From 98450cee3faab068b3e044b994405f4c8d48da8f Mon Sep 17 00:00:00 2001
From: Farah Juma <fjuma@redhat.com>
Date: Fri, 10 Sep 2021 15:34:22 -0400
Subject: [PATCH] [ELY-2034] Sanitize the provider-url in case a trailing slash
 was specified

---
 .../http/oidc/OidcClientConfigurationBuilder.java      | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java
index 20e3fbc5fda..8c9e5198890 100644
--- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java
+++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java
@@ -19,6 +19,7 @@
 package org.wildfly.security.http.oidc;
 
 import static org.wildfly.security.http.oidc.ElytronMessages.log;
+import static org.wildfly.security.http.oidc.Oidc.SLASH;
 import static org.wildfly.security.http.oidc.Oidc.SSLRequired;
 import static org.wildfly.security.http.oidc.Oidc.TokenStore;
 
@@ -145,7 +146,7 @@ protected OidcClientConfiguration internalBuild(final OidcJsonConfiguration oidc
         }
         oidcClientConfiguration.setClient(createHttpClientProducer(oidcJsonConfiguration));
         oidcClientConfiguration.setAuthServerBaseUrl(oidcJsonConfiguration);
-        oidcClientConfiguration.setProviderUrl(oidcJsonConfiguration.getProviderUrl());
+        oidcClientConfiguration.setProviderUrl(sanitizeProviderUrl(oidcJsonConfiguration.getProviderUrl()));
         if (oidcJsonConfiguration.getTurnOffChangeSessionIdOnLogin() != null) {
             oidcClientConfiguration.setTurnOffChangeSessionIdOnLogin(oidcJsonConfiguration.getTurnOffChangeSessionIdOnLogin());
         }
@@ -153,6 +154,13 @@ protected OidcClientConfiguration internalBuild(final OidcJsonConfiguration oidc
         return oidcClientConfiguration;
     }
 
+    private static String sanitizeProviderUrl(String providerUrl) {
+        if (providerUrl != null && providerUrl.endsWith(SLASH)) {
+            return providerUrl.substring(0, providerUrl.length() - 1);
+        }
+        return providerUrl;
+    }
+
     private Callable<HttpClient> createHttpClientProducer(final OidcJsonConfiguration oidcJsonConfiguration) {
         return new Callable<HttpClient>() {
             private HttpClient client;