Picketlink/EAP 7.0.7 is passing the values as a system property but after an update to 7.0.8, variables aren't resolved anymore at picketlink startup.
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1"> <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" BindingType="POST" LogOutPage="/myLogoutPage" IDPUsesPostBinding="true" SupportsSignatures="true"> <IdentityURL>${plink.IDPurl}</IdentityURL> <ServiceURL>${plink.SPurl}</ServiceURL> ...
in standalone.xml we defined the system properties:
<system-properties>
...
<property name="plink.IDPurl" value="https://www.myidp.com"/>
<property name="plink.SPurl" value="https://mysp.com/"/>
...
Error Snippet:
2017-10-10 15:34:12,930 ERROR [org.picketlink.common] (ServerService Thread Pool -- 64) Exception creating TrustKeyManager:: java.net.MalformedURLException: no protocol: ${plink.IDPurl}
The fix for Bug 1410481 - (CVE-2017-2582) CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties is the cause of the issue.
- is cloned by
-
JBEAP-13878 [GSS](7.1.z) The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml
-
- Closed
-
- is incorporated by
-
JBEAP-13895 [GSS](7.2.0) Upgrade picketlink from 2.5.5.SP8 to 2.5.5.SP9
-
- Closed
-
- relates to
-
-
- Open
-
