update for Keycloak 3.4.3, version now matches Keycloak version

.travis.yml

@@ -13,12 +13,6 @@ services:
   - docker
 
 env:
-#  - KEYCLOAK_VERSION=2.5.5.Final
-#  - KEYCLOAK_VERSION=3.0.0.Final
-#  - KEYCLOAK_VERSION=3.1.0.Final
-  - KEYCLOAK_VERSION=3.2.1.Final
-  - KEYCLOAK_VERSION=3.3.0.Final
-  - KEYCLOAK_VERSION=3.4.0.Final
   - KEYCLOAK_VERSION=3.4.3.Final
 
 before_install:

integrationTest/suite.sh

@@ -12,7 +12,7 @@ get_ticket() {
         exit 1
     fi
 
-    login_url=${BASH_REMATCH[1]}
+    login_url=${BASH_REMATCH[1]//&/&}
     redirect_response=$(curl --fail --silent -D - -b /tmp/cookies --data 'username=admin&password=admin' "$login_url")
     if [[ !($redirect_response =~ $ticket_pattern) ]] ; then
         echo "No service ticket found in response"

pom.xml

@@ -22,12 +22,12 @@
 
     <groupId>org.keycloak</groupId>
     <artifactId>keycloak-protocol-cas</artifactId>
-    <version>2.1.1-SNAPSHOT</version>
+    <version>3.4.3</version>
     <name>Keycloak CAS Protocol</name>
     <description />
 
     <properties>
-        <keycloak.version>3.2.0.Final</keycloak.version>
+        <keycloak.version>${project.version}.Final</keycloak.version>
         <jboss.logging.version>3.3.0.Final</jboss.logging.version>
         <jboss.logging.tools.version>2.0.1.Final</jboss.logging.tools.version>
         <junit.version>4.12</junit.version>

src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java

@@ -12,13 +12,11 @@
 import org.keycloak.services.managers.ClientSessionCode;
 import org.keycloak.services.managers.ResourceAdminManager;
 import org.keycloak.sessions.AuthenticationSessionModel;
-import org.keycloak.sessions.CommonClientSessionModel;
 
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
 import java.io.IOException;
-import java.lang.reflect.Method;
 import java.net.URI;
 
 public class CASLoginProtocol implements LoginProtocol {
@@ -93,16 +91,7 @@ public Response authenticated(UserSessionModel userSession, AuthenticatedClientS
         String service = clientSession.getRedirectUri();
         //TODO validate service
 
-        String code;
-        try {
-            // Keycloak >3.4 branch: Method getCode was renamed to getOrGenerateCode, CODE_TO_TOKEN was removed
-            Method getOrGenerateCode = ClientSessionCode.class.getMethod("getOrGenerateCode");
-            code = (String) getOrGenerateCode.invoke(accessCode);
-        } catch (ReflectiveOperationException e) {
-            // Keycloak <=3.3 branch
-            accessCode.setAction(CommonClientSessionModel.Action.CODE_TO_TOKEN.name());
-            code = accessCode.getCode();
-        }
+        String code = accessCode.getOrGenerateCode();
         KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(service);
         uriBuilder.queryParam(TICKET_RESPONSE_PARAM, SERVICE_TICKET_PREFIX + code);
 

src/main/java/org/keycloak/protocol/cas/endpoints/AuthorizationEndpoint.java

@@ -42,12 +42,7 @@ public Response build() {
         checkRealm();
         checkClient(service);
 
-        AuthorizationEndpointChecks checks = getOrCreateAuthenticationSession(client, null);
-        if (checks.response != null) {
-            return checks.response;
-        }
-
-        authenticationSession = checks.authSession;
+        authenticationSession = createAuthenticationSession(client, null);
         updateAuthenticationSession();
 
         // So back button doesn't work
@@ -64,7 +59,7 @@ public Response build() {
     private void checkClient(String service) {
         if (service == null) {
             event.error(Errors.INVALID_REQUEST);
-            throw new ErrorPageException(session, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM);
+            throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM);
         }
 
         client = realm.getClients().stream()
@@ -73,12 +68,12 @@ private void checkClient(String service) {
                 .findFirst().orElse(null);
         if (client == null) {
             event.error(Errors.CLIENT_NOT_FOUND);
-            throw new ErrorPageException(session, Messages.CLIENT_NOT_FOUND);
+            throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND);
         }
 
         if (!client.isEnabled()) {
             event.error(Errors.CLIENT_DISABLED);
-            throw new ErrorPageException(session, Messages.CLIENT_DISABLED);
+            throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED);
         }
 
         redirectUri = RedirectUtils.verifyRedirectUri(uriInfo, service, realm, client);
@@ -94,9 +89,4 @@ private void updateAuthenticationSession() {
         authenticationSession.setRedirectUri(redirectUri);
         authenticationSession.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
     }
-
-    @Override
-    protected boolean isNewRequest(AuthenticationSessionModel authSession, ClientModel clientFromRequest, String requestState) {
-        return true;
-    }
 }

src/main/java/org/keycloak/protocol/cas/endpoints/LogoutEndpoint.java

@@ -66,7 +66,7 @@ public Response logout(@QueryParam(CASLoginProtocol.SERVICE_PARAM) String servic
             logger.debug("finishing CAS browser logout");
             return response;
         }
-        return ErrorPage.error(session, Messages.FAILED_LOGOUT);
+        return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.FAILED_LOGOUT);
     }
 
     private void checkClient(String service) {

src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java

@@ -18,7 +18,6 @@
 
 import javax.ws.rs.GET;
 import javax.ws.rs.core.*;
-import java.lang.reflect.Method;
 
 public class ValidateEndpoint {
     protected static final Logger logger = Logger.getLogger(ValidateEndpoint.class);
@@ -137,46 +136,24 @@ private void checkTicket(String ticket, boolean requireReauth) {
             event.detail(Details.CODE_ID, parts[2]);
         }
 
-        ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult;
-        try {
-            // Keycloak >3.4 branch: Parameter event was added to ClientSessionCode.parseResult
-            Method parseResultMethod = ClientSessionCode.class.getMethod("parseResult",
-                    String.class, KeycloakSession.class, RealmModel.class, EventBuilder.class, Class.class);
-            parseResult = (ClientSessionCode.ParseResult<AuthenticatedClientSessionModel>) parseResultMethod.invoke(
-                    null, code, session, realm, event, AuthenticatedClientSessionModel.class);
-        } catch (ReflectiveOperationException e) {
-            // Keycloak <=3.3 branch
-            parseResult = ClientSessionCode.parseResult(code, session, realm, AuthenticatedClientSessionModel.class);
-        }
+        ClientSessionCode.ParseResult<AuthenticatedClientSessionModel> parseResult = ClientSessionCode.parseResult(code, null, session, realm, client, event, AuthenticatedClientSessionModel.class);
         if (parseResult.isAuthSessionNotFound() || parseResult.isIllegalHash()) {
             event.error(Errors.INVALID_CODE);
 
             // Attempt to use same code twice should invalidate existing clientSession
             AuthenticatedClientSessionModel clientSession = parseResult.getClientSession();
             if (clientSession != null) {
-                clientSession.setUserSession(null);
+                clientSession.detachFromUserSession();
             }
 
             throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST);
         }
 
         clientSession = parseResult.getClientSession();
 
-        try {
-            // Keycloak >3.4 branch: Method isExpiredToken was added
-            Method isExpiredToken = ClientSessionCode.ParseResult.class.getMethod("isExpiredToken");
-            if ((Boolean) isExpiredToken.invoke(parseResult)) {
-                event.error(Errors.EXPIRED_CODE);
-                throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
-            }
-        } catch (ReflectiveOperationException e) {
-            // Keycloak <=3.3 branch
-            if (!parseResult.getCode().isValid(AuthenticatedClientSessionModel.Action.CODE_TO_TOKEN.name(), ClientSessionCode.ActionType.CLIENT)) {
-                event.error(Errors.INVALID_CODE);
-                throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
-            }
-
-            parseResult.getCode().setAction(null);
+        if (parseResult.isExpiredToken()) {
+            event.error(Errors.EXPIRED_CODE);
+            throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
         }
 
         clientSession.setNote(CASLoginProtocol.SESSION_SERVICE_TICKET, ticket);