diff --git a/examples/broker/facebook-authentication/facebook-identity-provider-realm.json b/examples/broker/facebook-authentication/facebook-identity-provider-realm.json index 0baa7170bb..5243879de2 100644 --- a/examples/broker/facebook-authentication/facebook-identity-provider-realm.json +++ b/examples/broker/facebook-authentication/facebook-identity-provider-realm.json @@ -39,6 +39,9 @@ "baseUrl": "/facebook-authentication", "redirectUris": [ "/facebook-authentication/*" + ], + "webOrigins": [ + "http://localhost:8080" ] } ], diff --git a/examples/broker/google-authentication/google-identity-provider-realm.json b/examples/broker/google-authentication/google-identity-provider-realm.json index 751bbf064e..22df7e42a3 100644 --- a/examples/broker/google-authentication/google-identity-provider-realm.json +++ b/examples/broker/google-authentication/google-identity-provider-realm.json @@ -39,6 +39,9 @@ "baseUrl": "/google-authentication", "redirectUris": [ "/google-authentication/*" + ], + "webOrigins": [ + "http://localhost:8080" ] } ], diff --git a/examples/broker/saml-broker-authentication/saml-broker-authentication-realm.json b/examples/broker/saml-broker-authentication/saml-broker-authentication-realm.json index 5433cf0eb0..3369dafea0 100644 --- a/examples/broker/saml-broker-authentication/saml-broker-authentication-realm.json +++ b/examples/broker/saml-broker-authentication/saml-broker-authentication-realm.json @@ -38,8 +38,7 @@ "adminUrl": "/saml-broker-authentication", "baseUrl": "/saml-broker-authentication", "redirectUris": [ - "/saml-broker-authentication/*", - "http://localhost:8080/saml-broker-authentication/*" + "/saml-broker-authentication/*" ], "webOrigins": [ "http://localhost:8080" @@ -55,7 +54,7 @@ "updateProfileFirstLogin" : "true", "storeToken" : "true", "config": { - "singleSignOnServiceUrl": "http://localhost:8081/auth/realms/saml-broker-realm/protocol/saml", + "singleSignOnServiceUrl": "http://localhost:8080/auth/realms/saml-broker-realm/protocol/saml", "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin", "wantAuthnRequestsSigned": true, diff --git a/examples/broker/saml-broker-authentication/saml-broker-realm.json b/examples/broker/saml-broker-authentication/saml-broker-realm.json index 0fc06434df..016b843e3a 100644 --- a/examples/broker/saml-broker-authentication/saml-broker-realm.json +++ b/examples/broker/saml-broker-authentication/saml-broker-realm.json @@ -28,10 +28,10 @@ }, "applications": [ { - "name": "http://localhost:8081/auth/", + "name": "http://localhost:8080/auth/", "enabled": true, "redirectUris": [ - "http://localhost:8081/auth/realms/saml-broker-authentication-realm/broker/saml-identity-provider" + "http://localhost:8080/auth/realms/saml-broker-authentication-realm/broker/saml-identity-provider" ], "attributes": { "saml.assertion.signature": "true", diff --git a/examples/broker/saml-broker-authentication/src/main/webapp/keycloak.json b/examples/broker/saml-broker-authentication/src/main/webapp/keycloak.json index dccd4a337f..5c86ef013e 100644 --- a/examples/broker/saml-broker-authentication/src/main/webapp/keycloak.json +++ b/examples/broker/saml-broker-authentication/src/main/webapp/keycloak.json @@ -2,7 +2,7 @@ "realm" : "saml-broker-authentication-realm", "resource" : "saml-broker-authentication", "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", - "auth-server-url": "http://localhost:8081/auth", + "auth-server-url": "/auth", "ssl-required" : "external", "public-client" : true } diff --git a/examples/broker/twitter-authentication/src/main/webapp/keycloak.json b/examples/broker/twitter-authentication/src/main/webapp/keycloak.json new file mode 100644 index 0000000000..7243636390 --- /dev/null +++ b/examples/broker/twitter-authentication/src/main/webapp/keycloak.json @@ -0,0 +1,8 @@ +{ + "realm" : "twitter-identity-provider-realm", + "resource" : "twitter-authentication", + "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", + "auth-server-url": "/auth", + "ssl-required" : "external", + "public-client" : true +} diff --git a/examples/broker/twitter-authentication/twitter-identity-provider-realm.json b/examples/broker/twitter-authentication/twitter-identity-provider-realm.json index 10c6b55ea0..90aef3fe20 100644 --- a/examples/broker/twitter-authentication/twitter-identity-provider-realm.json +++ b/examples/broker/twitter-authentication/twitter-identity-provider-realm.json @@ -40,6 +40,9 @@ "baseUrl": "/twitter-authentication", "redirectUris": [ "/twitter-authentication/*" + ], + "webOrigins": [ + "http://localhost:8080" ] }, { diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js index b398b83c41..d6880dc3c6 100755 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js +++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js @@ -171,7 +171,7 @@ module.config([ '$routeProvider', function($routeProvider) { controller : 'RealmIdentityProviderCtrl' }) .when('/realms/:realm/identity-provider-settings/provider/:provider_id/:id', { - templateUrl : function(params){ return 'partials/realm-identity-provider-' + params.provider_id + '.html'; }, + templateUrl : function(params){ return resourceUrl + '/partials/realm-identity-provider-' + params.provider_id + '.html'; }, resolve : { realm : function(RealmLoader) { return RealmLoader(); diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java index 5de4015ddb..b2a11bb1d6 100644 --- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java +++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java @@ -323,7 +323,7 @@ public class IdentityBrokerService { federatedUser.addRequiredAction(UPDATE_PROFILE); } } catch (Exception e) { - return redirectToLoginPage(e.getMessage(), clientCode); + return redirectToErrorPage(e.getMessage(), e); } } @@ -439,6 +439,10 @@ public class IdentityBrokerService { } private Response redirectToErrorPage(String message, Throwable throwable) { + if (message == null) { + message = "Unexpected error when authenticating with identity provider"; + } + fireErrorEvent(message, throwable); return Flows.forwardToSecurityFailurePage(this.session, this.realmModel, this.uriInfo, message); } @@ -448,14 +452,6 @@ public class IdentityBrokerService { return Flows.errors().error(message, Status.BAD_REQUEST); } - private Response redirectToLoginPage(String message, ClientSessionCode clientCode) { - fireErrorEvent(message); - return Flows.forms(this.session, this.realmModel, clientCode.getClientSession().getClient(), this.uriInfo) - .setClientSessionCode(clientCode.getCode()) - .setError(message) - .createLogin(); - } - private IdentityProvider getIdentityProvider(String providerId) { IdentityProviderModel identityProviderModel = this.realmModel.getIdentityProviderById(providerId); @@ -513,7 +509,11 @@ public class IdentityBrokerService { FederatedIdentityModel federatedIdentityModel = new FederatedIdentityModel(updatedIdentity.getIdentityProviderId(), updatedIdentity.getId(), updatedIdentity.getUsername(), updatedIdentity.getToken()); // Check if no user already exists with this username or email - UserModel existingUser = this.session.users().getUserByEmail(updatedIdentity.getEmail(), this.realmModel); + UserModel existingUser = null; + + if (updatedIdentity.getEmail() != null) { + existingUser = this.session.users().getUserByEmail(updatedIdentity.getEmail(), this.realmModel); + } if (existingUser != null) { fireErrorEvent(Errors.FEDERATED_IDENTITY_EMAIL_EXISTS);