libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

[KEYCLOAK-6814] check if HMAC exists during session restart

Browse source
This commit is contained in:
wyvie 2018-03-26 08:41:06 +02:00 committed by Marek Posolda
parent 92aba77cc1
commit d40e9bd3c1
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
View file

@ -154,6 +154,10 @@ public class RestartLoginCookie {
String encodedCookie = cook.getValue(); String encodedCookie = cook.getValue();
JWSInput input = new JWSInput(encodedCookie); JWSInput input = new JWSInput(encodedCookie);
SecretKey secretKey = session.keys().getHmacSecretKey(realm, input.getHeader().getKeyId()); SecretKey secretKey = session.keys().getHmacSecretKey(realm, input.getHeader().getKeyId());
if (secretKey == null) {
logger.debug("Failed to retrieve HMAC secret key for session restart");
return null;
}
if (!HMACProvider.verify(input, secretKey)) { if (!HMACProvider.verify(input, secretKey)) {
logger.debug("Failed to verify encoded RestartLoginCookie"); logger.debug("Failed to verify encoded RestartLoginCookie");
return null; return null;