From 59082e0b5f0bf96edadb846aa2b2d7568dafc72a Mon Sep 17 00:00:00 2001
From: Martin Kanis <mkanis@redhat.com>
Date: Fri, 24 Aug 2018 12:31:44 +0200
Subject: [PATCH] KEYCLOAK-7943 NPE when SAML User Property mapper is empty

---
 .../protocol/oidc/mappers/UserPropertyMapper.java      |  4 +++-
 .../mappers/UserPropertyAttributeStatementMapper.java  | 10 +++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserPropertyMapper.java b/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserPropertyMapper.java
index 62b5c4a4e5..863b9835a7 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserPropertyMapper.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserPropertyMapper.java
@@ -77,9 +77,11 @@ public class UserPropertyMapper extends AbstractOIDCProtocolMapper implements OI
     }
 
     protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
-
         UserModel user = userSession.getUser();
         String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
+
+        if (propertyName == null || propertyName.trim().isEmpty()) return;
+
         String propertyValue = ProtocolMapperUtils.getUserModelValue(user, propertyName);
         OIDCAttributeMapperHelper.mapClaim(token, mappingModel, propertyValue);
     }
diff --git a/services/src/main/java/org/keycloak/protocol/saml/mappers/UserPropertyAttributeStatementMapper.java b/services/src/main/java/org/keycloak/protocol/saml/mappers/UserPropertyAttributeStatementMapper.java
index 685387cf45..e46e09f8d6 100755
--- a/services/src/main/java/org/keycloak/protocol/saml/mappers/UserPropertyAttributeStatementMapper.java
+++ b/services/src/main/java/org/keycloak/protocol/saml/mappers/UserPropertyAttributeStatementMapper.java
@@ -79,10 +79,14 @@ public class UserPropertyAttributeStatementMapper extends AbstractSAMLProtocolMa
     public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
         UserModel user = userSession.getUser();
         String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
-        String propertyValue = ProtocolMapperUtils.getUserModelValue(user, propertyName);
-        if (propertyValue == null) return;
-        AttributeStatementHelper.addAttribute(attributeStatement, mappingModel, propertyValue);
 
+        if (propertyName == null || propertyName.trim().isEmpty()) return;
+
+        String propertyValue = ProtocolMapperUtils.getUserModelValue(user, propertyName);
+
+        if (propertyValue == null) return;
+
+        AttributeStatementHelper.addAttribute(attributeStatement, mappingModel, propertyValue);
     }
 
     public static ProtocolMapperModel createAttributeMapper(String name, String userAttribute,