libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

[KEYCLOAK-18559] Fix SAML adapters so they allow unescaped characters in URIs

Browse source 
- Makes adapters bahavior consistent with containers that allow unescaped characters in URIs
This commit is contained in:
Stefan Guilhen 2021-06-27 23:31:12 -03:00 committed by Hynek Mlnařík
parent ff70e2e04b
commit 9e676fce7e
7 changed files with 23 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
View file

@ -151,7 +151,7 @@ public class OAuthRequestAuthenticator {
}
KeycloakUriBuilder secureUrl = KeycloakUriBuilder.fromUri(url).scheme("https").port(-1);
if (port != 443) secureUrl.port(port);
url = secureUrl.build().toString();
url = secureUrl.buildAsString();
}
String loginHint = getQueryParamValue("login_hint");
@ -197,7 +197,7 @@ public class OAuthRequestAuthenticator {
scope = TokenUtil.attachOIDCScope(scope);
redirectUriBuilder.queryParam(OAuth2Constants.SCOPE, scope);
return redirectUriBuilder.build().toString();
return redirectUriBuilder.buildAsString();
}
protected int sslRedirectPort() {
@ -385,7 +385,7 @@ public class OAuthRequestAuthenticator {
.replaceQueryParam(OAuth2Constants.CODE, null)
.replaceQueryParam(OAuth2Constants.STATE, null)
.replaceQueryParam(OAuth2Constants.SESSION_STATE, null);
return builder.build().toString();
return builder.buildAsString();
}
private String rewrittenRedirectUri(String originalUri) {

2
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/ServerRequest.java
View file

@ -292,7 +292,7 @@ public class ServerRequest {
KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri)
.replaceQueryParam(OAuth2Constants.CODE, null)
.replaceQueryParam(OAuth2Constants.STATE, null);
return builder.build().toString();
return builder.buildAsString();
}

2
adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java
View file

@ -230,7 +230,7 @@ public class ServletSamlSessionStore implements SamlSessionStore {
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(exchange.getRequestURI())
.replaceQuery(exchange.getQueryString());
if (!exchange.isHostIncludedInRequestURI()) uriBuilder.scheme(exchange.getRequestScheme()).host(exchange.getHostAndPort());
String uri = uriBuilder.build().toString();
String uri = uriBuilder.buildAsString();
session.setAttribute(SAML_REDIRECT_URI, uri);

6
adapters/saml/wildfly-elytron/src/main/java/org/keycloak/adapters/saml/elytron/ElytronSamlSessionStore.java
View file

@ -212,11 +212,7 @@ public class ElytronSamlSessionStore implements SamlSessionStore, ElytronTokeSto
if (!scope.exists()) {
scope.create();
}
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(exchange.getURI()).replaceQuery(exchange.getURI().getQuery());
String uri = uriBuilder.build().toString();
scope.setAttachment(SAML_REDIRECT_URI, uri);
scope.setAttachment(SAML_REDIRECT_URI, exchange.getRequest().getURI());
}
@Override

2
adapters/spi/undertow-adapter-spi/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java
View file

@ -96,7 +96,7 @@ public class UndertowHttpFacade implements HttpFacade {
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(exchange.getRequestURI())
.replaceQuery(exchange.getQueryString());
if (!exchange.isHostIncludedInRequestURI()) uriBuilder.scheme(exchange.getRequestScheme()).host(exchange.getHostAndPort());
return uriBuilder.build().toString();
return uriBuilder.buildAsString();
}
@Override

25
common/src/main/java/org/keycloak/common/util/KeycloakUriBuilder.java
View file

@ -571,28 +571,33 @@ public class KeycloakUriBuilder {
return buildFromValues(true, false, values);
}
public String buildAsString(Object... values) throws IllegalArgumentException {
if (values == null) throw new IllegalArgumentException("values parameter is null");
return buildFromValuesAsString(true, false, values);
}
protected URI buildFromValues(boolean encodeSlash, boolean encoded, Object... values) {
String buf = buildFromValuesAsString(encodeSlash, encoded, values);
try {
return new URI(buf);
} catch (Exception e) {
throw new RuntimeException("Failed to create URI: " + buf, e);
}
}
protected String buildFromValuesAsString(boolean encodeSlash, boolean encoded, Object... values) {
List<String> params = getPathParamNamesInDeclarationOrder();
if (values.length < params.size())
throw new IllegalArgumentException("You did not supply enough values to fill path parameters");
Map<String, Object> pathParams = new HashMap<String, Object>();
for (int i = 0; i < params.size(); i++) {
String pathParam = params.get(i);
Object val = values[i];
if (val == null) throw new IllegalArgumentException("A value was null");
pathParams.put(pathParam, val.toString());
}
String buf = null;
try {
buf = buildString(pathParams, encoded, false, encodeSlash);
return new URI(buf);
//return URI.create(buf);
} catch (Exception e) {
throw new RuntimeException("Failed to create URI: " + buf, e);
}
return buildString(pathParams, encoded, false, encodeSlash);
}
public KeycloakUriBuilder matrixParam(String name, Object... values) throws IllegalArgumentException {

2
core/src/main/java/org/keycloak/AbstractOAuthClient.java
View file

@ -130,7 +130,7 @@ public class AbstractOAuthClient {
KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri)
.replaceQueryParam(OAuth2Constants.CODE, null)
.replaceQueryParam(OAuth2Constants.STATE, null);
return builder.build().toString();
return builder.buildAsString();
}
}