libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-8509 Improvements to session iframe

Browse source
This commit is contained in:
stianst 2018-10-05 14:47:13 +02:00 committed by Stian Thorgersen
parent 9be8bef575
commit aaa33ad883
3 changed files with 57 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
adapters/oidc/js/src/main/resources/keycloak.js
View file

@ -154,10 +154,14 @@
case 'check-sso': case 'check-sso':
if (loginIframe.enable) { if (loginIframe.enable) {
setupCheckLoginIframe().success(function() { setupCheckLoginIframe().success(function() {
checkLoginIframe().success(function () { checkLoginIframe().success(function (unchanged) {
doLogin(false); if (!unchanged) {
doLogin(false);
} else {
initPromise.setSuccess();
}
}).error(function () { }).error(function () {
initPromise.setSuccess(); initPromise.setError();
}); });
}); });
} else { } else {
@ -191,12 +195,16 @@
if (loginIframe.enable) { if (loginIframe.enable) {
setupCheckLoginIframe().success(function() { setupCheckLoginIframe().success(function() {
checkLoginIframe().success(function () { checkLoginIframe().success(function (unchanged) {
kc.onAuthSuccess && kc.onAuthSuccess(); if (unchanged) {
initPromise.setSuccess(); kc.onAuthSuccess && kc.onAuthSuccess();
initPromise.setSuccess();
scheduleCheckIframe();
} else {
initPromise.setSuccess();
}
}).error(function () { }).error(function () {
setToken(null, null, null); initPromise.setError();
initPromise.setSuccess();
}); });
}); });
} else { } else {
@ -593,6 +601,7 @@
var tokenResponse = JSON.parse(req.responseText); var tokenResponse = JSON.parse(req.responseText);
authSuccess(tokenResponse['access_token'], tokenResponse['refresh_token'], tokenResponse['id_token'], kc.flow === 'standard'); authSuccess(tokenResponse['access_token'], tokenResponse['refresh_token'], tokenResponse['id_token'], kc.flow === 'standard');
scheduleCheckIframe();
} else { } else {
kc.onAuthError && kc.onAuthError(); kc.onAuthError && kc.onAuthError();
promise && promise.setError(); promise && promise.setError();
@ -1076,8 +1085,6 @@
loginIframe.iframeOrigin = authUrl.substring(0, authUrl.indexOf('/', 8)); loginIframe.iframeOrigin = authUrl.substring(0, authUrl.indexOf('/', 8));
} }
promise.setSuccess(); promise.setSuccess();
setTimeout(check, loginIframe.interval * 1000);
} }
var src = kc.endpoints.checkSessionIframe(); var src = kc.endpoints.checkSessionIframe();
@ -1104,31 +1111,38 @@
for (var i = callbacks.length - 1; i >= 0; --i) { for (var i = callbacks.length - 1; i >= 0; --i) {
var promise = callbacks[i]; var promise = callbacks[i];
if (event.data == 'unchanged') { if (event.data == 'error') {
promise.setSuccess();
} else {
promise.setError(); promise.setError();
} else {
promise.setSuccess(event.data == 'unchanged');
} }
} }
}; };
window.addEventListener('message', messageCallback, false); window.addEventListener('message', messageCallback, false);
var check = function() {
checkLoginIframe();
if (kc.token) {
setTimeout(check, loginIframe.interval * 1000);
}
};
return promise.promise; return promise.promise;
} }
function scheduleCheckIframe() {
if (loginIframe.enable) {
if (kc.token) {
setTimeout(function() {
checkLoginIframe().success(function(unchanged) {
if (unchanged) {
scheduleCheckIframe();
}
});
}, loginIframe.interval * 1000);
}
}
}
function checkLoginIframe() { function checkLoginIframe() {
var promise = createPromise(true); var promise = createPromise(true);
if (loginIframe.iframe && loginIframe.iframeOrigin ) { if (loginIframe.iframe && loginIframe.iframeOrigin ) {
var msg = kc.clientId + ' ' + kc.sessionId; var msg = kc.clientId + ' ' + (kc.sessionId ? kc.sessionId : '');
loginIframe.callbackList.push(promise); loginIframe.callbackList.push(promise);
var origin = loginIframe.iframeOrigin; var origin = loginIframe.iframeOrigin;
if (loginIframe.callbackList.length == 1) { if (loginIframe.callbackList.length == 1) {

36
adapters/oidc/js/src/main/resources/login-status-iframe.html
View file

@ -23,9 +23,20 @@
function checkState(clientId, origin, sessionState, callback) { function checkState(clientId, origin, sessionState, callback) {
var cookie = getCookie(); var cookie = getCookie();
if (!cookie) { var checkCookie = function() {
callback('changed'); if (clientId === init.clientId && origin === init.origin) {
} else if (!init) { var c = cookie.split('/');
if (sessionState === c[2]) {
callback('unchanged');
} else {
callback('changed');
}
} else {
callback('error');
}
}
if (!init) {
var req = new XMLHttpRequest(); var req = new XMLHttpRequest();
var url = location.href.split("?")[0] + "/init"; var url = location.href.split("?")[0] + "/init";
@ -41,9 +52,7 @@
clientId: clientId, clientId: clientId,
origin: origin origin: origin
} }
callback('unchanged'); checkCookie();
} else if (req.status === 404) {
callback('changed');
} else { } else {
callback('error'); callback('error');
} }
@ -51,17 +60,14 @@
}; };
req.send(); req.send();
} else { } else if (!cookie) {
if (clientId === init.clientId && origin === init.origin) { if (sessionState != '') {
var c = cookie.split('/'); callback('changed');
if (sessionState === c[2]) {
callback('unchanged');
} else {
callback('changed');
}
} else { } else {
callback('error'); callback('unchanged');
} }
} else {
checkCookie();
} }
} }

2
services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
View file

@ -76,7 +76,7 @@ public class LoginStatusIframeEndpoint {
UriInfo uriInfo = session.getContext().getUri(); UriInfo uriInfo = session.getContext().getUri();
RealmModel realm = session.getContext().getRealm(); RealmModel realm = session.getContext().getRealm();
ClientModel client = session.realms().getClientByClientId(clientId, realm); ClientModel client = session.realms().getClientByClientId(clientId, realm);
if (client != null) { if (client != null && client.isEnabled()) {
Set<String> validWebOrigins = WebOriginsUtils.resolveValidWebOrigins(uriInfo, client); Set<String> validWebOrigins = WebOriginsUtils.resolveValidWebOrigins(uriInfo, client);
validWebOrigins.add(UriUtils.getOrigin(uriInfo.getRequestUri())); validWebOrigins.add(UriUtils.getOrigin(uriInfo.getRequestUri()));
if (validWebOrigins.contains("*") || validWebOrigins.contains(origin)) { if (validWebOrigins.contains("*") || validWebOrigins.contains(origin)) {