Aligned with keycloak 24

Added dependencies of RHBK 24.0.3

pom.xml

@@ -22,7 +22,7 @@ http://www.apache.org/licenses/LICENSE-2.0
         <maven.compiler.release>17</maven.compiler.release>
         <failOnMissingWebXml>false</failOnMissingWebXml>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <version.keycloak>22.0.8.redhat-00001</version.keycloak>
+        <version.keycloak>24.0.3.redhat-00004</version.keycloak>
         <slf4j-api.version>1.7.36</slf4j-api.version>
         <junit.version>4.13.2</junit.version>
         <compiler-plugin.version>3.11.0</compiler-plugin.version>
@@ -143,38 +143,12 @@ http://www.apache.org/licenses/LICENSE-2.0
             <version>1.7.30</version>
             <scope>test</scope>
         </dependency>
-        <!--
         <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-quarkus-server-app</artifactId>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>2.2</version>
             <scope>test</scope>
         </dependency>
-        -->
-        <!--
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-        </dependency>
-        <dependency>
-        <groupId>ch.qos.logback</groupId>
-        <artifactId>logback-classic</artifactId>
-            <version>1.3.14</version>
-        <scope>test</scope>
-
-    </dependency>-->
-        <!--
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-simple</artifactId>
-            <version>2.0.6.redhat-00001</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>io.github.hakky54</groupId>
-            <artifactId>consolecaptor</artifactId>
-            <version>1.0.3</version>
-            <scope>test</scope>
-        </dependency>-->
         <dependency>
             <groupId>io.github.hakky54</groupId>
             <artifactId>logcaptor</artifactId>

src/main/java/org/keycloak/broker/spid/SpidSAMLEndpoint.java

@@ -79,9 +79,6 @@
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.Consumer;
 import java.util.function.Predicate;
-import java.util.stream.Collectors;
-
-import static org.keycloak.utils.LockObjectsForModification.lockUserSessionsForModification;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -276,10 +273,9 @@ protected Response handleSamlRequest(String samlRequest, String relayState) {
                 }
             }
 
-            if (requestAbstractType instanceof LogoutRequestType) {
+            if (requestAbstractType instanceof LogoutRequestType logout) {
                 logger.debug("** logout request");
                 event.event(EventType.LOGOUT);
-                LogoutRequestType logout = (LogoutRequestType) requestAbstractType;
                 return logoutRequest(logout, relayState);
 
             } else {
@@ -296,14 +292,14 @@ protected Response logoutRequest(LogoutRequestType request, String relayState) {
                 session.sessions().getUserSessionByBrokerUserIdStream(realm, brokerUserId)
                         .filter(userSession -> userSession.getState() != UserSessionModel.State.LOGGING_OUT &&
                                 userSession.getState() != UserSessionModel.State.LOGGED_OUT)
-                        .collect(Collectors.toList()) // collect to avoid concurrent modification as backchannelLogout removes the user sessions.
+                        .toList() // collect to avoid concurrent modification as backchannelLogout removes the user sessions.
                         .forEach(processLogout(ref));
                 request = ref.get();
 
             }  else {
                 for (String sessionIndex : request.getSessionIndex()) {
                     String brokerSessionId = config.getAlias()  + "." + sessionIndex;
-                    UserSessionModel userSession = lockUserSessionsForModification(session, () -> session.sessions().getUserSessionByBrokerSessionId(realm, brokerSessionId));
+                    UserSessionModel userSession = session.sessions().getUserSessionByBrokerSessionId(realm, brokerSessionId);
                     if (userSession != null) {
                         if (userSession.getState() == UserSessionModel.State.LOGGING_OUT || userSession.getState() == UserSessionModel.State.LOGGED_OUT) {
                             continue;
@@ -402,10 +398,10 @@ protected Response handleLoginResponse(String samlResponse, SAMLDocumentHolder h
                     return ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, Messages.INVALID_REQUESTER);
                 }
 
-                Element assertionElement = null;
+                Element assertionElement;
 
                 if (assertionIsEncrypted) {
-                    // This methods writes the parsed and decrypted assertion back on the responseType parameter:
+                    // These methods write the parsed and decrypted assertion back on the responseType parameter:
                     assertionElement = AssertionUtil.decryptAssertion(responseType, keys.getPrivateKey());
                 } else {
                     /* We verify the assertion using original document to handle cases where the IdP
@@ -487,7 +483,7 @@ protected Response handleLoginResponse(String samlResponse, SAMLDocumentHolder h
                 try {
                     String issuerURL = getEntityId(session.getContext().getUri(), realm);
                     cvb.addAllowedAudience(URI.create(issuerURL));
-                    // getDestination has been validated to match request URL already so it matches SAML endpoint
+                    // getDestination has been validated to match request URL already, so it matches SAML endpoint
                     if (responseType.getDestination() != null) {
                         cvb.addAllowedAudience(URI.create(responseType.getDestination()));
                     }
@@ -560,7 +556,7 @@ private AuthenticationSessionModel samlIdpInitiatedSSO(final String clientUrlNam
               .searchClientsByAttributes(realm, Collections.singletonMap(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME, clientUrlName), 0, 1)
               .findFirst();
 
-            if (! oClient.isPresent()) {
+            if (oClient.isEmpty()) {
                 event.error(Errors.CLIENT_NOT_FOUND);
                 Response response = ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND);
                 throw new WebApplicationException(response);
@@ -685,13 +681,6 @@ private String getExpectedDestination(String providerAlias, String clientId) {
         }
     }
 
-    private Response getResponse(String invalidReason, String invalidSamlResponse, String errorDisplayed) {
-        event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
-        event.detail(Details.REASON, invalidReason);
-        event.error(invalidSamlResponse);
-        return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, errorDisplayed);
-    }
-
     protected class PostBinding extends Binding {
         @Override
         protected boolean containsUnencryptedSignature(SAMLDocumentHolder documentHolder) {
@@ -805,13 +794,15 @@ private String getFirstMatchingAttribute(AssertionType assertion, Predicate<Attr
     private String expectedPrincipalType() {
         SamlPrincipalType principalType = config.getPrincipalType();
         switch (principalType) {
-            case SUBJECT:
+            case SUBJECT -> {
                 return principalType.name();
-            case ATTRIBUTE:
-            case FRIENDLY_ATTRIBUTE:
+            }
+            case ATTRIBUTE, FRIENDLY_ATTRIBUTE -> {
                 return String.format("%s(%s)", principalType.name(), config.getPrincipalAttribute());
-            default:
+            }
+            default -> {
                 return null;
+            }
         }
     }