From 2b84ea7c520ac9d18312bd2db01ea310af00292b Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Fri, 17 Sep 2021 13:00:54 -0700
Subject: [PATCH] SHIBUI-1747

fixed NPE with roles
---
 .../java/net/unicon/shibui/pac4j/BetterSAML2Profile.java  | 8 ++++++--
 testbed/authentication/shibui/application.yml             | 2 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/BetterSAML2Profile.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/BetterSAML2Profile.java
index ea4d4f8f4..1411c2997 100644
--- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/BetterSAML2Profile.java
+++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/BetterSAML2Profile.java
@@ -42,8 +42,12 @@ public List<String> getGroups() {
     }
 
     public Set<String> getRoles() {
-        Set<String> result = (Set<String>) getAttribute(profileMapping.getRoles());
-        return result == null ? new HashSet<>() : result;
+        Set<String> result = new HashSet<>();
+        List<String> assertedRoles = (List<String>) getAttribute(profileMapping.getRoles());
+        if (assertedRoles != null) {
+            result.addAll(assertedRoles);
+        }
+        return result;
     }
 
     @Override
diff --git a/testbed/authentication/shibui/application.yml b/testbed/authentication/shibui/application.yml
index c8e9ef8cc..c586e2e32 100644
--- a/testbed/authentication/shibui/application.yml
+++ b/testbed/authentication/shibui/application.yml
@@ -23,3 +23,5 @@ shibui:
       firstName: urn:oid:2.5.4.42
       lastName: urn:oid:2.5.4.4
       email: urn:oid:0.9.2342.19200300.100.1.3
+      groups: businessCategory
+      roles: urn:oid:1.3.6.1.4.1.5923.1.1.1.7
\ No newline at end of file