[keycloak-user] Keycloak is throwing invalid_authn_request error for SAML Client
abhishek raghav
abhi.raghav007 at gmail.com
Tue Apr 25 09:29:57 EDT 2017
Hi,
We are also facing similar issue in our infrastructure setup with SAP HANA
as a Service provider.
Did you get any work around on this..?
Cheers
-Abhishek
On Tue, Apr 25, 2017 at 8:59 AM, Jyoti Kumar Singh <
assassin.creed60 at gmail.com> wrote:
> Hi Team,
>
> Is there any suggestion for me to look upon regarding the keycloak
> invalid_authn_request error for SAML client ?
>
> On Mon, Apr 24, 2017 at 12:50 PM, Jyoti Kumar Singh <
> assassin.creed60 at gmail.com> wrote:
>
> > Hi Team,
> >
> > We have integrated SAP HANA system as a Service Provider with the
> Keycloak
> > 2.2.1.Final version and provided "SAML Metadata IDPSSODescriptor" which
> > needs to be imported at Service Provider end.
> >
> > But while saving the "SAML Metadata IDPSSODescriptor" at Service Provider
> > end, SingleSignOnService Location is getting saved with addition of 443
> > port number in the Destination URL. For example, If Keycloak is providing
> > IDP SingleSignOnService Location as "https://test.example.com/
> > auth/realms/zzz/protocol/saml", Service Provider is saving it as "
> > https://test.example.com:443/auth/realms/zzz/protocol/saml".
> >
> > Once Service Provider is making a AuthnRequest Call to Keycloak, it is
> > sending Destination URL as "https://test.example.com:443/
> > auth/realms/zzz/protocol/saml" as part of AuthnRequest. As the
> > destination URL contains ":443" extra, Keycloak is refusing to accept it
> > and throws "error=invalid_authn_request, reason=invalid_destination"
> error.
> >
> > Looks like Keycloak is very strict about destination URL matching which
> is
> > sent from SP as part of AuthnRequest. Do we have any option in Keycloak
> > which will accept the Destination URL with port number in AuthnRequest or
> > is there any work around to handle this?
> >
> > Please let me know for any other information regarding this.
> >
> > --
> >
> >
> > *With Regards, Jyoti Kumar Singh*
> >
>
>
>
> --
>
>
> *With Regards, Jyoti Kumar Singh*
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list