From 5307e1808586dc3c16cda5f3f7befe56e928ddb3 Mon Sep 17 00:00:00 2001
From: hellivan <hellivan@users.noreply.github.com>
Date: Thu, 24 Feb 2022 19:16:53 +0100
Subject: [PATCH] use keycloak_realm properly for keycloak user lookups
 (#14401)

In case a user-defined a value for the MINIO_IDENTITY_OPENID_KEYCLOAK_REALM
environment variable, construct the path properly.
---
 internal/config/identity/openid/provider/keycloak.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/internal/config/identity/openid/provider/keycloak.go b/internal/config/identity/openid/provider/keycloak.go
index 9b44659c0..6b11d7e1b 100644
--- a/internal/config/identity/openid/provider/keycloak.go
+++ b/internal/config/identity/openid/provider/keycloak.go
@@ -23,6 +23,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"path"
 	"strings"
 	"sync"
 )
@@ -83,11 +84,12 @@ func (k *KeycloakProvider) LoginWithClientID(clientID, clientSecret string) erro
 
 // LookupUser lookup user by their userid.
 func (k *KeycloakProvider) LookupUser(userid string) (User, error) {
-	lookupUserID := k.adminURL + "/realms" + k.realm + "/users/" + userid
-	req, err := http.NewRequest(http.MethodGet, lookupUserID, nil)
+	req, err := http.NewRequest(http.MethodGet, k.adminURL, nil)
 	if err != nil {
 		return User{}, err
 	}
+	req.URL.Path = path.Join(req.URL.Path, "realms", k.realm, "users", userid)
+
 	k.Lock()
 	accessToken := k.accessToken
 	k.Unlock()