Details
diff --git a/model/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java
index 473aab9..7781e3a 100755
--- a/model/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java
@@ -175,7 +175,7 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
replicationConfigBuilder.clustering().cacheMode(async ? CacheMode.REPL_ASYNC : CacheMode.REPL_SYNC);
}
- boolean jdgEnabled = config.getBoolean("remoteStoreEnabled");
+ boolean jdgEnabled = config.getBoolean("remoteStoreEnabled", false);
if (jdgEnabled) {
configureRemoteCacheStore(replicationConfigBuilder, async);
}
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
index 5d2d054..605047f 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/LoginStatusIframeEndpoint.java
@@ -75,7 +75,7 @@ public class LoginStatusIframeEndpoint {
if (client != null) {
Set<String> validWebOrigins = WebOriginsUtils.resolveValidWebOrigins(uriInfo, client);
validWebOrigins.add(UriUtils.getOrigin(uriInfo.getRequestUri()));
- if (validWebOrigins.contains(origin)) {
+ if (validWebOrigins.contains("*") || validWebOrigins.contains(origin)) {
return Response.noContent().build();
}
}
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/utils/WebOriginsUtils.java b/services/src/main/java/org/keycloak/protocol/oidc/utils/WebOriginsUtils.java
index f606bfc..83f90f0 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/utils/WebOriginsUtils.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/utils/WebOriginsUtils.java
@@ -21,6 +21,7 @@ import org.keycloak.common.util.UriUtils;
import org.keycloak.models.ClientModel;
import javax.ws.rs.core.UriInfo;
+import java.util.HashSet;
import java.util.Set;
/**
@@ -31,17 +32,20 @@ public class WebOriginsUtils {
public static final String INCLUDE_REDIRECTS = "+";
public static Set<String> resolveValidWebOrigins(UriInfo uriInfo, ClientModel client) {
- Set<String> webOrigins = client.getWebOrigins();
- if (webOrigins != null && webOrigins.contains("+")) {
- webOrigins.remove(INCLUDE_REDIRECTS);
+ Set<String> origins = new HashSet<>();
+ if (client.getWebOrigins() != null) {
+ origins.addAll(client.getWebOrigins());
+ }
+ if (origins.contains("+")) {
+ origins.remove(INCLUDE_REDIRECTS);
client.getRedirectUris();
for (String redirectUri : RedirectUtils.resolveValidRedirects(uriInfo, client.getRootUrl(), client.getRedirectUris())) {
if (redirectUri.startsWith("http://") || redirectUri.startsWith("https://")) {
- webOrigins.add(UriUtils.getOrigin(redirectUri));
+ origins.add(UriUtils.getOrigin(redirectUri));
}
}
}
- return webOrigins;
+ return origins;
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LoginStatusIframeEndpointTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LoginStatusIframeEndpointTest.java
index 4bb437c..7a01e4e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LoginStatusIframeEndpointTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LoginStatusIframeEndpointTest.java
@@ -31,12 +31,15 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.junit.Test;
+import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.models.Constants;
+import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import java.io.IOException;
import java.net.URLEncoder;
+import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Matcher;
@@ -159,6 +162,31 @@ public class LoginStatusIframeEndpointTest extends AbstractKeycloakTest {
}
}
+ @Test
+ public void checkIframeWildcardOrigin() throws IOException {
+ String id = adminClient.realm("master").clients().findByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID).get(0).getId();
+ ClientResource master = adminClient.realm("master").clients().get(id);
+ ClientRepresentation rep = master.toRepresentation();
+ List<String> org = rep.getWebOrigins();
+ CloseableHttpClient client = HttpClients.createDefault();
+ try {
+ rep.setWebOrigins(Collections.singletonList("*"));
+ master.update(rep);
+
+ HttpGet get = new HttpGet(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/protocol/openid-connect/login-status-iframe.html/init?"
+ + "client_id=" + Constants.ADMIN_CONSOLE_CLIENT_ID
+ + "&origin=" + "http://anything"
+ );
+ CloseableHttpResponse response = client.execute(get);
+ assertEquals(204, response.getStatusLine().getStatusCode());
+ response.close();
+ } finally {
+ rep.setWebOrigins(org);
+ master.update(rep);
+ client.close();
+ }
+ }
+
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
}
