diff --git a/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java b/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java index f00b2a766d..60f5493c22 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java @@ -42,8 +42,9 @@ public class RedirectUtils { } public static String verifyRedirectUri(UriInfo uriInfo, String redirectUri, RealmModel realm, ClientModel client) { - Set validRedirects = client.getRedirectUris(); - return verifyRedirectUri(uriInfo, client.getRootUrl(), redirectUri, realm, validRedirects); + if (client != null) + return verifyRedirectUri(uriInfo, client.getRootUrl(), redirectUri, realm, client.getRedirectUris()); + return null; } public static Set resolveValidRedirects(UriInfo uriInfo, String rootUrl, Set validRedirects) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java index 0dc7597594..65a2e9bf6d 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java @@ -813,4 +813,18 @@ public class AccountTest extends TestRealmKeycloakTest { } + @Test + public void testInvalidReferrer() { + driver.navigate().to(profilePage.getPath() + "?referrer=test-app"); + loginPage.login("test-user@localhost", "password"); + Assert.assertTrue(profilePage.isCurrent()); + profilePage.backToApplication(); + + Assert.assertTrue(appPage.isCurrent()); + + driver.navigate().to(profilePage.getPath() + "?referrer=test-invalid&referrer_uri=http://localhost:8180/auth/realms/master/app/auth?test"); + Assert.assertTrue(profilePage.isCurrent()); + + events.clear(); + } }