1:30 p.m.
HI,
I believe i have come across a defect in the OIDCAttributeMapperHelper
class. The issue occurs when you have a String Attribute which is set with
no value using a custom federation provider. The code blows up on the line:
return attributeValue.toString(); (Line 64)
in the section of code:
String type = mappingModel.getConfig().get(JSON_TYPE);
if (type == null) return attributeValue;
if (type.equals("boolean")) {
if (attributeValue instanceof Boolean) return attributeValue;
if (attributeValue instanceof String) return
Boolean.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
} else if (type.equals("String")) {
if (attributeValue instanceof String) return attributeValue;
return attributeValue.toString();
} else if (type.equals("long")) {
if (attributeValue instanceof Long) return attributeValue;
if (attributeValue instanceof String) return
Long.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
} else if (type.equals("int")) {
if (attributeValue instanceof Integer) return attributeValue;
if (attributeValue instanceof String) return
Integer.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
}
return attributeValue;
The attribute exists with no value which causes the attrbuteValue to be
null and there is no check for null at that point. I would expect it would
return empty string if the type is string and the value is null.
Thanks,
jeff
1:37 p.m.
If the value is null, then no attribute should be set. What does "blows
up" mean? NPE? Stack trace?
On 11/20/2015 2:30 PM, Jeff Macomber wrote:
HI,
I believe i have come across a defect in the OIDCAttributeMapperHelper
class. The issue occurs when you have a String Attribute which is set
with no value using a custom federation provider. The code blows up on
the line:
return attributeValue.toString(); (Line 64)
in the section of code:
String type = mappingModel.getConfig().get(JSON_TYPE);
if (type == null) return attributeValue;
if (type.equals("boolean")) {
if (attributeValue instanceof Boolean) return attributeValue;
if (attributeValue instanceof String) return
Boolean.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
} else if (type.equals("String")) {
if (attributeValue instanceof String) return attributeValue;
return attributeValue.toString();
} else if (type.equals("long")) {
if (attributeValue instanceof Long) return attributeValue;
if (attributeValue instanceof String) return
Long.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
} else if (type.equals("int")) {
if (attributeValue instanceof Integer) return attributeValue;
if (attributeValue instanceof String) return
Integer.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
}
return attributeValue;
The attribute exists with no value which causes the attrbuteValue to be
null and there is no check for null at that point. I would expect it
would return empty string if the type is string and the value is null.
Thanks,
jeff
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11:28 a.m.
Hi Bill,
Yes, a NPE. Here is the stack trace. Sorry meant to include it in the
original message.
Caused by: java.lang.NullPointerException
at
org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper.mapAttributeValue(OIDCAttributeMapperHelper.java:64)
at
org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper.mapClaim(OIDCAttributeMapperHelper.java:78)
at
org.keycloak.protocol.oidc.mappers.UserAttributeMapper.setClaim(UserAttributeMapper.java:89)
at
org.keycloak.protocol.oidc.mappers.UserAttributeMapper.transformIDToken(UserAttributeMapper.java:95)
at
org.keycloak.protocol.oidc.TokenManager.transformIDToken(TokenManager.java:421)
at
org.keycloak.protocol.oidc.TokenManager$AccessTokenResponseBuilder.generateIDToken(TokenManager.java:571)
at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.buildAuthorizationCodeAccessTokenResponse(TokenEndpoint.java:249)
at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.build(TokenEndpoint.java:106)
at sun.reflect.GeneratedMethodAccessor258.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
...
Thanks
Jeff
On Fri, Nov 20, 2015 at 2:30 PM, Jeff Macomber <
jeff.macomber(a)modernizingmedicine.com> wrote:
HI,
I believe i have come across a defect in the OIDCAttributeMapperHelper
class. The issue occurs when you have a String Attribute which is set with
no value using a custom federation provider. The code blows up on the line:
return attributeValue.toString(); (Line 64)
in the section of code:
String type = mappingModel.getConfig().get(JSON_TYPE);
if (type == null) return attributeValue;
if (type.equals("boolean")) {
if (attributeValue instanceof Boolean) return attributeValue;
if (attributeValue instanceof String) return
Boolean.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
} else if (type.equals("String")) {
if (attributeValue instanceof String) return attributeValue;
return attributeValue.toString();
} else if (type.equals("long")) {
if (attributeValue instanceof Long) return attributeValue;
if (attributeValue instanceof String) return
Long.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
} else if (type.equals("int")) {
if (attributeValue instanceof Integer) return attributeValue;
if (attributeValue instanceof String) return
Integer.valueOf((String)attributeValue);
throw new RuntimeException("cannot map type for token claim");
}
return attributeValue;
The attribute exists with no value which causes the attrbuteValue to be
null and there is no check for null at that point. I would expect it would
return empty string if the type is string and the value is null.
Thanks,
jeff
3324
days inactive
3325
days old
2 comments
2 participants
participants (2)
-
Bill Burke -
Jeff Macomber