFor(); String nonce = UUID.randomUUID().toString(); MessageDigest md; try { md = MessageDigest.getInstance("SHA-256"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } String input = nonce + token.getSessionState() + clientId + provider; byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8)); String hash = Base64Url.encode(check); request.getSession().setAttribute("hash", hash); return KeycloakUriBuilder.fromUri(keycloakUrl) .path("/realms/{realm}/broker/{provider}/link") .queryParam("nonce", nonce) .queryParam("hash", hash) .queryParam("client_id", clientId) .queryParam("redirect_uri", getRedirectUrl(request, provider, redirectUrl)).build("fundrequest", provider).toString(); }
throw new RuntimeException(e); String input = nonce + token.getSessionState() + clientId + provider; byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8)); String hash = Base64Url.encode(check);