Example 1 with CookieHelper.getCookie
use of org.keycloak.services.util.CookieHelper.getCookie in project keycloak by keycloak.
the class AuthenticationManager method authenticateIdentityCookie.
public static AuthResult authenticateIdentityCookie(KeycloakSession session, RealmModel realm, boolean checkActive) {
Cookie cookie = CookieHelper.getCookie(session.getContext().getRequestHeaders().getCookies(), KEYCLOAK_IDENTITY_COOKIE);
if (cookie == null || "".equals(cookie.getValue())) {
logger.debugv("Could not find cookie: {0}", KEYCLOAK_IDENTITY_COOKIE);
return null;
}
String tokenString = cookie.getValue();
AuthResult authResult = verifyIdentityToken(session, realm, session.getContext().getUri(), session.getContext().getConnection(), checkActive, false, null, true, tokenString, session.getContext().getRequestHeaders(), VALIDATE_IDENTITY_COOKIE);
if (authResult == null) {
expireIdentityCookie(realm, session.getContext().getUri(), session.getContext().getConnection());
expireOldIdentityCookie(realm, session.getContext().getUri(), session.getContext().getConnection());
return null;
}
authResult.getSession().setLastSessionRefresh(Time.currentTime());
return authResult;
}
Also used :
NewCookie(javax.ws.rs.core.NewCookie)
Cookie(javax.ws.rs.core.Cookie)
CookieHelper.getCookie(org.keycloak.services.util.CookieHelper.getCookie)
Example 2 with CookieHelper.getCookie
use of org.keycloak.services.util.CookieHelper.getCookie in project keycloak by keycloak.
the class AuthenticationManager method expireUserSessionCookie.
public static boolean expireUserSessionCookie(KeycloakSession session, UserSessionModel userSession, RealmModel realm, UriInfo uriInfo, HttpHeaders headers, ClientConnection connection) {
try {
// check to see if any identity cookie is set with the same session and expire it if necessary
Cookie cookie = CookieHelper.getCookie(headers.getCookies(), KEYCLOAK_IDENTITY_COOKIE);
if (cookie == null)
return true;
String tokenString = cookie.getValue();
TokenVerifier<AccessToken> verifier = TokenVerifier.create(tokenString, AccessToken.class).realmUrl(Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName())).checkActive(false).checkTokenType(false).withChecks(VALIDATE_IDENTITY_COOKIE);
String kid = verifier.getHeader().getKeyId();
String algorithm = verifier.getHeader().getAlgorithm().name();
SignatureVerifierContext signatureVerifier = session.getProvider(SignatureProvider.class, algorithm).verifier(kid);
verifier.verifierContext(signatureVerifier);
AccessToken token = verifier.verify().getToken();
UserSessionModel cookieSession = session.sessions().getUserSession(realm, token.getSessionState());
if (cookieSession == null || !cookieSession.getId().equals(userSession.getId()))
return true;
expireIdentityCookie(realm, uriInfo, connection);
return true;
} catch (Exception e) {
return false;
}
}
Also used :
NewCookie(javax.ws.rs.core.NewCookie)
Cookie(javax.ws.rs.core.Cookie)
CookieHelper.getCookie(org.keycloak.services.util.CookieHelper.getCookie)
SignatureProvider(org.keycloak.crypto.SignatureProvider)
UserSessionModel(org.keycloak.models.UserSessionModel)
SignatureVerifierContext(org.keycloak.crypto.SignatureVerifierContext)
AccessToken(org.keycloak.representations.AccessToken)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
AuthenticationFlowException(org.keycloak.authentication.AuthenticationFlowException)
ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)
VerificationException(org.keycloak.common.VerificationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Aggregations
Cookie (javax.ws.rs.core.Cookie)2
NewCookie (javax.ws.rs.core.NewCookie)2
CookieHelper.getCookie (org.keycloak.services.util.CookieHelper.getCookie)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
AuthenticationFlowException (org.keycloak.authentication.AuthenticationFlowException)1
VerificationException (org.keycloak.common.VerificationException)1
SignatureProvider (org.keycloak.crypto.SignatureProvider)1
SignatureVerifierContext (org.keycloak.crypto.SignatureVerifierContext)1
UserSessionModel (org.keycloak.models.UserSessionModel)1
AccessToken (org.keycloak.representations.AccessToken)1
ErrorResponseException (org.keycloak.services.ErrorResponseException)1
ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)1
