Possible client enumeration in the authorization endpoint

Closes #12164
2022-07-26 04:10:06 -03:00 · 2022-07-26 04:10:06 -03:00 · ee2c5391bd
commit ee2c5391bd
parent eb1f31e9dd
2 changed files with 2 additions and 2 deletions
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/AuthorizationEndpoint.java
@ -230,7 +230,7 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
        client = realm.getClientByClientId(clientId);
        if (client == null) {
            event.error(Errors.CLIENT_NOT_FOUND);
-            throw new ErrorPageException(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND);
+            throw new ErrorPageException(session, authenticationSession, Response.Status.BAD_REQUEST, Messages.INVALID_PARAMETER, OIDCLoginProtocol.REDIRECT_URI_PARAM);
        }

        if (!client.isEnabled()) {
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/error/UncaughtErrorPageTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/error/UncaughtErrorPageTest.java
@ -182,7 +182,7 @@ public class UncaughtErrorPageTest extends AbstractKeycloakTest {
        oauth.openLoginForm();

        assertTrue(errorPage.isCurrent());
-        assertEquals("Client not found.", errorPage.getError());
+        assertEquals("Invalid parameter: redirect_uri", errorPage.getError());
    }

    @Test