From 082ebe80435389fc4a36f401e7ff5e4be3b0261a Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Tue, 5 May 2015 13:58:07 -0400 Subject: [PATCH] no backchannel if state --- .../main/java/org/keycloak/broker/saml/SAMLEndpoint.java | 6 ++++++ .../keycloak/models/sessions/jpa/UserSessionAdapter.java | 2 ++ .../keycloak/protocol/oidc/endpoints/LogoutEndpoint.java | 5 ++++- .../testsuite/broker/AbstractIdentityProviderTest.java | 1 + .../broker/SAMLKeyCloakServerBrokerWithSignatureTest.java | 5 +++++ .../test/resources/broker-test/test-realm-with-broker.json | 2 +- 6 files changed, 19 insertions(+), 2 deletions(-) diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java index 4c9e655ff9..1977bd3a63 100755 --- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java +++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java @@ -215,6 +215,9 @@ public class SAMLEndpoint { if (request.getSessionIndex() == null || request.getSessionIndex().isEmpty()) { List userSessions = session.sessions().getUserSessionByBrokerUserId(realm, brokerUserId); for (UserSessionModel userSession : userSessions) { + if (userSession.getState() == UserSessionModel.State.LOGGING_OUT || userSession.getState() == UserSessionModel.State.LOGGED_OUT) { + continue; + } try { AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, false); } catch (Exception e) { @@ -227,6 +230,9 @@ public class SAMLEndpoint { String brokerSessionId = brokerUserId + "." + sessionIndex; UserSessionModel userSession = session.sessions().getUserSessionByBrokerSessionId(realm, brokerSessionId); if (userSession != null) { + if (userSession.getState() == UserSessionModel.State.LOGGING_OUT || userSession.getState() == UserSessionModel.State.LOGGED_OUT) { + continue; + } try { AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, false); } catch (Exception e) { diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UserSessionAdapter.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UserSessionAdapter.java index 28d466300e..5b0b87ec00 100755 --- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UserSessionAdapter.java +++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UserSessionAdapter.java @@ -104,6 +104,7 @@ public class UserSessionAdapter implements UserSessionModel { attr.setUserSession(entity); em.persist(attr); entity.getNotes().add(attr); + em.flush(); } @Override @@ -116,6 +117,7 @@ public class UserSessionAdapter implements UserSessionModel { em.remove(attr); } } + em.flush(); } @Override diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java index efc2f46ff6..25ccda58ee 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LogoutEndpoint.java @@ -123,7 +123,10 @@ public class LogoutEndpoint { if (redirect != null) userSession.setNote(OIDCLoginProtocol.LOGOUT_REDIRECT_URI, redirect); if (state != null) userSession.setNote(OIDCLoginProtocol.LOGOUT_STATE_PARAM, state); userSession.setNote(AuthenticationManager.KEYCLOAK_LOGOUT_PROTOCOL, OIDCLoginProtocol.LOGIN_PROTOCOL); - return AuthenticationManager.browserLogout(session, realm, authResult.getSession(), uriInfo, clientConnection, headers); + logger.debug("Initiating OIDC browser logout"); + Response response = AuthenticationManager.browserLogout(session, realm, authResult.getSession(), uriInfo, clientConnection, headers); + logger.debug("finishing OIDC browser logout"); + return response; } else if (userSession != null) { // non browser logout event.event(EventType.LOGOUT); authManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java index 72e743bf5a..b9b45a9244 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java @@ -391,6 +391,7 @@ public abstract class AbstractIdentityProviderTest { // Logout from account management String pageSource = driver.getPageSource(); + System.out.println("*** logout from account management"); accountFederatedIdentityPage.logout(); assertTrue(driver.getTitle().equals("Log in to realm-with-broker")); assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth")); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java index 1f36c9fc98..821fc0e51a 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java @@ -97,4 +97,9 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP public void testTokenStorageAndRetrievalByApplication() { super.testTokenStorageAndRetrievalByApplication(); } + + @Test + public void testAccountManagementLinkIdentity() { + super.testAccountManagementLinkIdentity(); + } } diff --git a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json index 13f197af6d..009fda5e54 100755 --- a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json +++ b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json @@ -121,7 +121,7 @@ "validateSignature": true, "postBindingResponse": true, "postBindingAuthnRequest": true, - "backchannelSupported": false + "backchannelSupported": true } }, {