[keycloak-user] AssertionConsumerServiceURL Requirement in AuthnRequest

Bill Burke bburke at redhat.com
Mon Feb 9 13:10:56 EST 2015 

Actually, I'll need some way of identifying the client making the authn 
request.  Can you post the SAML request perchance?

On 2/6/2015 2:42 PM, Jacob D'Onofrio wrote:
> Hi,
>
> I am experimenting with using keycloak (1.1.0.Final) running on wildfly
> 8.2.0.Final as an IDP for a service which is running on WebLogic 10.3.6.
> When WebLogic sends the request to keycloak, I get a
> NullPointerException like so:
>
> Caused by: java.lang.NullPointerException
>          at
> org.keycloak.protocol.saml.SamlService$BindingProtocol.loginRequest(SamlService.java:195)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
>          at
> org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:175)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
>          at
> org.keycloak.protocol.saml.SamlService$PostBindingProtocol.execute(SamlService.java:320)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
>          at
> org.keycloak.protocol.saml.SamlService.postBinding(SamlService.java:413)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
>          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [rt.jar:1.7.0_65]
>          at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> [rt.jar:1.7.0_65]
>          at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.7.0_65]
>          at java.lang.reflect.Method.invoke(Method.java:606)
> [rt.jar:1.7.0_65]
>          at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
> [resteasy-jaxrs-3.0.10.Final.jar:]
>          at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
> [resteasy-jaxrs-3.0.10.Final.jar:]
>          at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
> [resteasy-jaxrs-3.0.10.Final.jar:]
>          at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
> [resteasy-jaxrs-3.0.10.Final.jar:]
>          at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
> [resteasy-jaxrs-3.0.10.Final.jar:]
>          at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
> [resteasy-jaxrs-3.0.10.Final.jar:]
>          ... 39 more
>
> I truncated the stack trace a bit. Looks like the method loginRequest of
> SamlService.BindingProtocol expects that the AuthNRequest token specify
> a AssertionConsumerServiceURL attribute, which WebLogic is not setting,
> however the SAML documentation states that the attribute is optional.
>
> I wanted to check here before I posted a JIRA issue if this is a bug, or
> intended behavior.
>
> Thanks,
> Jacob
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list