- changed status to open
OpenID Connect Federation 1.0: fetchEntityStatement query param issue
Issue #420
resolved
Let’s say there’s an entity in the federation who exposes a fetch endpoint which includes a query parameter, for example
fetch endpoint = https://fake.entity.com/federation_fetch_endpoint?param1=value1
If we call DefaultEntityStatementRetriever.fetchEntityStatement with above fetch endpoint, sub = https://subject.com and iss = https://fake.entity.com ,
the class makes a call to
https://fake.entity.com/federation_fetch_endpoint?param1=value1?sub=https%3A%2F%2Fsubject.com&iss=https%3A%2F%2Ffake.entity.com
(there is “?” instead of an “&” after “value1”, which obviously results in an error)
the piece of code in DefaultEntityStatementRetriever that makes this concatenation is below:
private void record(final HTTPRequest httpRequest) {
URI uri = null;
if (httpRequest.getQuery() == null) {
uri = httpRequest.getURI();
} else {
try {
uri = new URI(httpRequest.getURL() + "?" + httpRequest.getQuery());
} catch (URISyntaxException e) {
// ignore
}
}
recordedRequests.add(uri);
}
Comments (3)
-
-
reporter - edited description
-
- changed status to resolved
Fixed here: dedfc0628e1a3d56d786c1205f556ac5e7ddd49d
- Log in to comment