From 32997b7c31fc3b27a8df6911e0f8e8e1bcc58437 Mon Sep 17 00:00:00 2001 From: Jakub Malinowski Date: Wed, 30 Oct 2024 07:41:18 +0100 Subject: [PATCH] #129 Client session note service ticket fix --- src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java | 4 ++-- .../protocol/cas/endpoints/AbstractValidateEndpoint.java | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java b/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java index 7e9d797..3961cfa 100644 --- a/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java +++ b/src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java @@ -44,7 +44,7 @@ public class CASLoginProtocol implements LoginProtocol { public static final String PROXY_GRANTING_TICKET_IOU_PREFIX = "PGTIOU-"; public static final String PROXY_GRANTING_TICKET_PREFIX = "PGT-"; public static final String PROXY_TICKET_PREFIX = "PT-"; - public static final String SESSION_SERVICE_TICKET = "service_ticket"; + public static final String SESSION_TICKET = "service_ticket"; public static final String LOGOUT_REDIRECT_URI = "CAS_LOGOUT_REDIRECT_URI"; @@ -142,7 +142,7 @@ public Response sendError(ClientModel clientModel, ClientData clientData, Error @Override public Response backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) { String logoutUrl = clientSession.getRedirectUri(); - String serviceTicket = clientSession.getNote(CASLoginProtocol.SESSION_SERVICE_TICKET); + String serviceTicket = clientSession.getNote(CASLoginProtocol.SESSION_TICKET); //check if session is fully authenticated (i.e. serviceValidate has been called) if (serviceTicket != null && !serviceTicket.isEmpty()) { sendSingleLogoutRequest(logoutUrl, serviceTicket); diff --git a/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java b/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java index e166bb0..54f05ca 100644 --- a/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java +++ b/src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java @@ -151,7 +151,7 @@ protected void checkTicket(String ticket, String prefix, boolean requireReauth) throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST); } - clientSession.setNote(prefix, ticket); + clientSession.setNote(CASLoginProtocol.SESSION_TICKET, ticket); if (requireReauth && AuthenticationManager.isSSOAuthentication(clientSession)) { event.error(Errors.SESSION_EXPIRED);