Use session ID rather than broker session ID
Closes: #24455 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
This commit is contained in:
parent
495669e7a4
commit
70d0f731f5
5 changed files with 23 additions and 15 deletions
|
@ -18,11 +18,10 @@ package org.keycloak.models.light;
|
|||
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.Profile.Feature;
|
||||
import org.keycloak.common.util.Base64;
|
||||
import org.keycloak.models.ClientScopeModel;
|
||||
import org.keycloak.common.util.SecretGenerator;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelException;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.models.SubjectCredentialManager;
|
||||
|
@ -35,11 +34,11 @@ import com.fasterxml.jackson.annotation.JsonAutoDetect;
|
|||
import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility;
|
||||
import com.fasterxml.jackson.annotation.JsonIncludeProperties;
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.stream.Stream;
|
||||
|
@ -80,17 +79,18 @@ public class LightweightUserAdapter extends AbstractInMemoryUserAdapter {
|
|||
}
|
||||
|
||||
public static String getLightweightUserId(String id) {
|
||||
try {
|
||||
return id == null || id.length() < ID_PREFIX.length()
|
||||
? null
|
||||
: new String(Base64.decode(id.substring(ID_PREFIX.length())), StandardCharsets.UTF_8);
|
||||
} catch (IOException ex) {
|
||||
return null;
|
||||
}
|
||||
: id.substring(ID_PREFIX.length());
|
||||
}
|
||||
|
||||
public LightweightUserAdapter(KeycloakSession session, String id) {
|
||||
super(session, null, ID_PREFIX + Base64.encodeBytes(id.getBytes(StandardCharsets.UTF_8)));
|
||||
super(session, null, ID_PREFIX + (id == null ? SecretGenerator.getInstance().randomString(16) : id));
|
||||
}
|
||||
|
||||
public void setOwningUserSessionId(String id) {
|
||||
this.id = ID_PREFIX + (id == null ? UUID.randomUUID().toString() : id);
|
||||
update();
|
||||
}
|
||||
|
||||
protected LightweightUserAdapter() {
|
||||
|
|
|
@ -37,6 +37,7 @@ import org.keycloak.models.KeycloakSession;
|
|||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.models.light.LightweightUserAdapter;
|
||||
import org.keycloak.models.utils.AuthenticationFlowResolver;
|
||||
import org.keycloak.models.utils.FormMessage;
|
||||
import org.keycloak.protocol.LoginProtocol;
|
||||
|
@ -1069,6 +1070,11 @@ public class AuthenticationProcessor {
|
|||
|
||||
userSession = new UserSessionManager(session).createUserSession(authSession.getParentSession().getId(), realm, authSession.getAuthenticatedUser(), username, connection.getRemoteAddr(), authSession.getProtocol()
|
||||
, remember, brokerSessionId, brokerUserId, persistenceState);
|
||||
|
||||
if (isLightweightUser(userSession.getUser())) {
|
||||
LightweightUserAdapter lua = (LightweightUserAdapter) userSession.getUser();
|
||||
lua.setOwningUserSessionId(userSession.getId());
|
||||
}
|
||||
} else if (userSession.getUser() == null || !AuthenticationManager.isSessionValid(realm, userSession)) {
|
||||
userSession.restartSession(realm, authSession.getAuthenticatedUser(), username, connection.getRemoteAddr(), authSession.getProtocol()
|
||||
, remember, brokerSessionId, brokerUserId);
|
||||
|
|
|
@ -75,7 +75,7 @@ public class IdpCreateUserIfUniqueAuthenticator extends AbstractIdpAuthenticator
|
|||
logger.debugf("Transient brokering requested. Recording user details for account '%s' and from identity provider '%s' .",
|
||||
username, brokerContext.getIdpConfig().getAlias());
|
||||
|
||||
federatedUser = new LightweightUserAdapter(session, brokerContext.getBrokerSessionId());
|
||||
federatedUser = new LightweightUserAdapter(session, context.getAuthenticationSession().getParentSession().getId());
|
||||
federatedUser.setUsername(username);
|
||||
} else if (duplication == null) {
|
||||
logger.debugf("No duplication detected. Creating account for user '%s' and linking with identity provider '%s' .",
|
||||
|
|
|
@ -576,7 +576,7 @@ public class DefaultTokenExchangeProvider implements TokenExchangeProvider {
|
|||
}
|
||||
|
||||
if (context.getIdpConfig().isTransientUsers()) {
|
||||
user = new LightweightUserAdapter(session, UUID.randomUUID().toString());
|
||||
user = new LightweightUserAdapter(session, context.getAuthenticationSession().getParentSession().getId());
|
||||
} else {
|
||||
user = session.users().addUser(realm, username);
|
||||
}
|
||||
|
|
|
@ -230,8 +230,10 @@ public class UsersResource {
|
|||
public UserResource user(final @PathParam("id") String id) {
|
||||
UserModel user = null;
|
||||
if (LightweightUserAdapter.isLightweightUser(id)) {
|
||||
UserSessionModel userSession = session.sessions().getUserSessionByBrokerSessionId(realm, LightweightUserAdapter.getLightweightUserId(id));
|
||||
UserSessionModel userSession = session.sessions().getUserSession(realm, LightweightUserAdapter.getLightweightUserId(id));
|
||||
if (userSession != null) {
|
||||
user = userSession.getUser();
|
||||
}
|
||||
} else {
|
||||
user = session.users().getUserById(realm, id);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue