Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-19539

OpenIdAuthenticationMechanismDefinition logout redirectUri broken

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 32.0.1.Final
    • Security
    • None
    • ---
    • ---

      When a logout redirect uri is specified via LogoutDefinition

      @OpenIdAuthenticationMechanismDefinition(
      clientId = "${oidcConfig.clientId}",
      providerURI = "${oidcConfig.providerUri}",
      redirectURI = "${baseURL}/oidc/callback",
      logout = @LogoutDefinition(
      accessTokenExpiry = true,
      notifyProvider = true,
      identityTokenExpiry = true,
      redirectURI = "${baseURL}/oidc/logout"
      )
      )
      Then the logout URL is built as "org.jboss.resteasy.specimpl.ResteasyUriBuilderImpl@5396a321" since toString method of the UriBuilder is not guaranteed to return the URL. This might work in some implementations of UriBuilder but not when using the resteasy implementation.

      A build() is missing to create a URI Object first.

      The issue is also present in the upstream soteria project and should also be fixed there

      I have already created a pull request in the soteria fork of wildfly:
      https://github.com/wildfly-security/wildfly-elytron-ee/pull/34

              Unassigned Unassigned
              jens.viebig@vitec.com Jens Viebig (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: