undertow slash redirect problem

This commit is contained in:
Bill Burke 2014-10-08 09:45:49 -04:00
parent 5f1e6f3a23
commit 13a2108846
3 changed files with 17 additions and 24 deletions

View file

@ -1,25 +1,4 @@
package org.keycloak.protocol.saml;
/*
* JBoss, Home of Professional Open Source.
* Copyright 2008, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
@ -62,6 +41,7 @@ import static org.picketlink.common.util.StringUtil.isNotNull;
* Configuration Options:
*
* @author Anil.Saldhana@redhat.com
* @author bburke@redhat.com
*/
public class SAML2PostBindingResponseBuilder {
protected static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();

View file

@ -35,6 +35,7 @@ import org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.w3c.dom.Document;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
@ -195,10 +196,22 @@ public class SamlLogin implements LoginProtocol {
ClientResponse response = null;
try {
response = request.post();
response.releaseConnection();
// Undertow will redirect root urls not ending in "/" to root url + "/". Test for this weird behavior
if (response.getStatus() == 302 && !adminUrl.endsWith("/")) {
String redirect = (String)response.getHeaders().getFirst(HttpHeaders.LOCATION);
String withSlash = adminUrl + "/";
if (withSlash.equals(redirect)) {
request = executor.createRequest(withSlash);
request.formParameter(GeneralConstants.SAML_REQUEST_KEY, logoutRequestString);
request.formParameter(SAML2LogOutHandler.BACK_CHANNEL_LOGOUT, SAML2LogOutHandler.BACK_CHANNEL_LOGOUT);
response = request.post();
response.releaseConnection();
}
}
} catch (Exception e) {
logger.warn("failed to send saml logout", e);
}
response.releaseConnection();
} finally {
executor.getHttpClient().getConnectionManager().shutdown();

View file

@ -32,8 +32,8 @@
"name": "http://localhost:8080/sales-post/",
"enabled": true,
"fullScopeAllowed": true,
"baseUrl": "http://localhost:8080/sales-post/",
"adminUrl": "http://localhost:8080/sales-post/",
"baseUrl": "http://localhost:8080/sales-post",
"adminUrl": "http://localhost:8080/sales-post",
"redirectUris": [
"http://localhost:8080/sales-post/*"
]