diff --git a/core/src/main/java/org/keycloak/util/UriUtils.java b/core/src/main/java/org/keycloak/util/UriUtils.java
index 70c6824..f9687a5 100755
--- a/core/src/main/java/org/keycloak/util/UriUtils.java
+++ b/core/src/main/java/org/keycloak/util/UriUtils.java
@@ -63,4 +63,7 @@ public class UriUtils {
return map;
}
+ public static String stripQueryParam(String url, String name){
+ return url.replaceFirst("[\\?&]"+name+"=[^&]*$|"+name+"=[^&]*&", "");
+ }
}
diff --git a/core/src/test/java/org/keycloak/util/UriUtilsTest.java b/core/src/test/java/org/keycloak/util/UriUtilsTest.java
index af89777..0740ec2 100644
--- a/core/src/test/java/org/keycloak/util/UriUtilsTest.java
+++ b/core/src/test/java/org/keycloak/util/UriUtilsTest.java
@@ -2,6 +2,7 @@ package org.keycloak.util;
import org.junit.Test;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@@ -43,4 +44,15 @@ public class UriUtilsTest {
assertFalse(UriUtils.isOrigin(origin));
}
+ @Test
+ public void testStripQueryParam(){
+ assertEquals("http://localhost",UriUtils.stripQueryParam("http://localhost?login_hint=michael","login_hint"));
+ assertEquals("http://localhost",UriUtils.stripQueryParam("http://localhost?login_hint=michael@me.com","login_hint"));
+ assertEquals("http://localhost?param=test",UriUtils.stripQueryParam("http://localhost?param=test&login_hint=michael","login_hint"));
+ assertEquals("http://localhost?param=test",UriUtils.stripQueryParam("http://localhost?param=test&login_hint=michael@me.com","login_hint"));
+ assertEquals("http://localhost?param=test",UriUtils.stripQueryParam("http://localhost?login_hint=michael¶m=test","login_hint"));
+ assertEquals("http://localhost?param=test",UriUtils.stripQueryParam("http://localhost?login_hint=michael@me.com¶m=test","login_hint"));
+ assertEquals("http://localhost?pre=test¶m=test",UriUtils.stripQueryParam("http://localhost?pre=test&login_hint=michael¶m=test","login_hint"));
+ assertEquals("http://localhost?pre=test¶m=test",UriUtils.stripQueryParam("http://localhost?pre=test&login_hint=michael@me.com¶m=test","login_hint"));
+ }
}
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
index 37405bc..f0f4797 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
@@ -11,6 +11,7 @@ import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.IDToken;
import org.keycloak.util.KeycloakUriBuilder;
+import org.keycloak.util.UriUtils;
import java.io.IOException;
import java.util.UUID;
@@ -128,7 +129,7 @@ public class OAuthRequestAuthenticator {
}
String loginHint = getQueryParamValue("login_hint");
- url = url.replaceFirst("[\\?&]login_hint=[^&]*$|login_hint=.*&", "");
+ url = UriUtils.stripQueryParam(url,"login_hint");
KeycloakUriBuilder redirectUriBuilder = deployment.getAuthUrl().clone()
.queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
