libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-3950 Fix NPE on request for NameIDPolicy without format

Browse source 
... and two more one-line issues
This commit is contained in:
Hynek Mlnarik 2016-12-05 07:24:38 +01:00
parent d7df86d6d0
commit 197f51e50f
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
services/src/main/java/org/keycloak/protocol/saml/SamlService.java
View file

@ -248,9 +248,9 @@ public class SamlService extends AuthorizationEndpointBase {
String bindingType = getBindingType(requestAbstractType); String bindingType = getBindingType(requestAbstractType);
if (samlClient.forcePostBinding()) if (samlClient.forcePostBinding())
bindingType = SamlProtocol.SAML_POST_BINDING; bindingType = SamlProtocol.SAML_POST_BINDING;
String redirect = null; String redirect;
URI redirectUri = requestAbstractType.getAssertionConsumerServiceURL(); URI redirectUri = requestAbstractType.getAssertionConsumerServiceURL();
if (redirectUri != null && !"null".equals(redirectUri)) { // "null" is for testing purposes if (redirectUri != null && ! "null".equals(redirectUri.toString())) { // "null" is for testing purposes
redirect = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri.toString(), realm, client); redirect = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri.toString(), realm, client);
} else { } else {
if (bindingType.equals(SamlProtocol.SAML_POST_BINDING)) { if (bindingType.equals(SamlProtocol.SAML_POST_BINDING)) {
@ -279,8 +279,9 @@ public class SamlService extends AuthorizationEndpointBase {
// Handle NameIDPolicy from SP // Handle NameIDPolicy from SP
NameIDPolicyType nameIdPolicy = requestAbstractType.getNameIDPolicy(); NameIDPolicyType nameIdPolicy = requestAbstractType.getNameIDPolicy();
if (nameIdPolicy != null && !samlClient.forceNameIDFormat()) { final URI nameIdFormatUri = nameIdPolicy == null ? null : nameIdPolicy.getFormat();
String nameIdFormat = nameIdPolicy.getFormat().toString(); if (nameIdFormatUri != null && ! samlClient.forceNameIDFormat()) {
String nameIdFormat = nameIdFormatUri.toString();
// TODO: Handle AllowCreate too, relevant for persistent NameID. // TODO: Handle AllowCreate too, relevant for persistent NameID.
if (isSupportedNameIdFormat(nameIdFormat)) { if (isSupportedNameIdFormat(nameIdFormat)) {
clientSession.setNote(GeneralConstants.NAMEID_FORMAT, nameIdFormat); clientSession.setNote(GeneralConstants.NAMEID_FORMAT, nameIdFormat);
@ -345,7 +346,7 @@ public class SamlService extends AuthorizationEndpointBase {
AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, false); AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, false);
if (authResult != null) { if (authResult != null) {
String logoutBinding = getBindingType(); String logoutBinding = getBindingType();
if ("true".equals(samlClient.forcePostBinding())) if (samlClient.forcePostBinding())
logoutBinding = SamlProtocol.SAML_POST_BINDING; logoutBinding = SamlProtocol.SAML_POST_BINDING;
boolean postBinding = Objects.equals(SamlProtocol.SAML_POST_BINDING, logoutBinding); boolean postBinding = Objects.equals(SamlProtocol.SAML_POST_BINDING, logoutBinding);