[keycloak-user] Defect in the OIDCAttributeMapperHelper class

Jeff Macomber jeff.macomber at modernizingmedicine.com
Sat Nov 21 12:28:48 EST 2015 

Hi Bill,

Yes, a NPE. Here is the stack trace.  Sorry meant  to include it in the
original message.

Caused by: java.lang.NullPointerException

at
org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper.mapAttributeValue(OIDCAttributeMapperHelper.java:64)

at
org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper.mapClaim(OIDCAttributeMapperHelper.java:78)

at
org.keycloak.protocol.oidc.mappers.UserAttributeMapper.setClaim(UserAttributeMapper.java:89)

at
org.keycloak.protocol.oidc.mappers.UserAttributeMapper.transformIDToken(UserAttributeMapper.java:95)

at
org.keycloak.protocol.oidc.TokenManager.transformIDToken(TokenManager.java:421)

at
org.keycloak.protocol.oidc.TokenManager$AccessTokenResponseBuilder.generateIDToken(TokenManager.java:571)

at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.buildAuthorizationCodeAccessTokenResponse(TokenEndpoint.java:249)

at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.build(TokenEndpoint.java:106)

at sun.reflect.GeneratedMethodAccessor258.invoke(Unknown Source)

at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
...

Thanks
Jeff


On Fri, Nov 20, 2015 at 2:30 PM, Jeff Macomber <
jeff.macomber at modernizingmedicine.com> wrote:

> HI,
>
> I believe i have come across a defect in the OIDCAttributeMapperHelper
> class.  The issue occurs when you have a String Attribute which is set with
> no value using a custom federation provider.  The code blows up on the line:
> return attributeValue.toString(); (Line 64)
>
> in the section of code:
> String type = mappingModel.getConfig().get(JSON_TYPE);
> if (type == null) return attributeValue;
> if (type.equals("boolean")) {
>      if (attributeValue instanceof Boolean) return attributeValue;
>      if (attributeValue instanceof String) return
> Boolean.valueOf((String)attributeValue);
>      throw new RuntimeException("cannot map type for token claim");
> } else if (type.equals("String")) {
>      if (attributeValue instanceof String) return attributeValue;
>      return attributeValue.toString();
> } else if (type.equals("long")) {
>      if (attributeValue instanceof Long) return attributeValue;
>      if (attributeValue instanceof String) return
> Long.valueOf((String)attributeValue);
>      throw new RuntimeException("cannot map type for token claim");
> } else if (type.equals("int")) {
>      if (attributeValue instanceof Integer) return attributeValue;
>      if (attributeValue instanceof String) return
> Integer.valueOf((String)attributeValue);
>      throw new RuntimeException("cannot map type for token claim");
> }
> return attributeValue;
>
> The attribute exists with no value which causes the attrbuteValue to be
> null and there is no check for null at that point.  I would expect it would
> return empty string if the type is string and the value is null.
>
> Thanks,
> jeff
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151121/2e042dd4/attachment.html

More information about the keycloak-user mailing list