Details
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2PostBindingResponseBuilder.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2PostBindingResponseBuilder.java
index a1145a1..6e89bd8 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2PostBindingResponseBuilder.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2PostBindingResponseBuilder.java
@@ -1,25 +1,4 @@
package org.keycloak.protocol.saml;
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
@@ -62,6 +41,7 @@ import static org.picketlink.common.util.StringUtil.isNotNull;
* Configuration Options:
*
* @author Anil.Saldhana@redhat.com
+ * @author bburke@redhat.com
*/
public class SAML2PostBindingResponseBuilder {
protected static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlLogin.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlLogin.java
index dfc4081..04e3dd1 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlLogin.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlLogin.java
@@ -35,6 +35,7 @@ import org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.w3c.dom.Document;
+import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
@@ -195,10 +196,22 @@ public class SamlLogin implements LoginProtocol {
ClientResponse response = null;
try {
response = request.post();
+ response.releaseConnection();
+ // Undertow will redirect root urls not ending in "/" to root url + "/". Test for this weird behavior
+ if (response.getStatus() == 302 && !adminUrl.endsWith("/")) {
+ String redirect = (String)response.getHeaders().getFirst(HttpHeaders.LOCATION);
+ String withSlash = adminUrl + "/";
+ if (withSlash.equals(redirect)) {
+ request = executor.createRequest(withSlash);
+ request.formParameter(GeneralConstants.SAML_REQUEST_KEY, logoutRequestString);
+ request.formParameter(SAML2LogOutHandler.BACK_CHANNEL_LOGOUT, SAML2LogOutHandler.BACK_CHANNEL_LOGOUT);
+ response = request.post();
+ response.releaseConnection();
+ }
+ }
} catch (Exception e) {
logger.warn("failed to send saml logout", e);
}
- response.releaseConnection();
} finally {
executor.getHttpClient().getConnectionManager().shutdown();
diff --git a/testsuite/integration/src/test/resources/testsaml.json b/testsuite/integration/src/test/resources/testsaml.json
index 4c06875..198f170 100755
--- a/testsuite/integration/src/test/resources/testsaml.json
+++ b/testsuite/integration/src/test/resources/testsaml.json
@@ -32,8 +32,8 @@
"name": "http://localhost:8080/sales-post/",
"enabled": true,
"fullScopeAllowed": true,
- "baseUrl": "http://localhost:8080/sales-post/",
- "adminUrl": "http://localhost:8080/sales-post/",
+ "baseUrl": "http://localhost:8080/sales-post",
+ "adminUrl": "http://localhost:8080/sales-post",
"redirectUris": [
"http://localhost:8080/sales-post/*"
]
