libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #3604 from hmlnarik/KEYCLOAK-3950-NPE-when-request-includes-NameIDPolicy-but-format-is-missing

Browse source 
KEYCLOAK-3950 Fix NPE on request for NameIDPolicy without format
This commit is contained in:
Bill Burke 2016-12-05 10:17:04 -05:00 committed by GitHub
commit b52936bc5b
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
services/src/main/java/org/keycloak/protocol/saml/SamlService.java
View file

@ -248,9 +248,9 @@ public class SamlService extends AuthorizationEndpointBase {
String bindingType = getBindingType(requestAbstractType);
if (samlClient.forcePostBinding())
bindingType = SamlProtocol.SAML_POST_BINDING;
String redirect = null;
String redirect;
URI redirectUri = requestAbstractType.getAssertionConsumerServiceURL();
if (redirectUri != null && !"null".equals(redirectUri)) { // "null" is for testing purposes
if (redirectUri != null && ! "null".equals(redirectUri.toString())) { // "null" is for testing purposes
redirect = RedirectUtils.verifyRedirectUri(uriInfo, redirectUri.toString(), realm, client);
} else {
if (bindingType.equals(SamlProtocol.SAML_POST_BINDING)) {
@ -279,8 +279,9 @@ public class SamlService extends AuthorizationEndpointBase {
// Handle NameIDPolicy from SP
NameIDPolicyType nameIdPolicy = requestAbstractType.getNameIDPolicy();
if (nameIdPolicy != null && !samlClient.forceNameIDFormat()) {
String nameIdFormat = nameIdPolicy.getFormat().toString();
final URI nameIdFormatUri = nameIdPolicy == null ? null : nameIdPolicy.getFormat();
if (nameIdFormatUri != null && ! samlClient.forceNameIDFormat()) {
String nameIdFormat = nameIdFormatUri.toString();
// TODO: Handle AllowCreate too, relevant for persistent NameID.
if (isSupportedNameIdFormat(nameIdFormat)) {
clientSession.setNote(GeneralConstants.NAMEID_FORMAT, nameIdFormat);
@ -345,7 +346,7 @@ public class SamlService extends AuthorizationEndpointBase {
AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, false);
if (authResult != null) {
String logoutBinding = getBindingType();
if ("true".equals(samlClient.forcePostBinding()))
if (samlClient.forcePostBinding())
logoutBinding = SamlProtocol.SAML_POST_BINDING;
boolean postBinding = Objects.equals(SamlProtocol.SAML_POST_BINDING, logoutBinding);