From b3b2f68662238d997e9ccdd568d451e4d280de2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Couralet?= Date: Wed, 19 Dec 2018 15:32:35 +0100 Subject: [PATCH] Delete bug fix --- README.md | 4 + .../FranceConnectIdentityProvider.java | 120 ------------------ 2 files changed, 4 insertions(+), 120 deletions(-) diff --git a/README.md b/README.md index 22d6a96..437a86e 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ ou avec une installation locale de keycloak: mvn clean install wildfly:deploy ``` +:warning: Il y avait un problème avec la version `4.8.0.Final` de keycloak, cette dernière n'est pas compatible avec cette extension (la version 4.8.1.Final l'est) --- # keycloak-franceconnect @@ -39,3 +40,6 @@ or with a local install : ``` mvn clean install wildfly:deploy ``` + +:warning: There was a problem with keycloak version `4.8.0.Final`, please use `4.8.1.Final` + diff --git a/src/main/java/fr/insee/keycloak/FranceConnectIdentityProvider.java b/src/main/java/fr/insee/keycloak/FranceConnectIdentityProvider.java index 65b9a41..7e5bed7 100644 --- a/src/main/java/fr/insee/keycloak/FranceConnectIdentityProvider.java +++ b/src/main/java/fr/insee/keycloak/FranceConnectIdentityProvider.java @@ -1,31 +1,18 @@ package fr.insee.keycloak; -import java.io.IOException; -import javax.ws.rs.core.HttpHeaders; -import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; import org.keycloak.broker.oidc.OIDCIdentityProvider; import org.keycloak.broker.oidc.OIDCIdentityProviderConfig; -import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper; -import org.keycloak.broker.provider.BrokeredIdentityContext; -import org.keycloak.broker.provider.IdentityBrokerException; -import org.keycloak.broker.provider.util.SimpleHttp; import org.keycloak.broker.social.SocialIdentityProvider; import org.keycloak.jose.jws.JWSInput; -import org.keycloak.jose.jws.JWSInputException; import org.keycloak.jose.jws.crypto.HMACProvider; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserSessionModel; -import org.keycloak.representations.AccessTokenResponse; -import org.keycloak.representations.IDToken; -import org.keycloak.representations.JsonWebToken; import org.keycloak.services.resources.IdentityBrokerService; import org.keycloak.services.resources.RealmsResource; -import org.keycloak.util.JsonSerialization; -import com.fasterxml.jackson.databind.JsonNode; public class FranceConnectIdentityProvider extends OIDCIdentityProvider implements SocialIdentityProvider { @@ -86,113 +73,6 @@ protected boolean verify(JWSInput jws) { return HMACProvider.verify(jws, getConfig().getClientSecret().getBytes()); } - - @Override - public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, - BrokeredIdentityContext context) { - super.preprocessFederatedIdentity(session, realm, context); - - } - - - private SimpleHttp.Response executeRequest(String url, SimpleHttp request) throws IOException { - SimpleHttp.Response response = request.asResponse(); - if (response.getStatus() != 200) { - String msg = "failed to invoke url [" + url + "]"; - try { - String tmp = response.asString(); - if (tmp != null) - msg = tmp; - - } catch (IOException e) { - - } - throw new IdentityBrokerException("Failed to invoke url [" + url + "]: " + msg); - } - return response; - } - - - @Override - protected BrokeredIdentityContext extractIdentity(AccessTokenResponse tokenResponse, - String accessToken, JsonWebToken idToken) throws IOException { - String id = idToken.getSubject(); - BrokeredIdentityContext identity = new BrokeredIdentityContext(id); - String name = (String) idToken.getOtherClaims().get(IDToken.NAME); - String preferredUsername = - (String) idToken.getOtherClaims().get(getusernameClaimNameForIdToken()); - String email = (String) idToken.getOtherClaims().get(IDToken.EMAIL); - - if (!getConfig().isDisableUserInfoService()) { - String userInfoUrl = getUserInfoUrl(); - if (userInfoUrl != null && !userInfoUrl.isEmpty() - && (id == null || name == null || preferredUsername == null || email == null)) { - - if (accessToken != null) { - SimpleHttp.Response response = executeRequest(userInfoUrl, SimpleHttp - .doGet(userInfoUrl, session).header("Authorization", "Bearer " + accessToken)); - String contentType = response.getFirstHeader(HttpHeaders.CONTENT_TYPE); - JsonNode userInfo; - - if (MediaType.APPLICATION_JSON_TYPE.isCompatible(MediaType.valueOf(contentType))) { - userInfo = response.asJson(); - } else if ("application/jwt".equals(contentType)) { - JWSInput jwsInput; - - try { - jwsInput = new JWSInput(response.asString()); - } catch (JWSInputException cause) { - throw new RuntimeException("Failed to parse JWT userinfo response", cause); - } - - if (verify(jwsInput)) { - userInfo = JsonSerialization.readValue(jwsInput.getContent(), JsonNode.class); - } else { - throw new RuntimeException( - "Failed to verify signature of userinfo response from [" + userInfoUrl + "]."); - } - } else { - throw new RuntimeException("Unsupported content-type [" + contentType - + "] in response from [" + userInfoUrl + "]."); - } - - id = getJsonProperty(userInfo, "sub"); - name = getJsonProperty(userInfo, "name"); - preferredUsername = getUsernameFromUserInfo(userInfo); - email = getJsonProperty(userInfo, "email"); - AbstractJsonUserAttributeMapper.storeUserProfileForMapper(identity, userInfo, - getConfig().getAlias()); - } - } - } - identity.getContextData().put(VALIDATED_ID_TOKEN, idToken); - - identity.setId(id); - identity.setName(name); - identity.setEmail(email); - - identity.setBrokerUserId(getConfig().getAlias() + "." + id); - - if (preferredUsername == null) { - preferredUsername = email; - } - - if (preferredUsername == null) { - preferredUsername = id; - } - - identity.setUsername(preferredUsername); - if (tokenResponse != null && tokenResponse.getSessionState() != null) { - identity.setBrokerSessionId(getConfig().getAlias() + "." + tokenResponse.getSessionState()); - } - if (tokenResponse != null) - identity.getContextData().put(FEDERATED_ACCESS_TOKEN_RESPONSE, tokenResponse); - if (tokenResponse != null) - processAccessTokenResponse(identity, tokenResponse); - return identity; - } - - public String getAuthorizationUrl() { return authorizationUrl; }