OnlineTicket 优化

maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -17,6 +17,7 @@
 
 package org.maxkey.authn;
 
+import org.maxkey.authn.online.OnlineTicketServices;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.configuration.ApplicationConfig;
@@ -61,6 +62,10 @@ public abstract class AbstractAuthenticationProvider {
     @Qualifier("remeberMeService")
     protected AbstractRemeberMeService remeberMeService;
     
+    @Autowired
+    @Qualifier("onlineTicketServices")
+    protected OnlineTicketServices onlineTicketServices;
+
     protected abstract String getProviderName();
 
     protected abstract Authentication doInternalAuthenticate(Authentication authentication);
@@ -251,8 +256,7 @@ public abstract class AbstractAuthenticationProvider {
             } else {
                 _logger.debug("User Login. ");
             }
-            //Online Tickit
+            
-            userInfo.setOnlineTickit(WebConstants.ONLINE_TICKET_PREFIX + "-" +userInfo.generateId());
         }
 
         return userInfo;
@@ -312,4 +316,26 @@ public abstract class AbstractAuthenticationProvider {
         return true;
     }
 
+    public void setApplicationConfig(ApplicationConfig applicationConfig) {
+        this.applicationConfig = applicationConfig;
+    }
+
+    public void setAuthenticationRealm(AbstractAuthenticationRealm authenticationRealm) {
+        this.authenticationRealm = authenticationRealm;
+    }
+
+    public void setTfaOptAuthn(AbstractOptAuthn tfaOptAuthn) {
+        this.tfaOptAuthn = tfaOptAuthn;
+    }
+
+    public void setRemeberMeService(AbstractRemeberMeService remeberMeService) {
+        this.remeberMeService = remeberMeService;
+    }
+
+    public void setOnlineTicketServices(OnlineTicketServices onlineTicketServices) {
+        this.onlineTicketServices = onlineTicketServices;
+    }
+    
+    
+
 }

maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java

@@ -19,6 +19,8 @@ package org.maxkey.authn;
 
 import java.util.ArrayList;
 import java.util.Collection;
+
+import org.maxkey.authn.online.OnlineTicket;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -34,7 +36,7 @@ public class BasicAuthentication implements Authentication {
     String remeberMe;
     String authType;
     String jwtToken;
-    String onlineTickit;
+    OnlineTicket onlineTicket;
     ArrayList<GrantedAuthority> grantedAuthority;
     boolean authenticated;
 
@@ -167,12 +169,12 @@ public class BasicAuthentication implements Authentication {
         this.grantedAuthority = grantedAuthority;
     }
 
-    public String getOnlineTickit() {
+    public OnlineTicket getOnlineTicket() {
-        return onlineTickit;
+        return onlineTicket;
     }
 
-    public void setOnlineTickit(String onlineTickit) {
+    public void setOnlineTicket(OnlineTicket onlineTicket) {
-        this.onlineTickit = onlineTickit;
+        this.onlineTicket = onlineTicket;
     }
 
     @Override

maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java

@@ -17,6 +17,7 @@
 
 package org.maxkey.authn;
 
+import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
@@ -72,15 +73,10 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
 
         authenticationRealm.passwordMatches(userInfo, auth.getPassword());
-        authenticationRealm.grantAuthority(userInfo);
-        /*
-         *  put userInfo to current session context
-         */
-        WebContext.setUserInfo(userInfo);
         
-        auth.setAuthenticated(true);
+        UsernamePasswordAuthenticationToken authenticationToken = setOnline(auth,userInfo);
-
+        //RemeberMe Config check then set  RemeberMe cookies
-        if (auth.isAuthenticated() && applicationConfig.getLoginConfig().isRemeberMe()) {
+        if (applicationConfig.getLoginConfig().isRemeberMe()) {
             if (auth.getRemeberMe() != null && auth.getRemeberMe().equals("remeberMe")) {
                 WebContext.getSession().setAttribute(
                         WebConstants.REMEBER_ME_SESSION,auth.getUsername());
@@ -93,47 +89,25 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
                 );
             }
         }
-        auth.setOnlineTickit(userInfo.getOnlineTickit());
-        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
-                new UsernamePasswordAuthenticationToken(
-                auth,
-                "PASSWORD",
-                authenticationRealm.grantAuthority(userInfo));
-        usernamePasswordAuthenticationToken.setDetails(
-                new WebAuthenticationDetails(WebContext.getRequest()));
         
-        setOnlineTickit(userInfo.getOnlineTickit());
+        return  authenticationToken;
-        
-        return usernamePasswordAuthenticationToken;
     }
     
     @Override
     public Authentication basicAuthenticate(Authentication authentication) {
-        BasicAuthentication basicAuth = (BasicAuthentication) authentication;
+        BasicAuthentication auth = (BasicAuthentication) authentication;
-        UserInfo loadeduserInfo = loadUserInfo(basicAuth.getUsername(), "");
+        UserInfo loadeduserInfo = loadUserInfo(auth.getUsername(), "");
         if (loadeduserInfo != null) {
-            
+            authenticationRealm.passwordMatches(loadeduserInfo, auth.getPassword());
-            authenticationRealm.passwordMatches(loadeduserInfo, basicAuth.getPassword());
 
             authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
 
-            WebContext.setUserInfo(loadeduserInfo);
+            authenticationRealm.insertLoginHistory(loadeduserInfo, auth.getAuthType(), "", "", "SUCCESS");
                         
-            authentication.setAuthenticated(true);
+            return setOnline(auth,loadeduserInfo);
-            basicAuth.setOnlineTickit(loadeduserInfo.getOnlineTickit());
-            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
-                    authentication, "PASSWORD", authenticationRealm.grantAuthority(loadeduserInfo));
-
-            WebContext.setAuthentication(authenticationToken);
-            WebContext.setUserInfo(loadeduserInfo);
-            authenticationRealm.insertLoginHistory(loadeduserInfo, basicAuth.getAuthType(), "", "", "SUCCESS");
-            
-            setOnlineTickit(loadeduserInfo.getOnlineTickit());
-            
-            return authenticationToken;
         }else {
             String message = WebContext.getI18nValue("login.error.username");
-            _logger.debug("login user  " + basicAuth.getUsername() + " not in this System ." + message);
+            _logger.debug("login user  " + auth.getUsername() + " not in this System ." + message);
             throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
         }
     }
@@ -155,26 +129,12 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
                                             String message) {
         UserInfo loadeduserInfo = loadUserInfo(username, "");
         if (loadeduserInfo != null) {
-            WebContext.setUserInfo(loadeduserInfo);
+            BasicAuthentication auth = new BasicAuthentication();
-            BasicAuthentication authentication = new BasicAuthentication();
+            auth.setUsername(loadeduserInfo.getUsername());
-            authentication.setUsername(loadeduserInfo.getUsername());
-            authentication.setOnlineTickit(loadeduserInfo.getOnlineTickit());
-            UsernamePasswordAuthenticationToken authenticationToken =
-                    new UsernamePasswordAuthenticationToken(
-                            authentication, 
-                            "PASSWORD", 
-                            authenticationRealm.grantAuthority(loadeduserInfo)
-                    );
-
-            authentication.setAuthenticated(true);
-            WebContext.setAuthentication(authenticationToken);
-            WebContext.setUserInfo(loadeduserInfo);
             
             authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message);
             
-            setOnlineTickit(loadeduserInfo.getOnlineTickit());
+            return setOnline(auth,loadeduserInfo);
-            
-            return authenticationToken;
         }else {
             String i18nMessage = WebContext.getI18nValue("login.error.username");
             _logger.debug("login user  " + username + " not in this System ." + i18nMessage);
@@ -182,13 +142,42 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         }
     }
     
-    public void setOnlineTickit(String tickit) {
+    public UsernamePasswordAuthenticationToken setOnline(BasicAuthentication authentication,UserInfo userInfo) {
-        _logger.debug("set online Tickit " + tickit + " on domain "+ this.applicationConfig.getBaseDomainName());
+        //Online Tickit Id
+        String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase();
+        _logger.debug("set online Tickit Cookie " + onlineTickitId + " on domain "+ this.applicationConfig.getBaseDomainName());
+        
         WebContext.setCookie(WebContext.getResponse(), 
                 this.applicationConfig.getBaseDomainName(), 
                 WebConstants.ONLINE_TICKET_NAME, 
-                tickit, 
+                onlineTickitId, 
                 0);
+        
+        //set OnlineTicket
+        OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication);
+        this.onlineTicketServices.store(onlineTickitId, onlineTicket);
+        authentication.setOnlineTicket(onlineTicket);
+        
+        authentication.setAuthenticated(true);
+        UsernamePasswordAuthenticationToken authenticationToken =
+                new UsernamePasswordAuthenticationToken(
+                        authentication, 
+                        "PASSWORD", 
+                        authenticationRealm.grantAuthority(userInfo)
+                );
+        
+        authenticationToken.setDetails(
+                new WebAuthenticationDetails(WebContext.getRequest()));
+        
+        /*
+         *  put userInfo to current session context
+         */
+        WebContext.setAuthentication(authenticationToken);
+        
+        userInfo.setOnlineTicket(onlineTicket);
+        WebContext.setUserInfo(userInfo);
+        
+        return authenticationToken;
     }
   
 }

maxkey-core/src/main/java/org/maxkey/authn/online/InMemoryOnlineTicketServices.java

@@ -32,6 +32,10 @@ public class InMemoryOnlineTicketServices implements OnlineTicketServices{
 				.build(true);
 
 	
+	public InMemoryOnlineTicketServices() {
+        super();
+    }
+
     @Override
 	public void store(String ticketId, OnlineTicket ticket) {
 	    onlineTicketStore.put(ticketId, ticket);
@@ -50,4 +54,10 @@ public class InMemoryOnlineTicketServices implements OnlineTicketServices{
         return ticket;
     }
 
+    @Override
+    public void setValiditySeconds(int validitySeconds) {
+        // TODO Auto-generated method stub
+        
+    }
+
 }

maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicket.java

@@ -1,8 +1,10 @@
 package org.maxkey.authn.online;
 
 import java.io.Serializable;
+import java.util.HashMap;
 
 import org.maxkey.domain.apps.Apps;
+import org.springframework.security.core.Authentication;
 
 public class OnlineTicket implements Serializable{
 
@@ -11,14 +13,57 @@ public class OnlineTicket implements Serializable{
      */
     private static final long serialVersionUID = 9008067569150338296L;
 
-    public String id;
+    public String ticketId;
     
-    private Apps authorizeApps;
+    public Authentication authentication;
+    
+    private HashMap<String , Apps> authorizedApps;
     
 
-    public OnlineTicket(String id) {
+    public OnlineTicket(String ticketId) {
         super();
-        this.id = id;
+        this.ticketId = ticketId;
+    }
+    
+    public OnlineTicket(String ticketId,Authentication authentication) {
+        super();
+        this.ticketId = ticketId;
+        this.authentication = authentication;
+    }
+    
+    
+
+    public String getTicketId() {
+        return ticketId;
+    }
+
+
+
+    public void setTicketId(String ticketId) {
+        this.ticketId = ticketId;
+    }
+
+    
+    public Authentication getAuthentication() {
+        return authentication;
+    }
+
+
+
+    public void setAuthentication(Authentication authentication) {
+        this.authentication = authentication;
+    }
+
+  
+
+    public HashMap<String, Apps> getAuthorizedApps() {
+        return authorizedApps;
+    }
+
+
+
+    public void setAuthorizedApps(HashMap<String, Apps> authorizedApps) {
+        this.authorizedApps = authorizedApps;
     }
 
 
@@ -26,8 +71,8 @@ public class OnlineTicket implements Serializable{
     @Override
     public String toString() {
         StringBuilder builder = new StringBuilder();
-        builder.append("OnlineTicket [id=");
+        builder.append("OnlineTicket [ticketId=");
-        builder.append(id);
+        builder.append(ticketId);
         builder.append("]");
         return builder.toString();
     }

maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicketServices.java

@@ -26,4 +26,5 @@ public interface OnlineTicketServices {
     
     public  OnlineTicket get(String ticketId);
 
+    public void setValiditySeconds(int validitySeconds);
 }

maxkey-core/src/main/java/org/maxkey/authn/online/RedisOnlineTicketServices.java

@@ -72,5 +72,11 @@ public class RedisOnlineTicketServices implements OnlineTicketServices {
         return ticket;
     }
 
+    @Override
+    public void setValiditySeconds(int validitySeconds) {
+       this.serviceTicketValiditySeconds = validitySeconds;
+        
+    }
+
 	
 }

maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java

@@ -27,6 +27,9 @@ import javax.sql.DataSource;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.authn.SavedRequestAwareAuthenticationSuccessHandler;
+import org.maxkey.authn.online.InMemoryOnlineTicketServices;
+import org.maxkey.authn.online.OnlineTicketServices;
+import org.maxkey.authn.online.RedisOnlineTicketServices;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.authn.support.rememberme.InMemoryRemeberMeService;
 import org.maxkey.authn.support.rememberme.RedisRemeberMeService;
@@ -204,6 +207,24 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
         return remeberMeService;
     }
     
+    @Bean(name = "onlineTicketServices")
+    public OnlineTicketServices onlineTicketServices(
+            @Value("${config.server.persistence}") int persistence,
+            JdbcTemplate jdbcTemplate,
+            RedisConnectionFactory redisConnFactory) {
+        OnlineTicketServices onlineTicketServices = null;
+        if (persistence == ConstantsPersistence.INMEMORY) {
+            onlineTicketServices = new InMemoryOnlineTicketServices();
+            _logger.debug("InMemoryOnlineTicketServices");
+        } else if (persistence == ConstantsPersistence.JDBC) {
+            _logger.debug("OnlineTicketServices not support "); 
+        } else if (persistence == ConstantsPersistence.REDIS) {
+            onlineTicketServices = new RedisOnlineTicketServices(redisConnFactory);
+            _logger.debug("RedisOnlineTicketServices");
+        }
+        return onlineTicketServices;
+    }
+    
     /**
      * keyStoreLoader .
      * @return

maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java

@@ -26,6 +26,7 @@ import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
 import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
+import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.util.StringUtils;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -230,7 +231,7 @@ public class UserInfo extends JpaBaseDomain {
 
     protected int online;
     
-    String onlineTickit;
+    OnlineTicket onlineTicket;
 
     protected String ldapDn;
 
@@ -1164,12 +1165,12 @@ public class UserInfo extends JpaBaseDomain {
         this.createdBy = createdBy;
     }
 
-    public String getOnlineTickit() {
+    public OnlineTicket getOnlineTicket() {
-        return onlineTickit;
+        return onlineTicket;
     }
 
-    public void setOnlineTickit(String onlineTickit) {
+    public void setOnlineTicket(OnlineTicket onlineTicket) {
-        this.onlineTickit = onlineTickit;
+        this.onlineTicket = onlineTicket;
     }
 
     /**
@@ -1407,8 +1408,6 @@ public class UserInfo extends JpaBaseDomain {
         builder.append(extraAttributeMap);
         builder.append(", online=");
         builder.append(online);
-        builder.append(", onlineTickit=");
-        builder.append(onlineTickit);
         builder.append(", ldapDn=");
         builder.append(ldapDn);
         builder.append(", gridList=");

maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java

@@ -150,6 +150,9 @@ public class Apps extends JpaBaseDomain implements Serializable {
     @Column
     protected String description;
     
+    
+    protected String loginDateTime;
+
     public Apps() {
         super();
         isSignature = Boolean.FALSE;
@@ -537,6 +540,15 @@ public class Apps extends JpaBaseDomain implements Serializable {
         this.logoutType = logoutType;
     }
 
+    
+    public String getLoginDateTime() {
+        return loginDateTime;
+    }
+
+    public void setLoginDateTime(String loginDateTime) {
+        this.loginDateTime = loginDateTime;
+    }
+
     @Override
     public String toString() {
         StringBuilder builder = new StringBuilder();

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java

@@ -201,7 +201,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
 			if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
 				AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter());
 				UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal);
-				userInfo.setOnlineTickit(authentication.getOnlineTickit());
+				userInfo.setOnlineTicket(authentication.getOnlineTicket());
 				adapter.generateInfo(userInfo, serviceResponseBuilder);
 			}
 		}else{

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java

@@ -83,7 +83,7 @@ public class Cas30AuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 			if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
 				AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter());
 				UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal);
-				userInfo.setOnlineTickit(authentication.getOnlineTickit());
+				userInfo.setOnlineTicket(authentication.getOnlineTicket());
 				adapter.generateInfo(userInfo, serviceResponseBuilder);
 			}
 		}else{

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java

@@ -66,7 +66,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter {
 		serviceResponseBuilder.setAttribute("departmentId", userInfo.getDepartmentId());
 		serviceResponseBuilder.setAttribute("workRegion",base64Attr(userInfo.getWorkRegion()));
 		
-		serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,userInfo.getOnlineTickit());
+		serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,userInfo.getOnlineTicket().getTicketId());
 	
 		return null;
 	}

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java

@@ -44,7 +44,7 @@ public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
 		beanMap.put("title", userInfo.getJobTitle());
 		beanMap.put("state", userInfo.getWorkRegion());
 		beanMap.put("gender", userInfo.getGender());
-		beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit());
+		beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId());
 		
 		String info= JsonUtils.object2Json(beanMap);
 		

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java

@@ -136,7 +136,7 @@ public class UserInfoEndpoint {
 					adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter;
 				 }
 				 BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication();
-				 userInfo.setOnlineTickit(authentication.getOnlineTickit());
+				 userInfo.setOnlineTicket(authentication.getOnlineTicket());
 				String jsonData=adapter.generateInfo(userInfo, app);
 				return jsonData;
 			}catch(OAuth2Exception e){
@@ -175,7 +175,7 @@ public class UserInfoEndpoint {
 			 BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication();
 			 
 			 jwtClaimsSetBuilder.claim("sub", userInfo.getId());
-			 jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTickit());
+			 jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId());
 			 
 		 	if(scopes.contains("profile")){
 		 		jwtClaimsSetBuilder.claim("name", userInfo.getUsername());

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java

@@ -73,7 +73,7 @@ public class AssertionEndpoint {
 
 		HashMap <String,String>attributeMap=new HashMap<String,String>();
 		
-		attributeMap.put(WebConstants.ONLINE_TICKET_NAME, WebContext.getUserInfo().getOnlineTickit());
+		attributeMap.put(WebConstants.ONLINE_TICKET_NAME, WebContext.getUserInfo().getOnlineTicket().getTicketId());
 		
 		//saml20Details
 		Response authResponse = authnResponseGenerator.generateAuthnResponse(

maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java

@@ -117,17 +117,17 @@ public class TokenBasedAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 			
 			cookie.setPath("/");
 			//
-			//cookie.setDomain("."+applicationConfig.getSubDomainName());
+			//cookie.setDomain("."+applicationConfig.getBaseDomainName());
 			//tomcat 8.5
-			cookie.setDomain(applicationConfig.getDomainName());
+			cookie.setDomain(applicationConfig.getBaseDomainName());
 			
-			_logger.debug("Sub Domain Name : "+"."+applicationConfig.getDomainName());
+			_logger.debug("Sub Domain Name : "+"."+applicationConfig.getBaseDomainName());
 			response.addCookie(cookie);
 			
-			if(tokenBasedDetails.getRedirectUri().indexOf(applicationConfig.getDomainName())>-1){
+			if(tokenBasedDetails.getRedirectUri().indexOf(applicationConfig.getBaseDomainName())>-1){
 				return WebContext.redirect(tokenBasedDetails.getRedirectUri());
 			}else{
-				_logger.error(tokenBasedDetails.getRedirectUri()+" not in domain "+applicationConfig.getDomainName());
+				_logger.error(tokenBasedDetails.getRedirectUri()+" not in domain "+applicationConfig.getBaseDomainName());
 				return null;
 			}
 		}

maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java

@@ -71,7 +71,7 @@ public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter {
 		}
 		
 		beanMap.put("displayName", userInfo.getDisplayName());
-		beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit());
+		beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId());
 		
 		/*
 		 * use UTC date time format

maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java

@@ -68,7 +68,7 @@ public class TokenBasedJWTAdapter extends AbstractAuthorizeAdapter {
 				.claim("user_id", userInfo.getId())
 				.claim("external_id", userInfo.getId())
 				.claim("locale", userInfo.getLocale())
-				.claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit())
+				.claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId())
 				.claim("kid", jwtSignerService.getDefaultSignerKeyId())
 				.build();
 		

maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java

@@ -68,7 +68,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter {
 				.claim("email", userInfo.getWorkEmail())
 				.claim("name", userInfo.getUsername())
 				.claim("user_id", userInfo.getId())
-				.claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit())
+				.claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId())
 				.claim("external_id", userInfo.getId())
 				.claim("locale", userInfo.getLocale())
 				.claim("kid", "SYMMETRIC-KEY")

maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/OnlineTicketEndpoint.java

@@ -0,0 +1,27 @@
+package org.maxkey.web.endpoint;
+
+import org.maxkey.authn.online.OnlineTicket;
+import org.maxkey.authn.online.OnlineTicketServices;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+@RequestMapping(value={"/onlineticket"})
+public class OnlineTicketEndpoint {
+
+    @Autowired
+    @Qualifier("onlineTicketServices")
+    protected OnlineTicketServices onlineTicketServices;
+    
+    @ResponseBody
+    @RequestMapping(value="/ticketValidate") 
+    public OnlineTicket ticketValidate(
+            @RequestParam(value ="ticket",required = true) String ticket) {
+        OnlineTicket onlineTicket = onlineTicketServices.get(ticket);
+        return onlineTicket;
+    }
+}