mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-07 23:50:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix for 21476

Browse Source
This commit is contained in:
Daniele Martinoli
2023-07-06 13:14:38 +02:00
committed by Pedro Igor
parent b458356aa9
commit e6d7749cbf
5 changed files with 42 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
+3
View File
@@ -28,6 +28,7 @@ import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.ExchangeExternalToken;
import org.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityBrokerUnmatchedEssentialClaimException;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.util.IdentityBrokerState;
import org.keycloak.broker.provider.util.SimpleHttp;
@@ -518,6 +519,8 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
}
} catch (WebApplicationException e) {
return e.getResponse();
} catch (IdentityBrokerUnmatchedEssentialClaimException e) {
return errorIdentityProviderLogin(Messages.IDENTITY_PROVIDER_UNMATCHED_ESSENTIAL_CLAIM_ERROR);
} catch (Exception e) {
logger.error("Failed to make identity provider oauth callback", e);
}
services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
+5 -2
View File
@@ -27,6 +27,7 @@ import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.ExchangeExternalToken;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.IdentityBrokerUnmatchedEssentialClaimException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.SecretGenerator;
@@ -412,11 +413,11 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
logger.tracef("Found claim %s with values %s", filterName, claimValues);
if (!claimValues.stream().anyMatch(v->v.matches(filterValue))) {
logger.warnf("Claim %s has values \"%s\" that does not match the expected filter \"%s\"", filterName, claimValues, filterValue);
throw new IdentityBrokerException(String.format("Unmatched claim value for %s.", filterName));
throw new IdentityBrokerUnmatchedEssentialClaimException(String.format("Unmatched claim value for %s.", filterName));
}
} else {
logger.debugf("Claim %s was not found", filterName);
throw new IdentityBrokerException(String.format("Claim %s not found", filterName));
throw new IdentityBrokerUnmatchedEssentialClaimException(String.format("Claim %s not found", filterName));
}
}
@@ -432,6 +433,8 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
}
return identity;
} catch (IdentityBrokerUnmatchedEssentialClaimException e) {
throw e;
} catch (Exception e) {
throw new IdentityBrokerException("Could not fetch attributes from userinfo endpoint.", e);
}
services/src/main/java/org/keycloak/services/messages/Messages.java
+2
View File
@@ -180,6 +180,8 @@ public class Messages {
public static final String STALE_VERIFY_EMAIL_LINK = "staleEmailVerificationLink";
public static final String IDENTITY_PROVIDER_UNEXPECTED_ERROR = "identityProviderUnexpectedErrorMessage";
public static final String IDENTITY_PROVIDER_UNMATCHED_ESSENTIAL_CLAIM_ERROR = "federatedIdentityUnmatchedEssentialClaimMessage";
public static final String IDENTITY_PROVIDER_MISSING_STATE_ERROR = "identityProviderMissingStateMessage";