Honor turnOffChangeSessionIdOnLogin in SAML adapter (#185)
Closes keycloak/keycloak-private#183 Signed-off-by: rmartinc <rmartinc@redhat.com>
This commit is contained in:
parent
75973157aa
commit
9c780e9190
3 changed files with 10 additions and 6 deletions
|
@ -31,13 +31,9 @@ import org.keycloak.adapters.saml.SamlUtil;
|
|||
import org.keycloak.adapters.spi.SessionIdMapper;
|
||||
import org.keycloak.adapters.spi.SessionIdMapperUpdater;
|
||||
import org.keycloak.common.util.KeycloakUriBuilder;
|
||||
import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
|
||||
import org.wildfly.security.http.HttpScope;
|
||||
import org.wildfly.security.http.Scope;
|
||||
|
||||
import javax.xml.datatype.DatatypeConstants;
|
||||
import javax.xml.datatype.XMLGregorianCalendar;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
|
@ -174,8 +170,12 @@ public class ElytronSamlSessionStore implements SamlSessionStore, ElytronTokeSto
|
|||
}
|
||||
|
||||
protected String changeSessionId(HttpScope session) {
|
||||
if (!deployment.turnOffChangeSessionIdOnLogin()) return session.getID();
|
||||
else return session.getID();
|
||||
if (!deployment.turnOffChangeSessionIdOnLogin()) {
|
||||
if (!session.supportsChangeID() || !session.changeID()) {
|
||||
log.debug("Session ID cannot be changed although turnOffChangeSessionIdOnLogin is set to false");
|
||||
}
|
||||
}
|
||||
return session.getID();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -40,6 +40,7 @@ public class InputServlet extends HttpServlet {
|
|||
String appBase = ServletTestUtils.getUrlBase();
|
||||
String actionUrl = appBase + "/input-portal/secured/post";
|
||||
|
||||
req.getSession(true);
|
||||
if (req.getRequestURI().endsWith("insecure")) {
|
||||
if (System.getProperty("insecure.user.principal.unsupported") == null) Assert.assertNotNull(req.getUserPrincipal());
|
||||
resp.setContentType("text/html");
|
||||
|
@ -65,6 +66,7 @@ public class InputServlet extends HttpServlet {
|
|||
|
||||
@Override
|
||||
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
||||
req.getSession(true);
|
||||
if (!FORM_URLENCODED.equals(req.getContentType())) {
|
||||
resp.setStatus(HttpServletResponse.SC_BAD_REQUEST);
|
||||
PrintWriter pw = resp.getWriter();
|
||||
|
|
|
@ -1133,6 +1133,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
|
|||
public void testSavedPostRequest() {
|
||||
inputPortalPage.navigateTo();
|
||||
assertCurrentUrlStartsWith(inputPortalPage);
|
||||
String sessionId = driver.manage().getCookieNamed("JSESSIONID").getValue();
|
||||
inputPortalPage.execute("hello");
|
||||
|
||||
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
|
||||
|
@ -1143,6 +1144,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
|
|||
// test that user principal and KeycloakSecurityContext available
|
||||
driver.navigate().to(inputPortalPage + "/insecure");
|
||||
waitUntilElement(By.xpath("//body")).text().contains("Insecure Page");
|
||||
Assert.assertNotEquals("SessionID has not been changed at login", sessionId, driver.manage().getCookieNamed("JSESSIONID").getValue());
|
||||
|
||||
if (System.getProperty("insecure.user.principal.unsupported") == null) waitUntilElement(By.xpath("//body")).text().contains("UserPrincipal");
|
||||
|
||||
|
|
Loading…
Reference in a new issue