Prosoft Git

keycloak-aplcache

Merge pull request #1288 from dbarentine/master [KEYCLOAK-1354]

6/2/2015 8:59:50 AM
Bill Burke

Bill Burke

Commit: 1fd22ee

Tree: 7272b66

Parents: 483ac69
852e799

Changes

broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java 8(+4 -4)

saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java 14(+7 -7)

Details

broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java 8(+4 -4) 

diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
index 1977bd3..a4fe1cf 100755
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
@@ -180,10 +180,10 @@ public class SAMLEndpoint {
             SAMLDocumentHolder holder = extractRequestDocument(samlRequest);
             RequestAbstractType requestAbstractType = (RequestAbstractType) holder.getSamlObject();
             // validate destination
-            if (!uriInfo.getAbsolutePath().equals(requestAbstractType.getDestination())) {
+            if (requestAbstractType.getDestination() != null && !uriInfo.getAbsolutePath().equals(requestAbstractType.getDestination())) {
                 event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
-                event.error(Errors.INVALID_SAML_RESPONSE);
                 event.detail(Details.REASON, "invalid_destination");
+                event.error(Errors.INVALID_SAML_RESPONSE);
                 return ErrorPage.error(session, Messages.INVALID_REQUEST);
             }
             if (config.isValidateSignature()) {
@@ -354,10 +354,10 @@ public class SAMLEndpoint {
             SAMLDocumentHolder holder = extractResponseDocument(samlResponse);
             StatusResponseType statusResponse = (StatusResponseType)holder.getSamlObject();
             // validate destination
-            if (!uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
+            if (statusResponse.getDestination() != null && !uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
                 event.event(EventType.IDENTITY_PROVIDER_RESPONSE);
-                event.error(Errors.INVALID_SAML_RESPONSE);
                 event.detail(Details.REASON, "invalid_destination");
+                event.error(Errors.INVALID_SAML_RESPONSE);
                 return ErrorPage.error(session, Messages.INVALID_FEDERATED_IDENTITY_ACTION);
             }
             if (config.isValidateSignature()) {

saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java 14(+7 -7) 

diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
index d11ffb0..bfa184b 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -127,9 +127,9 @@ public class SamlService {
             SAMLDocumentHolder holder = extractResponseDocument(samlResponse);
             StatusResponseType statusResponse = (StatusResponseType) holder.getSamlObject();
             // validate destination
-            if (!uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
-                event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE);
+            if (statusResponse.getDestination() != null && !uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
                 event.detail(Details.REASON, "invalid_destination");
+                event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE);
                 return ErrorPage.error(session, Messages.INVALID_REQUEST);
             }
 
@@ -229,9 +229,9 @@ public class SamlService {
 
         protected Response loginRequest(String relayState, AuthnRequestType requestAbstractType, ClientModel client) {
             // validate destination
-            if (!uriInfo.getAbsolutePath().equals(requestAbstractType.getDestination())) {
-                event.error(Errors.INVALID_SAML_AUTHN_REQUEST);
+            if (requestAbstractType.getDestination() != null && !uriInfo.getAbsolutePath().equals(requestAbstractType.getDestination())) {
                 event.detail(Details.REASON, "invalid_destination");
+                event.error(Errors.INVALID_SAML_AUTHN_REQUEST);
                 return ErrorPage.error(session, Messages.INVALID_REQUEST);
             }
             String bindingType = getBindingType(requestAbstractType);
@@ -276,8 +276,8 @@ public class SamlService {
                 if (isSupportedNameIdFormat(nameIdFormat)) {
                     clientSession.setNote(GeneralConstants.NAMEID_FORMAT, nameIdFormat);
                 } else {
-                    event.error(Errors.INVALID_SAML_AUTHN_REQUEST);
                     event.detail(Details.REASON, "unsupported_nameid_format");
+                    event.error(Errors.INVALID_SAML_AUTHN_REQUEST);
                     return ErrorPage.error(session, Messages.UNSUPPORTED_NAME_ID_FORMAT);
                 }
             }
@@ -339,9 +339,9 @@ public class SamlService {
 
         protected Response logoutRequest(LogoutRequestType logoutRequest, ClientModel client, String relayState) {
             // validate destination
-            if (!uriInfo.getAbsolutePath().equals(logoutRequest.getDestination())) {
-                event.error(Errors.INVALID_SAML_LOGOUT_REQUEST);
+            if (logoutRequest.getDestination() != null && !uriInfo.getAbsolutePath().equals(logoutRequest.getDestination())) {
                 event.detail(Details.REASON, "invalid_destination");
+                event.error(Errors.INVALID_SAML_LOGOUT_REQUEST);
                 return ErrorPage.error(session, Messages.INVALID_REQUEST);
             }

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github