Merge branch 'jacekkow:master' into master

.github/workflows/release.yml

@@ -9,107 +9,12 @@ permissions: {}
 
 jobs:
   build:
-    name: Build
-    runs-on: ubuntu-latest
-    steps:
-      - id: checkout
-        name: Checkout code
-        uses: actions/checkout@v4
-
-      - id: java
-        name: Install Java and Maven
-        uses: actions/setup-java@v4
-        with:
-          distribution: zulu
-          java-version: 17
-
-      - id: vars
-        name: Get project variables
-        run: |
-          echo -n "keycloakVersion=" >> $GITHUB_OUTPUT
-          mvn -q help:evaluate -Dexpression=keycloak.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT
-          echo -n "artifactId=" >> $GITHUB_OUTPUT
-          mvn -q help:evaluate -Dexpression=project.artifactId -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT
-          echo -n "projectName=" >> $GITHUB_OUTPUT
-          mvn -q help:evaluate -Dexpression=project.name -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z :,.-]+$' >> $GITHUB_OUTPUT
-          echo -n "projectVersion=" >> $GITHUB_OUTPUT
-          mvn -q help:evaluate -Dexpression=project.version -DforceStdout 2> /dev/null | grep -E '^[0-9a-zA-Z.-]+$' >> $GITHUB_OUTPUT
-
-      - name: Build project
-        run: |
-          mvn -B test package
-
-      - name: Upload artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: jar
-          path: target/${{ steps.vars.outputs.artifactId }}-${{ steps.vars.outputs.projectVersion }}.jar
-          if-no-files-found: error
-
-    outputs:
-      artifact_id: ${{ steps.vars.outputs.artifactId }}
-      keycloak_version: ${{ steps.vars.outputs.keycloakVersion }}
-      project_name: ${{ steps.vars.outputs.projectName }}
-      project_version: ${{ steps.vars.outputs.projectVersion }}
-
-  test:
-    name: Test
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-      - id: checkout
-        name: Checkout code
-        uses: actions/checkout@v4
-
-      - id: download_artifact
-        name: Download artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: jar
-
-      - id: create_container
-        name: Create Keycloak container
-        run: |
-          docker run -i -t -d -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -p 8080:8080 --name keycloak "quay.io/keycloak/keycloak:${{ needs.build.outputs.keycloak_version }}" start-dev
-
-      - id: deploy
-        name: Deploy artifact
-        run: |
-          CONTAINER="keycloak"
-          NAME="${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar"
-          FILE="/opt/keycloak/providers/${NAME}"
-          docker cp "${NAME}" "${CONTAINER}:${FILE}"
-          docker restart "${CONTAINER}"
-          for i in {1..60}; do
-            if curl --silent --max-time 1 -o /dev/null http://localhost:8080; then
-                echo && echo "Deployment succeeded!" && exit 0
-            else
-                sleep 1
-                echo -n "."
-            fi
-          done
-          echo && echo "Deployment timeout!" && exit 1
-
-      - id: configure_keycloak
-        name: Configure Keycloak
-        run: |
-          CONTAINER="keycloak"
-          docker exec -i "${CONTAINER}" /bin/bash <<EOF
-            /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin --password admin
-            /opt/keycloak/bin/kcadm.sh create clients -r master -s clientId=test -s protocol=cas -s enabled=true -s publicClient=true \
-              -s 'redirectUris=["http://localhost/*"]' -s baseUrl=http://localhost -s adminUrl=http://localhost
-            /opt/keycloak/bin/kcadm.sh get serverinfo -r master --fields "providers(login-protocol(providers(cas)))" | grep cas
-          EOF
-
-      - id: run_tests
-        name: Run tests
-        run: |
-          integrationTest/suite.sh
+    uses: ./.github/workflows/test.yml
 
   release:
     name: Release
     runs-on: ubuntu-latest
-    needs: [build, test]
+    needs: [build]
     permissions:
       contents: write
     steps:
@@ -121,7 +26,7 @@ jobs:
 
       - id: create_release
         name: Create release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           name: ${{ needs.build.outputs.project_name }} ${{ needs.build.outputs.project_version }}
           files: ${{ needs.build.outputs.artifact_id }}-${{ needs.build.outputs.project_version }}.jar

.github/workflows/test.yml

@@ -1,5 +1,15 @@
 on:
   pull_request:
+  workflow_call:
+    outputs:
+      artifact_id:
+        value: ${{ jobs.build.outputs.artifact_id }}
+      keycloak_version:
+        value: ${{ jobs.build.outputs.keycloak_version }}
+      project_name:
+        value: ${{ jobs.build.outputs.project_name }}
+      project_version:
+        value: ${{ jobs.build.outputs.project_version }}
 
 name: Test
 

pom.xml

@@ -22,7 +22,7 @@
 
     <groupId>org.keycloak</groupId>
     <artifactId>keycloak-protocol-cas</artifactId>
-    <version>26.0.0</version>
+    <version>26.0.6</version>
     <name>Keycloak CAS Protocol</name>
     <description />
 
@@ -36,7 +36,7 @@
 
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <maven.compiler.release>17</maven.compiler.release>
-        <project.build.outputTimestamp>1728031754</project.build.outputTimestamp>
+        <project.build.outputTimestamp>1732265490</project.build.outputTimestamp>
     </properties>
 
     <dependencies>
@@ -124,13 +124,13 @@
         <dependency>
             <groupId>org.glassfish.jersey.core</groupId>
             <artifactId>jersey-common</artifactId>
-            <version>3.1.8</version>
+            <version>3.1.9</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>5.14.1</version>
+            <version>5.14.2</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

src/main/java/org/keycloak/protocol/cas/CASLoginProtocol.java

@@ -47,7 +47,7 @@ public class CASLoginProtocol implements LoginProtocol {
     public static final String PROXY_GRANTING_TICKET_IOU_PREFIX = "PGTIOU-";
     public static final String PROXY_GRANTING_TICKET_PREFIX = "PGT-";
     public static final String PROXY_TICKET_PREFIX = "PT-";
-    public static final String SESSION_SERVICE_TICKET = "service_ticket";
+    public static final String SESSION_TICKET = "service_ticket";
 
     public static final String LOGOUT_REDIRECT_URI = "CAS_LOGOUT_REDIRECT_URI";
 
@@ -150,7 +150,7 @@ public Response sendError(ClientModel clientModel, ClientData clientData, Error
     @Override
     public Response backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
         String logoutUrl = clientSession.getRedirectUri();
-        String serviceTicket = clientSession.getNote(CASLoginProtocol.SESSION_SERVICE_TICKET);
+        String serviceTicket = clientSession.getNote(CASLoginProtocol.SESSION_TICKET);
         //check if session is fully authenticated (i.e. serviceValidate has been called)
         if (serviceTicket != null && !serviceTicket.isEmpty()) {
             sendSingleLogoutRequest(logoutUrl, serviceTicket);

src/main/java/org/keycloak/protocol/cas/endpoints/AbstractValidateEndpoint.java

@@ -151,7 +151,7 @@ protected void checkTicket(String ticket, String prefix, boolean requireReauth)
             throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code is expired", Response.Status.BAD_REQUEST);
         }
 
-        clientSession.setNote(prefix, ticket);
+        clientSession.setNote(CASLoginProtocol.SESSION_TICKET, ticket);
 
         if (requireReauth && AuthenticationManager.isSSOAuthentication(clientSession)) {
             event.error(Errors.SESSION_EXPIRED);