Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-2592

NPE in OIDC BackChannelLogoutHandler

    XMLWordPrintable

Details

    Description

      OIDC BackChannelLogoutHandler can throw NPE if no tenant configuration matching the back channel logout request has been found. BackChannelLogoutHandler checks if the tenant context is null and logs a message but currently forgets end the request, leading to a later NPE where this context is accessed.
      OIDC back channel logout spec requires 400 be returned if the logout request is invalid or has failed for whatever reasons, so 400 is returned in this case, https://openid.net/specs/openid-connect-backchannel-1_0.html#BCResponse

      Attachments

        Issue Links

          relates to

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. QUARKUS-2489 OIDC Back channel logout

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              sbiarozk Sergey Beryozkin
              rhn-support-pagonzal Pablo Gonzalez Granados (Inactive)
              Pablo Gonzalez Granados Pablo Gonzalez Granados (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: