private void updateAuthenticationSession() { authenticationSession.setProtocol(CASLoginProtocol.LOGIN_PROTOCOL); authenticationSession.setRedirectUri(redirectUri); authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name()); } }
private static AuthenticationSessionModel.ExecutionStatus fromOrdinal(int ordinal) { ExecutionStatus[] values = AuthenticationSessionModel.ExecutionStatus.values(); return (ordinal < 0 || ordinal >= values.length) ? null : values[ordinal]; }
public static AuthenticationSessionCompoundId decoded(String rootAuthSessionId, String tabId, String clientUUID) { String encodedId = rootAuthSessionId + "." + tabId + "." + clientUUID; return new AuthenticationSessionCompoundId(rootAuthSessionId, tabId, clientUUID, encodedId); }
public static AuthenticationSessionCompoundId fromAuthSession(AuthenticationSessionModel authSession) { return decoded(authSession.getParentSession().getId(), authSession.getTabId(), authSession.getClient().getId()); }
@Override public void updateNonlocalSessionAuthNotes(AuthenticationSessionCompoundId compoundId, Map<String, String> authNotesFragment) { if (compoundId == null) { return; } ClusterProvider cluster = session.getProvider(ClusterProvider.class); cluster.notify( InfinispanAuthenticationSessionProviderFactory.AUTHENTICATION_SESSION_EVENTS, AuthenticationSessionAuthNoteUpdateEvent.create(compoundId.getRootSessionId(), compoundId.getTabId(), compoundId.getClientUUID(), authNotesFragment), true, ClusterProvider.DCNotify.ALL_BUT_LOCAL_DC ); }
@Override public boolean requireReauthentication(UserSessionModel userSession, AuthenticationSessionModel authSession) { return "true".equals(authSession.getClientNote(CASLoginProtocol.RENEW_PARAM)); }
@Override public void removeRootAuthenticationSession(RealmModel realm, RootAuthenticationSessionModel authenticationSession) { tx.remove(cache, authenticationSession.getId()); }
@Override public AuthenticationSessionModel getAuthenticationSession(ClientModel client, String tabId) { if (client == null || tabId == null) { return null; } AuthenticationSessionModel authSession = getAuthenticationSessions().get(tabId); if (authSession != null && client.equals(authSession.getClient())) { return authSession; } else { return null; } }
public static void addMainSecretToUserSession(UserSecretAdapter userSecretStorage, AuthenticationFlowContext context, UserModel user, UserCredentialModel credentialModel ){ String userSecret = userSecretStorage.retrieveMainSecret(context.getRealm(), user, credentialModel); // copy notes into the user session // Hint: it might have been interesting to distinguish between the different type of notes // that can be returned by a user storage provider like: // - UserSesionNote // - AuthNote // - ClientNote // Hint: even roles could be transported using these notes. Object scope = credentialModel.getNote(Constants.CUSTOM_SCOPE_NOTE_KEY); if (userSecret != null) { context.getAuthenticationSession().setUserSessionNote(UserSecretAdapter.USER_MAIN_SECRET_NOTE_KEY,userSecret); } if(scope!=null){ context.getAuthenticationSession().setUserSessionNote(UserSecretAdapter.AUTH_SESSION_SCOPE_NOTE_KEY,scope.toString()); } } }
@Override public Response authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx) { AuthenticatedClientSessionModel clientSession = clientSessionCtx.getClientSession(); String service = authSession.getRedirectUri(); //TODO validate service OAuth2Code codeData = new OAuth2Code(UUID.randomUUID(), Time.currentTime() + userSession.getRealm().getAccessCodeLifespan(), null, null, authSession.getRedirectUri(), null, null); String code = OAuth2CodeParser.persistCode(session, clientSession, codeData); KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service); uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code); URI redirectUri = uriBuilder.build(); Response.ResponseBuilder location = Response.status(302).location(redirectUri); return location.build(); }
private <K> K generateKey(KeycloakSession session, Cache<K, ?> cache, KeyGenerator<K> keyGenerator) { String cacheName = cache.getName(); // "wantsLocalKey" is true if route is not attached to the sticky session cookie. Without attached route, We want the key, which will be "owned" by this node. // This is needed due the fact that external loadbalancer will attach route corresponding to our node, which will be the owner of the particular key, hence we // will be able to lookup key locally. boolean wantsLocalKey = !session.getProvider(StickySessionEncoderProvider.class).shouldAttachRoute(); if (wantsLocalKey && cache.getCacheConfiguration().clustering().cacheMode().isClustered()) { KeyAffinityService<K> keyAffinityService = keyAffinityServices.get(cacheName); if (keyAffinityService == null) { keyAffinityService = createKeyAffinityService(cache, keyGenerator); keyAffinityServices.put(cacheName, keyAffinityService); log.debugf("Registered key affinity service for cache '%s'", cacheName); } return keyAffinityService.getKeyForAddress(cache.getCacheManager().getAddress()); } else { return keyGenerator.getKey(); } }
@GET public Response build() { MultivaluedMap<String, String> params = session.getContext().getUri().getQueryParameters(); String service = params.getFirst(CASLoginProtocol.SERVICE_PARAM); boolean renew = params.containsKey(CASLoginProtocol.RENEW_PARAM); boolean gateway = params.containsKey(CASLoginProtocol.GATEWAY_PARAM); checkSsl(); checkRealm(); checkClient(service); authenticationSession = createAuthenticationSession(client, null); updateAuthenticationSession(); // So back button doesn't work CacheControlUtil.noBackButtonCacheControlHeader(); if (renew) { authenticationSession.setClientNote(CASLoginProtocol.RENEW_PARAM, "true"); } this.event.event(EventType.LOGIN); return handleBrowserAuthenticationRequest(authenticationSession, new CASLoginProtocol(session, realm, session.getContext().getUri(), headers, event), gateway, false); }
public static Optional<String> readScope(AuthenticationFlowContext context) { Object scope = context.getAuthenticationSession().getClientNote(OAuth2Constants.SCOPE); return Optional.ofNullable(scope) .map(Object::toString); }
public static AuthenticationSessionCompoundId encoded(String encodedId) { String[] decoded = DOT.split(encodedId, 3); String rootAuthSessionId =(decoded.length > 0) ? decoded[0] : null; String tabId = (decoded.length > 1) ? decoded[1] : null; String clientUUID = (decoded.length > 2) ? decoded[2] : null; return new AuthenticationSessionCompoundId(rootAuthSessionId, tabId, clientUUID, encodedId); }