libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-7094 Support redirect to external logout page for saml filter adapter

Browse source
This commit is contained in:
vramik 2018-06-14 12:14:57 +02:00 committed by Hynek Mlnařík
parent e638391182
commit 2fcfa5cf71
2 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java
View file

@ -52,6 +52,7 @@ import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import java.util.regex.Pattern;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@ -61,6 +62,7 @@ public class SamlFilter implements Filter {
protected SamlDeploymentContext deploymentContext; protected SamlDeploymentContext deploymentContext;
protected SessionIdMapper idMapper; protected SessionIdMapper idMapper;
private final static Logger log = Logger.getLogger("" + SamlFilter.class); private final static Logger log = Logger.getLogger("" + SamlFilter.class);
private static final Pattern PROTOCOL_PATTERN = Pattern.compile("^[a-zA-Z][a-zA-Z0-9+.-]*:");
@Override @Override
public void init(final FilterConfig filterConfig) throws ServletException { public void init(final FilterConfig filterConfig) throws ServletException {
@ -137,7 +139,7 @@ public class SamlFilter implements Filter {
} }
FilterSamlSessionStore tokenStore = new FilterSamlSessionStore(request, facade, 100000, idMapper); FilterSamlSessionStore tokenStore = new FilterSamlSessionStore(request, facade, 100000, idMapper);
boolean isEndpoint = request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml"); boolean isEndpoint = request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml");
SamlAuthenticator authenticator = null; SamlAuthenticator authenticator;
if (isEndpoint) { if (isEndpoint) {
authenticator = new SamlAuthenticator(facade, deployment, tokenStore) { authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {
@Override @Override
@ -176,9 +178,15 @@ public class SamlFilter implements Filter {
} }
if (outcome == AuthOutcome.LOGGED_OUT) { if (outcome == AuthOutcome.LOGGED_OUT) {
tokenStore.logoutAccount(); tokenStore.logoutAccount();
if (deployment.getLogoutPage() != null) { String logoutPage = deployment.getLogoutPage();
RequestDispatcher disp = req.getRequestDispatcher(deployment.getLogoutPage()); if (logoutPage != null) {
if (PROTOCOL_PATTERN.matcher(logoutPage).find()) {
response.sendRedirect(logoutPage);
log.log(Level.FINE, "Redirected to logout page {0}", logoutPage);
} else {
RequestDispatcher disp = req.getRequestDispatcher(logoutPage);
disp.forward(req, res); disp.forward(req, res);
}
return; return;
} }
chain.doFilter(req, res); chain.doFilter(req, res);

2
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
View file

@ -271,7 +271,7 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
"org.keycloak.adapters.saml.jbossweb.infinispan.InfinispanSessionCacheIdMapperUpdater"); "org.keycloak.adapters.saml.jbossweb.infinispan.InfinispanSessionCacheIdMapperUpdater");
} }
if (testClass.getJavaClass().isAnnotationPresent(UseServletFilter.class)) { if (testClass.getJavaClass().isAnnotationPresent(UseServletFilter.class) && archive.contains(JBOSS_DEPLOYMENT_XML_PATH)) {
addFilterDependencies(archive, testClass); addFilterDependencies(archive, testClass);