libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-1733 added verifySSL checks for 'basic' and 'query' authentication

Browse source
This commit is contained in:
mposolda 2016-07-20 11:04:31 +02:00
parent e03bf6eef6
commit 7571dc07f9
2 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/RequestAuthenticator.java
View file

@ -85,6 +85,7 @@ public abstract class RequestAuthenticator {
log.debug("QueryParamAuth auth FAILED");
return AuthOutcome.FAILED;
} else if (outcome == AuthOutcome.AUTHENTICATED) {
if (verifySSL()) return AuthOutcome.FAILED;
log.debug("QueryParamAuth AUTHENTICATED");
completeAuthentication(queryParamAuth, "KEYCLOAK");
return AuthOutcome.AUTHENTICATED;
@ -102,6 +103,7 @@ public abstract class RequestAuthenticator {
log.debug("BasicAuth FAILED");
return AuthOutcome.FAILED;
} else if (outcome == AuthOutcome.AUTHENTICATED) {
if (verifySSL()) return AuthOutcome.FAILED;
log.debug("BasicAuth AUTHENTICATED");
completeAuthentication(basicAuth, "BASIC");
return AuthOutcome.AUTHENTICATED;

2
examples/basic-auth/README.md
View file

@ -22,7 +22,7 @@ Step 2: Deploy and run the example
curl http://admin:password@localhost:8080/basicauth/service/echo?value=hello
(If we navigate directly to http://localhost:8080/basicauth/service/echo?value=hello, we get "Client is not allowed to initiate browser login with given response_type. Standard flow is disabled for the client.").
(If we navigate directly to http://localhost:8080/basicauth/service/echo?value=hello, we get an error in the browser because the request is not authenticated).
This should result in the value 'hello' being returned as a response.