You are here

Home » API reference » Keycloak OpenID Connect 8 » KeycloakRequestSubscriber.php » KeycloakRequestSubscriber

public function KeycloakRequestSubscriber::onKernelRequestCheckKeycloakRedirect in Keycloak OpenID Connect 8

Redirects keycloak logout requests to Keycloak.

Parameters

\Symfony\Component\HttpKernel\Event\GetResponseEvent $event: The event to process.

File

src/EventSubscriber/KeycloakRequestSubscriber.php, line 75

Class

KeycloakRequestSubscriber
Redirect subscriber for controller requests.

Namespace

Drupal\keycloak\EventSubscriber

Code

public function onKernelRequestCheckKeycloakRedirect(GetResponseEvent $event) {

  // Whether Keycloak is enabled and configured for RP initiated
  // Single Sign-Out.
  if (!$this->keycloak
    ->isKeycloakSignOutEnabled()) {
    return;
  }
  $request = clone $event
    ->getRequest();

  // Whether the request is not a GET or redirect request.
  if (!($request
    ->isMethod('GET') || $request
    ->isMethod('HEAD'))) {
    return;
  }

  // Whether the path of the request doesn't match our
  // keycloak.logout route.
  $path = $this->pathProcessor
    ->processInbound($request
    ->getPathInfo(), $request);
  $language_none = $this->languageManager
    ->getLanguage(LanguageInterface::LANGCODE_NOT_APPLICABLE);
  $pattern = Url::fromRoute('keycloak.logout', [], [
    'language' => $language_none,
  ])
    ->toString();
  if (!$this->pathMatcher
    ->matchPath($path, $pattern)) {
    return;
  }

  // Extract query parameters.
  parse_str($request
    ->getQueryString(), $request_query);

  // Whether this is not a Keycloak Single Sign-Out request.
  if (empty($request_query['id_token_hint'])) {
    return;
  }

  // Construct the Keycloak end session endpoint parameters.
  $query = [
    'state' => OpenIDConnectStateToken::create(),
  ] + $request_query;

  // Whether to add language parameter. This is only needed,
  // if Keycloak is configured to ask the user for logout
  // confirmation.
  if ($this->keycloak
    ->isI18nEnabled()) {

    // Get current language.
    $langcode = $this->languageManager
      ->getCurrentLanguage()
      ->getId();

    // Map Drupal language code to Keycloak language identifier.
    // This is required for some languages, as Drupal uses IETF
    // script codes, while Keycloak may use IETF region codes.
    $languages = $this->keycloak
      ->getI18nMapping();
    if (!empty($languages[$langcode])) {
      $langcode = $languages[$langcode]['locale'];
    }

    // Add parameter to request query, so the Keycloak login/register
    // pages will load using the right locale.
    $query['kc_locale'] = $langcode;
  }

  // Generate the endpoint URL including parameters.
  $sign_out_endpoint = Url::fromUri($this->keycloak
    ->getKeycloakSignOutEndpoint(), [
    'query' => $query,
  ])
    ->toString(TRUE)
    ->getGeneratedUrl();

  // Alter the response to redirect to the endpoint.
  $response = new TrustedRedirectResponse($sign_out_endpoint, 302);
  $event
    ->setResponse($response);
}