Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-12612

Upgrading from jboss/keycloak:7.0.0 to jboss/keycloak:8.0.1 changed the behavior of KeycloakUriInfo, breaking our SAML integration.

    Details

      Description

      Commit b8881b8ea062afa2f1b5a613dd856900b73f2121 changed line:

      baseURI = delegate.getAbsolutePathBuilder().scheme(scheme).host(hostname).port(port).build()
      

      into

      baseURI = delegate.getAbsolutePath()
      

      In our situation, the former results in https://xxx, whereas the latter results in http://xxx, even though the scheme still evaluates to https.

      This leads to a failure of

      destinationValidator.validate(session.getContext().getUri().getAbsolutePath(), requestAbstractType.getDestination())
      

      resulting in

      Errors.INVALID_SAML_AUTHN_REQUEST.
      

      Can we temporarily work around this by changing the Destination in our saml message to http://xxx instead of https://xxx, or would this have grave consequences?

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  sguilhen Stefan Guilhen
                  Reporter:
                  jvanheesch Joris van Heesch
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: