@POST @Consumes("text/xml;charset=utf-8") @Produces("text/xml;charset=utf-8") public Response validate(String input) { MultivaluedMap<String, String> queryParams = request.getUri().getQueryParameters(); try { String soapAction = Optional.ofNullable(request.getHttpHeaders().getHeaderString("SOAPAction")).map(s -> s.trim().replace("\"", "")).orElse(""); if (!soapAction.equals("http://www.oasis-open.org/committees/security")) { throw new CASValidationException(CASErrorCode.INTERNAL_ERROR, "Not a validation request", Response.Status.BAD_REQUEST); } String service = queryParams.getFirst(TARGET_PARAM); boolean renew = queryParams.containsKey(CASLoginProtocol.RENEW_PARAM); checkRealm(); checkSsl(); checkClient(service); String issuer = Urls.realmIssuer(request.getUri().getBaseUri(), realm.getName()); String ticket = getTicket(input); checkTicket(ticket, renew); UserModel user = clientSession.getUserSession().getUser(); Map<String, Object> attributes = getUserAttributes(); SAML11ResponseType response = SamlResponseHelper.successResponse(issuer, user.getUsername(), attributes); return Response.ok(SamlResponseHelper.soap(response)).build(); } catch (CASValidationException ex) { logger.warnf("Invalid SAML1.1 token %s", ex.getErrorDescription()); SAML11ResponseType response = SamlResponseHelper.errorResponse(ex); return Response.ok().entity(SamlResponseHelper.soap(response)).build(); } }
private AccessToken verifyRSAToken(RealmModel realm, String tokenString, URI baseUri, KeycloakSession keycloakSession) throws VerificationException { AccessToken token; RSATokenVerifier verifier = RSATokenVerifier.create(tokenString) .realmUrl(Urls.realmIssuer(baseUri, realm.getName())); String kid = verifier.getHeader().getKeyId(); verifier.publicKey(keycloakSession.keys().getRsaPublicKey(realm, kid)); token = verifier.verify().getToken(); return token; } }