diff --git a/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java b/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
index f00b2a7..60f5493 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java
@@ -42,8 +42,9 @@ public class RedirectUtils {
}
public static String verifyRedirectUri(UriInfo uriInfo, String redirectUri, RealmModel realm, ClientModel client) {
- Set<String> validRedirects = client.getRedirectUris();
- return verifyRedirectUri(uriInfo, client.getRootUrl(), redirectUri, realm, validRedirects);
+ if (client != null)
+ return verifyRedirectUri(uriInfo, client.getRootUrl(), redirectUri, realm, client.getRedirectUris());
+ return null;
}
public static Set<String> resolveValidRedirects(UriInfo uriInfo, String rootUrl, Set<String> validRedirects) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
index 0dc7597..65a2e9b 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
@@ -813,4 +813,18 @@ public class AccountTest extends TestRealmKeycloakTest {
}
+ @Test
+ public void testInvalidReferrer() {
+ driver.navigate().to(profilePage.getPath() + "?referrer=test-app");
+ loginPage.login("test-user@localhost", "password");
+ Assert.assertTrue(profilePage.isCurrent());
+ profilePage.backToApplication();
+
+ Assert.assertTrue(appPage.isCurrent());
+
+ driver.navigate().to(profilePage.getPath() + "?referrer=test-invalid&referrer_uri=http://localhost:8180/auth/realms/master/app/auth?test");
+ Assert.assertTrue(profilePage.isCurrent());
+
+ events.clear();
+ }
}
