libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-16540 X.509 Authentication logs Exception when no client cert

Browse source 
When no client cert is present the variable clientCert is null. In this
case the log statement leads to a NPE which then gets logged as an
error.
This commit is contained in:
Sven-Torben Janus 2020-12-04 08:00:08 +01:00 committed by Marek Posolda
parent d70de48ba9
commit 4652fd4fcd
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
services/src/main/java/org/keycloak/services/x509/NginxProxySslClientCertificateLookup.java
View file

@ -123,10 +123,10 @@ public class NginxProxySslClientCertificateLookup extends AbstractClientCertific
// Get the client certificate
X509Certificate clientCert = getCertificateFromHttpHeader(httpRequest, sslClientCertHttpHeader);
log.debugf("End user certificate found : Subject DN=[%s] SerialNumber=[%s]", clientCert.getSubjectDN().toString(), clientCert.getSerialNumber().toString() );
if (clientCert != null) {
log.debugf("End user certificate found : Subject DN=[%s] SerialNumber=[%s]", clientCert.getSubjectDN(), clientCert.getSerialNumber());
// Rebuilding the end user certificate chain using Keycloak Truststore
X509Certificate[] certChain = buildChain(clientCert);
if ( certChain == null || certChain.length == 0 ) {