Merge pull request #3753 from hmlnarik/KEYCLOAK-4216-mod-auth-mellon-logout-failed-when-using-SSO

KEYCLOAK-4216 Fix NPE and logout binding choice
This commit is contained in:
Stian Thorgersen 2017-01-18 08:40:02 +01:00 committed by GitHub
commit 5a0504b5d9
2 changed files with 5 additions and 4 deletions

View file

@ -245,9 +245,9 @@ public class SamlProtocol implements LoginProtocol {
String logoutPostUrl = client.getAttribute(SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE);
String logoutRedirectUrl = client.getAttribute(SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE);
if (logoutPostUrl == null) {
if (logoutPostUrl == null || logoutPostUrl.trim().isEmpty()) {
// if we don't have a redirect uri either, return true and default to the admin url + POST binding
if (logoutRedirectUrl == null)
if (logoutRedirectUrl == null || logoutRedirectUrl.trim().isEmpty())
return true;
return false;
}
@ -262,7 +262,7 @@ public class SamlProtocol implements LoginProtocol {
if (SAML_POST_BINDING.equals(bindingType))
return true;
if (logoutRedirectUrl == null)
if (logoutRedirectUrl == null || logoutRedirectUrl.trim().isEmpty())
return true; // we don't have a redirect binding url, so use post binding
return false; // redirect binding

View file

@ -347,7 +347,8 @@ public class SamlService extends AuthorizationEndpointBase {
AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, false);
if (authResult != null) {
String logoutBinding = getBindingType();
if (samlClient.forcePostBinding())
String postBindingUri = SamlProtocol.getLogoutServiceUrl(uriInfo, client, SamlProtocol.SAML_POST_BINDING);
if (samlClient.forcePostBinding() && postBindingUri != null && ! postBindingUri.trim().isEmpty())
logoutBinding = SamlProtocol.SAML_POST_BINDING;
boolean postBinding = Objects.equals(SamlProtocol.SAML_POST_BINDING, logoutBinding);