oxTrust issue #513

GluuFederation · Apr 7, 2017 · 1444dc1 · 1444dc1
1 parent 8a82b48
commit 1444dc1
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/server/src/main/java/org/gluu/oxtrust/action/Authenticator.java b/server/src/main/java/org/gluu/oxtrust/action/Authenticator.java
@@ -492,6 +492,13 @@ private String requestAccessToken(String oxAuthHost, String authorizationCode, S
 					log.error("Failed to parse id_token");
 					return OxTrustConstants.RESULT_NO_PERMISSIONS;
 				}
+
+                String issuer = openIdConfiguration.getIssuer();
+                String responseIssuer = (String) jwt.getClaims().getClaim(JwtClaimName.ISSUER);
+                if (issuer == null ||  responseIssuer == null || !issuer.equals(responseIssuer)) {
+					log.error("User info response :  Issuer.");
+					return OxTrustConstants.RESULT_NO_PERMISSIONS;
+				}
 
                 List<String> acrValues = jwt.getClaims().getClaimAsStringList(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE);
 				if ((acrValues == null) || (acrValues.size() == 0) || !acrValues.contains(requestAcrValues)) {