[ELY-2034] Sanitize the provider-url in case a trailing slash was spe…

…cified
wildfly-security · Sep 10, 2021 · 98450ce · 98450ce
1 parent 818dfaf
commit 98450ce
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java
@@ -19,6 +19,7 @@
 package org.wildfly.security.http.oidc;
 
 import static org.wildfly.security.http.oidc.ElytronMessages.log;
+import static org.wildfly.security.http.oidc.Oidc.SLASH;
 import static org.wildfly.security.http.oidc.Oidc.SSLRequired;
 import static org.wildfly.security.http.oidc.Oidc.TokenStore;
 
@@ -145,14 +146,21 @@ protected OidcClientConfiguration internalBuild(final OidcJsonConfiguration oidc
         }
         oidcClientConfiguration.setClient(createHttpClientProducer(oidcJsonConfiguration));
         oidcClientConfiguration.setAuthServerBaseUrl(oidcJsonConfiguration);
-        oidcClientConfiguration.setProviderUrl(oidcJsonConfiguration.getProviderUrl());
+        oidcClientConfiguration.setProviderUrl(sanitizeProviderUrl(oidcJsonConfiguration.getProviderUrl()));
         if (oidcJsonConfiguration.getTurnOffChangeSessionIdOnLogin() != null) {
             oidcClientConfiguration.setTurnOffChangeSessionIdOnLogin(oidcJsonConfiguration.getTurnOffChangeSessionIdOnLogin());
         }
 
         return oidcClientConfiguration;
     }
 
+    private static String sanitizeProviderUrl(String providerUrl) {
+        if (providerUrl != null && providerUrl.endsWith(SLASH)) {
+            return providerUrl.substring(0, providerUrl.length() - 1);
+        }
+        return providerUrl;
+    }
+
     private Callable<HttpClient> createHttpClientProducer(final OidcJsonConfiguration oidcJsonConfiguration) {
         return new Callable<HttpClient>() {
             private HttpClient client;