[keycloak-user] Defect in the OIDCAttributeMapperHelper class
Jeff Macomber
jeff.macomber at modernizingmedicine.com
Fri Nov 20 14:30:50 EST 2015
HI,
I believe i have come across a defect in the OIDCAttributeMapperHelper
class. The issue occurs when you have a String Attribute which is set with
no value using a custom federation provider. The code blows up on the line:
return attributeValue.toString(); (Line 64)
in the section of code:
String type = mappingModel.getConfig().get(JSON_TYPE);
if (type == null) return attributeValue;
if (type.equals("boolean")) {
if (attributeValue instanceof Boolean) return attributeValue;
if (attributeValue instanceof String) return
Boolean.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
} else if (type.equals("String")) {
if (attributeValue instanceof String) return attributeValue;
return attributeValue.toString();
} else if (type.equals("long")) {
if (attributeValue instanceof Long) return attributeValue;
if (attributeValue instanceof String) return
Long.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
} else if (type.equals("int")) {
if (attributeValue instanceof Integer) return attributeValue;
if (attributeValue instanceof String) return
Integer.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
}
return attributeValue;
The attribute exists with no value which causes the attrbuteValue to be
null and there is no check for null at that point. I would expect it would
return empty string if the type is string and the value is null.
Thanks,
jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151120/c52e62b5/attachment.html
More information about the keycloak-user
mailing list