This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 4_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/4_1_X by this push:
new b3124d424f [SYNCOPE-1955] Fixing OIDC JWKS retrieval
b3124d424f is described below
commit b3124d424f5e851571e3715b483334b7fbd8f446
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Mon Mar 16 10:02:38 2026 +0100
[SYNCOPE-1955] Fixing OIDC JWKS retrieval
---
.../apache/syncope/client/console/panels/JWKSGenerationPanel.java | 6 +++++-
.../main/java/org/apache/syncope/client/console/panels/OIDC.java | 6 ++++--
.../syncope/wa/bootstrap/mapping/DefaultAttrReleaseMapper.java | 4 ----
.../apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java | 4 ++--
4 files changed, 11 insertions(+), 9 deletions(-)
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/JWKSGenerationPanel.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/JWKSGenerationPanel.java
index e59033a110..6388a7e249 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/JWKSGenerationPanel.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/JWKSGenerationPanel.java
@@ -78,8 +78,12 @@ public class JWKSGenerationPanel extends
AbstractModalPanel<OIDCOpEntityTO> {
try {
jwksKeySizeM.setObject(Integer.valueOf(
waConfigRestClient.get("cas.authn.oidc.jwks.core.jwks-key-size").getValues().getFirst()));
+ } catch (NumberFormatException e) {
+ LOG.error("Incorrect value for
cas.authn.oidc.jwks.core.jwks-key-size, reverting to {}",
+ jwksKeySizeM.getObject(), e);
} catch (SyncopeClientException e) {
- LOG.error("While reading cas.authn.oidc.jwks.core.jwks-key-size",
e);
+ LOG.error("While reading cas.authn.oidc.jwks.core.jwks-key-size,
reverting to {}",
+ jwksKeySizeM.getObject(), e);
}
AjaxNumberFieldPanel<Integer> jwksKeySize = new
AjaxNumberFieldPanel.Builder<Integer>().step(128).
build("jwksKeySize", "jwksKeySize", Integer.class,
jwksKeySizeM);
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/OIDC.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/OIDC.java
index 6e62635f7d..58abcd5032 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/panels/OIDC.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/panels/OIDC.java
@@ -21,7 +21,8 @@ package org.apache.syncope.client.console.panels;
import com.fasterxml.jackson.databind.json.JsonMapper;
import de.agilecoders.wicket.core.markup.html.bootstrap.dialog.Modal;
import java.io.IOException;
-import java.util.Optional;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
import org.apache.commons.lang3.mutable.Mutable;
import org.apache.syncope.client.console.SyncopeConsoleSession;
import org.apache.syncope.client.console.rest.OIDCOpEntityRestClient;
@@ -107,7 +108,8 @@ public class OIDC extends Panel {
writeValueAsString(MAPPER.readTree(oidcOpEntity.get().getJWKS()));
} catch (IOException e) {
LOG.error("Could not pretty-print", e);
- pretty =
Optional.ofNullable(oidcOpEntity.get()).map(OIDCOpEntityTO::getJWKS).orElse(null);
+ pretty = new String(Base64.getDecoder().decode(
+ oidcOpEntity.get().getJWKS()),
StandardCharsets.UTF_8);
}
}
diff --git
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/DefaultAttrReleaseMapper.java
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/DefaultAttrReleaseMapper.java
index 267b0bd060..66c62957c0 100644
---
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/DefaultAttrReleaseMapper.java
+++
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/DefaultAttrReleaseMapper.java
@@ -183,10 +183,6 @@ public class DefaultAttrReleaseMapper implements
AttrReleaseMapper {
scope.name(), k -> attributeReleasePolicyCreator.get());
policy.getClaimMappings().put(external, internal);
-
- if (conf.getAllowedAttrs().contains(external)) {
- policy.getAllowedAttributes().add(external);
- }
} else {
warnMissingScope(clientApp.getName(), internal, external,
scope.name());
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java
index b9bd2d5cc7..2c7985e4b4 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java
@@ -19,7 +19,7 @@
package org.apache.syncope.wa.starter.oidc;
import jakarta.ws.rs.core.Response;
-import java.nio.charset.StandardCharsets;
+import java.util.Base64;
import java.util.Optional;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.OIDCOpEntityTO;
@@ -101,7 +101,7 @@ public class WAOIDCJWKSGeneratorService implements
OidcJsonWebKeystoreGeneratorS
throw new IllegalStateException("Unable to determine OIDC OP");
}
- Resource result = new
ByteArrayResource(oidcOpEntity.getJWKS().getBytes(StandardCharsets.UTF_8),
"OIDC JWKS");
+ Resource result = new
ByteArrayResource(Base64.getDecoder().decode(oidcOpEntity.getJWKS()), "OIDC
JWKS");
ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
applicationContext.publishEvent(new
OidcJsonWebKeystoreGeneratedEvent(this, result, clientInfo));
return result;
