libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #1458 from patriot1burke/master

Browse source 
idp initiated relaystate query param
This commit is contained in:
Bill Burke 2015-07-16 10:34:12 -04:00
commit 5695677873
5 changed files with 13 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docbook/reference/en/en-US/modules/saml.xml
View file

@ -194,7 +194,8 @@
with no whitespace in it. After this you can reference your client at the following URL: <literal>root/auth/realms/{realm}/protocol/saml/clients/{url-name}</literal> with no whitespace in it. After this you can reference your client at the following URL: <literal>root/auth/realms/{realm}/protocol/saml/clients/{url-name}</literal>
</para> </para>
<para> <para>
If your client requires a special relay state, you can also configure this in the admin console. If your client requires a special relay state, you can also configure this in the admin console. Alternatively, you can specify the relay state in a
<literal>RelayState</literal> query parameter, i.e. : <literal>root/auth/realms/{realm}/protocol/saml/clients/{url-name}?RelayState=thestate</literal>
</para> </para>
</section> </section>
</chapter> </chapter>

7
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
View file

@ -561,7 +561,8 @@ public class SamlService {
@GET @GET
@Path("clients/{client}") @Path("clients/{client}")
@Produces(MediaType.TEXT_HTML) @Produces(MediaType.TEXT_HTML)
public Response idpInitiatedSSO(@PathParam("client") String clientUrlName) { public Response idpInitiatedSSO(@PathParam("client") String clientUrlName,
@QueryParam("RelayState") String relayState) {
event.event(EventType.LOGIN); event.event(EventType.LOGIN);
ClientModel client = null; ClientModel client = null;
for (ClientModel c : realm.getClients()) { for (ClientModel c : realm.getClients()) {
@ -609,7 +610,9 @@ public class SamlService {
clientSession.setNote(SamlProtocol.SAML_IDP_INITIATED_LOGIN, "true"); clientSession.setNote(SamlProtocol.SAML_IDP_INITIATED_LOGIN, "true");
clientSession.setRedirectUri(redirect); clientSession.setRedirectUri(redirect);
String relayState = client.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_RELAY_STATE); if (relayState == null) {
relayState = client.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_RELAY_STATE);
}
if (relayState != null && !relayState.trim().equals("")) { if (relayState != null && !relayState.trim().equals("")) {
clientSession.setNote(GeneralConstants.RELAY_STATE, relayState); clientSession.setNote(GeneralConstants.RELAY_STATE, relayState);
} }

1
services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java
View file

@ -55,6 +55,7 @@ public class OIDCLoginProtocol implements LoginProtocol {
public static final String GRANT_TYPE_PARAM = "grant_type"; public static final String GRANT_TYPE_PARAM = "grant_type";
public static final String REDIRECT_URI_PARAM = "redirect_uri"; public static final String REDIRECT_URI_PARAM = "redirect_uri";
public static final String CLIENT_ID_PARAM = "client_id"; public static final String CLIENT_ID_PARAM = "client_id";
public static final String NONCE_PARAM = "nonce";
public static final String PROMPT_PARAM = "prompt"; public static final String PROMPT_PARAM = "prompt";
public static final String LOGIN_HINT_PARAM = "login_hint"; public static final String LOGIN_HINT_PARAM = "login_hint";
public static final String LOGOUT_REDIRECT_URI = "OIDC_LOGOUT_REDIRECT_URI"; public static final String LOGOUT_REDIRECT_URI = "OIDC_LOGOUT_REDIRECT_URI";

2
services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
View file

@ -324,6 +324,7 @@ public class TokenManager {
token.issuedNow(); token.issuedNow();
token.issuedFor(client.getClientId()); token.issuedFor(client.getClientId());
token.issuer(clientSession.getNote(OIDCLoginProtocol.ISSUER)); token.issuer(clientSession.getNote(OIDCLoginProtocol.ISSUER));
token.setNonce(clientSession.getNote(OIDCLoginProtocol.NONCE_PARAM));
if (session != null) { if (session != null) {
token.setSessionState(session.getId()); token.setSessionState(session.getId());
} }
@ -434,6 +435,7 @@ public class TokenManager {
idToken.issuedNow(); idToken.issuedNow();
idToken.issuedFor(accessToken.getIssuedFor()); idToken.issuedFor(accessToken.getIssuedFor());
idToken.issuer(accessToken.getIssuer()); idToken.issuer(accessToken.getIssuer());
idToken.setNonce(accessToken.getNonce());
idToken.setSessionState(accessToken.getSessionState()); idToken.setSessionState(accessToken.getSessionState());
if (realm.getAccessTokenLifespan() > 0) { if (realm.getAccessTokenLifespan() > 0) {
idToken.expiration(Time.currentTime() + realm.getAccessTokenLifespan()); idToken.expiration(Time.currentTime() + realm.getAccessTokenLifespan());

3
services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
View file

@ -79,6 +79,7 @@ public class AuthorizationEndpoint {
private String scope; private String scope;
private String loginHint; private String loginHint;
private String prompt; private String prompt;
private String nonce;
private String idpHint; private String idpHint;
private String legacyResponseType; private String legacyResponseType;
@ -102,6 +103,7 @@ public class AuthorizationEndpoint {
loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM); loginHint = params.getFirst(OIDCLoginProtocol.LOGIN_HINT_PARAM);
prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM); prompt = params.getFirst(OIDCLoginProtocol.PROMPT_PARAM);
idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT); idpHint = params.getFirst(AdapterConstants.KC_IDP_HINT);
nonce = params.getFirst(OIDCLoginProtocol.NONCE_PARAM);
checkSsl(); checkSsl();
checkRealm(); checkRealm();
@ -225,6 +227,7 @@ public class AuthorizationEndpoint {
clientSession.setNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())); clientSession.setNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
if (state != null) clientSession.setNote(OIDCLoginProtocol.STATE_PARAM, state); if (state != null) clientSession.setNote(OIDCLoginProtocol.STATE_PARAM, state);
if (nonce != null) clientSession.setNote(OIDCLoginProtocol.NONCE_PARAM, nonce);
if (scope != null) clientSession.setNote(OIDCLoginProtocol.SCOPE_PARAM, scope); if (scope != null) clientSession.setNote(OIDCLoginProtocol.SCOPE_PARAM, scope);
if (loginHint != null) clientSession.setNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, loginHint); if (loginHint != null) clientSession.setNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, loginHint);
if (prompt != null) clientSession.setNote(OIDCLoginProtocol.PROMPT_PARAM, prompt); if (prompt != null) clientSession.setNote(OIDCLoginProtocol.PROMPT_PARAM, prompt);