From e6d7749cbff0856b937effe7dfef5fd2da6f9139 Mon Sep 17 00:00:00 2001 From: Daniele Martinoli <86618610+dmartinol@users.noreply.github.com> Date: Thu, 6 Jul 2023 13:14:38 +0200 Subject: [PATCH] fix for 21476 --- ...rokerUnmatchedEssentialClaimException.java | 31 +++++++++++++++++++ .../oidc/AbstractOAuth2IdentityProvider.java | 3 ++ .../broker/oidc/OIDCIdentityProvider.java | 7 +++-- .../keycloak/services/messages/Messages.java | 2 ++ .../login/messages/messages_en.properties | 1 + 5 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 server-spi-private/src/main/java/org/keycloak/broker/provider/IdentityBrokerUnmatchedEssentialClaimException.java diff --git a/server-spi-private/src/main/java/org/keycloak/broker/provider/IdentityBrokerUnmatchedEssentialClaimException.java b/server-spi-private/src/main/java/org/keycloak/broker/provider/IdentityBrokerUnmatchedEssentialClaimException.java new file mode 100644 index 0000000000..26925677de --- /dev/null +++ b/server-spi-private/src/main/java/org/keycloak/broker/provider/IdentityBrokerUnmatchedEssentialClaimException.java @@ -0,0 +1,31 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.broker.provider; + +/** + * @author dmartino + */ +public class IdentityBrokerUnmatchedEssentialClaimException extends RuntimeException { + + public IdentityBrokerUnmatchedEssentialClaimException(String message) { + super(message); + } + + public IdentityBrokerUnmatchedEssentialClaimException(String message, Throwable t) { + super(message, t); + } +} diff --git a/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java index 26ce8f4dd6..b7d4ac1ef3 100755 --- a/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java +++ b/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java @@ -28,6 +28,7 @@ import org.keycloak.broker.provider.BrokeredIdentityContext; import org.keycloak.broker.provider.ExchangeExternalToken; import org.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken; import org.keycloak.broker.provider.IdentityBrokerException; +import org.keycloak.broker.provider.IdentityBrokerUnmatchedEssentialClaimException; import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.util.IdentityBrokerState; import org.keycloak.broker.provider.util.SimpleHttp; @@ -518,6 +519,8 @@ public abstract class AbstractOAuth2IdentityProviderv.matches(filterValue))) { logger.warnf("Claim %s has values \"%s\" that does not match the expected filter \"%s\"", filterName, claimValues, filterValue); - throw new IdentityBrokerException(String.format("Unmatched claim value for %s.", filterName)); + throw new IdentityBrokerUnmatchedEssentialClaimException(String.format("Unmatched claim value for %s.", filterName)); } } else { logger.debugf("Claim %s was not found", filterName); - throw new IdentityBrokerException(String.format("Claim %s not found", filterName)); + throw new IdentityBrokerUnmatchedEssentialClaimException(String.format("Claim %s not found", filterName)); } } @@ -432,6 +433,8 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider