From 13a21088469a8507760d7a2bdf6913cfda823aed Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Wed, 8 Oct 2014 09:45:49 -0400 Subject: [PATCH] undertow slash redirect problem --- .../saml/SAML2PostBindingResponseBuilder.java | 22 +------------------ .../org/keycloak/protocol/saml/SamlLogin.java | 15 ++++++++++++- .../src/test/resources/testsaml.json | 4 ++-- 3 files changed, 17 insertions(+), 24 deletions(-) diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2PostBindingResponseBuilder.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2PostBindingResponseBuilder.java index a1145a16d5..6e89bd85dc 100755 --- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2PostBindingResponseBuilder.java +++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2PostBindingResponseBuilder.java @@ -1,25 +1,4 @@ package org.keycloak.protocol.saml; -/* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ import org.picketlink.common.PicketLinkLogger; import org.picketlink.common.PicketLinkLoggerFactory; @@ -62,6 +41,7 @@ import static org.picketlink.common.util.StringUtil.isNotNull; * Configuration Options: * * @author Anil.Saldhana@redhat.com + * @author bburke@redhat.com */ public class SAML2PostBindingResponseBuilder { protected static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger(); diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlLogin.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlLogin.java index dfc4081cee..04e3dd13b4 100755 --- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlLogin.java +++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlLogin.java @@ -35,6 +35,7 @@ import org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler; import org.picketlink.identity.federation.web.util.PostBindingUtil; import org.w3c.dom.Document; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; import java.io.IOException; @@ -195,10 +196,22 @@ public class SamlLogin implements LoginProtocol { ClientResponse response = null; try { response = request.post(); + response.releaseConnection(); + // Undertow will redirect root urls not ending in "/" to root url + "/". Test for this weird behavior + if (response.getStatus() == 302 && !adminUrl.endsWith("/")) { + String redirect = (String)response.getHeaders().getFirst(HttpHeaders.LOCATION); + String withSlash = adminUrl + "/"; + if (withSlash.equals(redirect)) { + request = executor.createRequest(withSlash); + request.formParameter(GeneralConstants.SAML_REQUEST_KEY, logoutRequestString); + request.formParameter(SAML2LogOutHandler.BACK_CHANNEL_LOGOUT, SAML2LogOutHandler.BACK_CHANNEL_LOGOUT); + response = request.post(); + response.releaseConnection(); + } + } } catch (Exception e) { logger.warn("failed to send saml logout", e); } - response.releaseConnection(); } finally { executor.getHttpClient().getConnectionManager().shutdown(); diff --git a/testsuite/integration/src/test/resources/testsaml.json b/testsuite/integration/src/test/resources/testsaml.json index 4c0687574b..198f170ef3 100755 --- a/testsuite/integration/src/test/resources/testsaml.json +++ b/testsuite/integration/src/test/resources/testsaml.json @@ -32,8 +32,8 @@ "name": "http://localhost:8080/sales-post/", "enabled": true, "fullScopeAllowed": true, - "baseUrl": "http://localhost:8080/sales-post/", - "adminUrl": "http://localhost:8080/sales-post/", + "baseUrl": "http://localhost:8080/sales-post", + "adminUrl": "http://localhost:8080/sales-post", "redirectUris": [ "http://localhost:8080/sales-post/*" ]