From a412bb7b99468fc80db57f18e2c1271696b86fc1 Mon Sep 17 00:00:00 2001
From: Sebastian Kanzow <sebastian.kanzow@global-scale.com>
Date: Thu, 10 Jun 2021 17:47:47 +0200
Subject: [PATCH] [KEYCLOAK-18417] Skip SAML 2.0 AttributeValue with
 user-defined xsi types

---
 .../assertion/SAMLAttributeValueParser.java   |  7 ++-
 .../saml/SAMLAttributeValueParserTest.java    | 55 +++++++++++++++++++
 2 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeValueParserTest.java

diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/assertion/SAMLAttributeValueParser.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/assertion/SAMLAttributeValueParser.java
index 215e75e3a6..630d3a6221 100644
--- a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/assertion/SAMLAttributeValueParser.java
+++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/assertion/SAMLAttributeValueParser.java
@@ -36,7 +36,7 @@ import javax.xml.stream.events.StartElement;
 import javax.xml.stream.events.XMLEvent;
 
 /**
- * 
+ *
  */
 public class SAMLAttributeValueParser implements StaxParser {
 
@@ -105,7 +105,10 @@ public class SAMLAttributeValueParser implements StaxParser {
             return StaxParserUtil.getElementText(xmlEventReader);
         }
 
-        throw logger.parserUnknownXSI(typeValue);
+        // KEYCLOAK-18417: Simply ignore unknown types
+        logger.debug("Skipping attribute value of unsupported type " + typeValue);
+        StaxParserUtil.bypassElementBlock(xmlEventReader);
+        return null;
     }
 
     public static String parseAnyTypeAsString(XMLEventReader xmlEventReader) throws ParsingException {
diff --git a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeValueParserTest.java b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeValueParserTest.java
new file mode 100644
index 0000000000..57cffabf56
--- /dev/null
+++ b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeValueParserTest.java
@@ -0,0 +1,55 @@
+package org.keycloak.saml.processing.core.parsers.saml;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.keycloak.saml.common.parsers.AbstractParser;
+import org.keycloak.saml.processing.core.parsers.saml.assertion.SAMLAttributeValueParser;
+
+import javax.xml.stream.XMLEventReader;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+
+public class SAMLAttributeValueParserTest {
+
+    private static final String XML_DOC =
+            "<saml2:Attribute xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\"\n>"
+                    + "  <saml2:AttributeValue xmlns:myCustomType=\"http://www.whatever.de/schema/myCustomType/saml/extensions\"\n"
+                    + "                        xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"myCustomType:Something\">\n"
+                    + "    Some Text\n"
+                    + "  </saml2:AttributeValue>\n"
+                    + "</saml2:Attribute>";
+
+    private static final String XML_DOC_WITH_NESTED_ELEMENTS =
+        "<saml2:Attribute xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\"\n>"
+        + "  <saml2:AttributeValue xmlns:myCustomType=\"http://www.whatever.de/schema/myCustomType/saml/extensions\"\n"
+        + "                        xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"myCustomType:AddressType\">\n"
+        + "    <myCustomType:Street>Zillestraße</myCustomType:Street>\n"
+        + "    <myCustomType:HouseNumber>17</myCustomType:HouseNumber>\n"
+        + "    <myCustomType:ZipCode>10585</myCustomType:ZipCode>\n"
+        + "    <myCustomType:City>Berlin</myCustomType:City>\n"
+        + "    <myCustomType:Country>DE</myCustomType:Country>\n"
+        + "  </saml2:AttributeValue>\n"
+        + "</saml2:Attribute>";
+
+    @Test
+    public void parsesAttributeValueElementWithCustomTypes_ReturnsNull() throws Exception {
+        InputStream input = new ByteArrayInputStream(XML_DOC.getBytes(StandardCharsets.UTF_8));
+        XMLEventReader xmlEventReader = AbstractParser.createEventReader(input);
+        xmlEventReader.nextEvent();
+        final Object attributeValue = SAMLAttributeValueParser.getInstance().parse(xmlEventReader);
+
+        Assert.assertNull(attributeValue);
+    }
+
+    @Test
+    public void parsesAttributeValueElementWithSubElements_ReturnsNull() throws Exception {
+        InputStream input = new ByteArrayInputStream(XML_DOC_WITH_NESTED_ELEMENTS.getBytes(StandardCharsets.UTF_8));
+        XMLEventReader xmlEventReader = AbstractParser.createEventReader(input);
+        xmlEventReader.nextEvent();
+        final Object attributeValue = SAMLAttributeValueParser.getInstance().parse(xmlEventReader);
+
+        Assert.assertNull(attributeValue);
+    }
+}