Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proxy ticket service and proxy ticket validation #105

Merged
merged 1 commit into from
Jul 16, 2024
Merged

Proxy ticket service and proxy ticket validation #105

merged 1 commit into from
Jul 16, 2024

Conversation

alexandrerw
Copy link
Contributor

Issue #37

Changelog:
/serviceValidate and /p3/serviceValidate with optional parameter "pgtUrl" create PGT and PGTIOU ticket, return a proxyGrantingTicket(PGTIOU).
/proxy receive a PGT ticket and exchange it for a PT ticket.
/proxyValidate and /p3/proxyValidate check if a PT ticket is valid.

Note: OAuth2CodeParser is not used because the PGT ticker is reusable, keycloak 23.0.0 and above generate an error.

jacekkow
jacekkow requested changes May 15, 2024
View reviewed changes
Copy link
Owner

@jacekkow jacekkow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are just a few issues I have spotted by looking at the code - I have not checked the underlying logic yet. For example I'd like to check whether replacing "ST-" with "PGT-" in a service ticket would result in such token being invalid, as I'm not so sure now.

pom.xml Outdated Show resolved Hide resolved
src/main/java/org/keycloak/protocol/cas/endpoints/ProxyValidateEndpoint.java Outdated Show resolved Hide resolved
src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java Outdated Show resolved Hide resolved
src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java Outdated Show resolved Hide resolved
src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java Outdated Show resolved Hide resolved
src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java Outdated Show resolved Hide resolved
src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java Show resolved Hide resolved
@alexandrerw alexandrerw requested a review from jacekkow May 16, 2024 13:02
@jacekkow
Copy link
Owner

@alexandrerw : Could you please squash all your changes into a single commit and apply changes from branch pr105:
https://github.com/jacekkow/keycloak-protocol-cas/commits/pr105/
(preferably melded into that squashed commit)?

@jacekkow
Copy link
Owner

@alexandrerw : One more thing, remove "Proxy ticket service and proxy ticket validation [CAS 2.0]" from missing features section in README.

@alexandrerw
Proxy ticket service and proxy ticket validation
70b9c91 
Proxy endpoints improvements suggested by Jacek Kowalski
Add ticket type to storage key
Rename isreuse to isReusable
Remove "parsing" of "codeUUID" that is String, not UUID
Improve error reporting in CAS ticket validation
@alexandrerw
Copy link
Contributor Author

@jacekkow done.

@jacekkow jacekkow merged commit 755fd78 into jacekkow:master Jul 16, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jacekkow jacekkow Awaiting requested review from jacekkow

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexandrerw @jacekkow