libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

[KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs

Browse source 
- no longer compare them to the server absolutePath; instead use the base URI to build the validation URL
This commit is contained in:
Stefan Guilhen 2020-02-14 15:51:19 -03:00 committed by Stian Thorgersen
parent f45f882f0c
commit 3fa8a5aa88
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/src/main/java/org/keycloak/services/resources/account/AccountLoader.java
View file

@ -70,6 +70,10 @@ public class AccountLoader {
throw new NotAuthorizedException("Bearer token required");
}
if (authResult.getUser().getServiceAccountClientLink() != null) {
throw new NotAuthorizedException("Service accounts are not allowed to access this service");
}
Auth auth = new Auth(session.getContext().getRealm(), authResult.getToken(), authResult.getUser(), client, authResult.getSession(), false);
AccountRestService accountRestService = new AccountRestService(session, auth, client, event);
ResteasyProviderFactory.getInstance().injectProperties(accountRestService);