libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-494

Browse source 
Session state iframe uses first redirect uri for a client
This commit is contained in:
Stian Thorgersen 2014-05-22 17:51:51 +01:00
parent 128cc7eadb
commit 37099f3177
2 changed files with 24 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
integration/js/src/main/resources/keycloak.js
View file

@ -538,7 +538,7 @@ var Keycloak = function (config) {
loginIframe.iframe = iframe; loginIframe.iframe = iframe;
} }
var src = getRealmUrl() + '/login-status-iframe.html?client_id=' + encodeURIComponent(kc.clientId); var src = getRealmUrl() + '/login-status-iframe.html?client_id=' + encodeURIComponent(kc.clientId) + '&origin=' + window.location.origin;
iframe.setAttribute('src', src ); iframe.setAttribute('src', src );
iframe.style.display = 'none'; iframe.style.display = 'none';
document.body.appendChild(iframe); document.body.appendChild(iframe);

42
services/src/main/java/org/keycloak/services/resources/RealmsResource.java
View file

@ -2,6 +2,7 @@ package org.keycloak.services.resources;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.NotFoundException; import org.jboss.resteasy.spi.NotFoundException;
import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.jboss.resteasy.spi.UnauthorizedException; import org.jboss.resteasy.spi.UnauthorizedException;
@ -98,7 +99,8 @@ public class RealmsResource {
@Produces(MediaType.TEXT_HTML) @Produces(MediaType.TEXT_HTML)
@NoCache @NoCache
public String getLoginStatusIframe(final @PathParam("realm") String name, public String getLoginStatusIframe(final @PathParam("realm") String name,
@QueryParam("client_id") String client_id) { @QueryParam("client_id") String client_id,
@QueryParam("origin") String origin) {
logger.info("getLoginStatusIframe"); logger.info("getLoginStatusIframe");
AuthenticationManager auth = new AuthenticationManager(providers); AuthenticationManager auth = new AuthenticationManager(providers);
@ -116,31 +118,33 @@ public class RealmsResource {
InputStream is = getClass().getClassLoader().getResourceAsStream("login-status-iframe.html"); InputStream is = getClass().getClassLoader().getResourceAsStream("login-status-iframe.html");
if (is == null) throw new NotFoundException("Could not find login-status-iframe.html "); if (is == null) throw new NotFoundException("Could not find login-status-iframe.html ");
Set<String> redirectUris = TokenService.resolveValidRedirects(uriInfo, client.getRedirectUris());
String origin = null;
for (String redirect : redirectUris) {
int index = redirect.indexOf("://"); boolean valid = false;
if (index == -1) continue; for (String o : client.getWebOrigins()) {
index = redirect.indexOf('/', index + 3); if (o.equals("*") || o.equals(origin)) {
if (index == -1) { valid = true;
origin = redirect; break;
} else {
origin = redirect.substring(0, index);
} }
break;
} }
String file = null;
for (String r : TokenService.resolveValidRedirects(uriInfo, client.getRedirectUris())) {
r = r.substring(0, r.indexOf('/', 8));
if (r.equals(origin)) {
valid = true;
break;
}
}
if (!valid) {
throw new BadRequestException("Invalid origin");
}
try { try {
file = StreamUtil.readString(is); String file = StreamUtil.readString(is);
return file.replace("ORIGIN", origin);
} catch (IOException e) { } catch (IOException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} }
file = file.replace("ORIGIN", origin);
//System.out.println(file);
return file;
} }
@Path("{realm}/tokens") @Path("{realm}/tokens")