public String getApplicationsUrl() { return Urls.accountApplicationsPage(baseQueryURI, realm).toString(); }
public String getSocialUrl() { return Urls.accountFederatedIdentityPage(baseQueryURI, realm).toString(); }
public String getLogUrl() { return Urls.accountLogPage(baseQueryURI, realm).toString(); }
@POST @Consumes("text/xml;charset=utf-8") @Produces("text/xml;charset=utf-8") public Response validate(String input) { MultivaluedMap<String, String> queryParams = request.getUri().getQueryParameters(); try { String soapAction = Optional.ofNullable(request.getHttpHeaders().getHeaderString("SOAPAction")).map(s -> s.trim().replace("\"", "")).orElse(""); if (!soapAction.equals("http://www.oasis-open.org/committees/security")) { throw new CASValidationException(CASErrorCode.INTERNAL_ERROR, "Not a validation request", Response.Status.BAD_REQUEST); } String service = queryParams.getFirst(TARGET_PARAM); boolean renew = queryParams.containsKey(CASLoginProtocol.RENEW_PARAM); checkRealm(); checkSsl(); checkClient(service); String issuer = Urls.realmIssuer(request.getUri().getBaseUri(), realm.getName()); String ticket = getTicket(input); checkTicket(ticket, renew); UserModel user = clientSession.getUserSession().getUser(); Map<String, Object> attributes = getUserAttributes(); SAML11ResponseType response = SamlResponseHelper.successResponse(issuer, user.getUsername(), attributes); return Response.ok(SamlResponseHelper.soap(response)).build(); } catch (CASValidationException ex) { logger.warnf("Invalid SAML1.1 token %s", ex.getErrorDescription()); SAML11ResponseType response = SamlResponseHelper.errorResponse(ex); return Response.ok().entity(SamlResponseHelper.soap(response)).build(); } }
public String getAccountUrl() { return Urls.accountPage(baseQueryURI, realm).toString(); }
public String getLogoutUrl() { return Urls.accountLogout(baseQueryURI, currentURI, realm).toString(); }
public String getSessionsLogoutUrl() { return Urls.accountSessionsLogoutPage(baseQueryURI, realm, stateChecker).toString(); }
public String getPasswordUrl() { return Urls.accountPasswordPage(baseQueryURI, realm).toString(); }
public String getRevokeClientUrl() { return Urls.accountRevokeClientPage(baseQueryURI, realm).toString(); }
public AccountFederatedIdentityBean(KeycloakSession session, RealmModel realm, UserModel user, URI baseUri, String stateChecker) { this.session = session; URI accountIdentityUpdateUri = Urls.accountFederatedIdentityUpdate(baseUri, realm.getName()); List<IdentityProviderModel> identityProviders = realm.getIdentityProviders(); Set<FederatedIdentityModel> identities = session.users().getFederatedIdentities(user, realm); Set<FederatedIdentityEntry> orderedSet = new TreeSet<>(IdentityProviderComparator.INSTANCE); int availableIdentities = 0; if (identityProviders != null && !identityProviders.isEmpty()) { for (IdentityProviderModel provider : identityProviders) { String providerId = provider.getAlias(); FederatedIdentityModel identity = getIdentity(identities, providerId); if (identity != null) { availableIdentities++; } String action = identity != null ? "remove" : "add"; String actionUrl = UriBuilder.fromUri(accountIdentityUpdateUri) .queryParam("action", action) .queryParam("provider_id", providerId) .queryParam("stateChecker", stateChecker) .build().toString(); FederatedIdentityEntry entry = new FederatedIdentityEntry(identity, provider.getAlias(), provider.getAlias(), actionUrl, provider.getConfig() != null ? provider.getConfig().get("guiOrder") : null); orderedSet.add(entry); } } this.identities = new LinkedList<FederatedIdentityEntry>(orderedSet); // Removing last social provider is not possible if you don't have other possibility to authenticate this.removeLinkPossible = availableIdentities > 1 || user.getFederationLink() != null || AccountService.isPasswordSet(user); }
private AccessToken verifyRSAToken(RealmModel realm, String tokenString, URI baseUri, KeycloakSession keycloakSession) throws VerificationException { AccessToken token; RSATokenVerifier verifier = RSATokenVerifier.create(tokenString) .realmUrl(Urls.realmIssuer(baseUri, realm.getName())); String kid = verifier.getHeader().getKeyId(); verifier.publicKey(keycloakSession.keys().getRsaPublicKey(realm, kid)); token = verifier.verify().getToken(); return token; } }