[keycloak-user] Multitenancy for SAML applications
Hynek Mlnarik
hmlnarik at redhat.com
Mon Dec 18 09:03:52 EST 2017
Multitenancy for SAML adapter is not supported at this moment, see
https://issues.jboss.org/browse/KEYCLOAK-1925.
Community contribution would be welcome.
On Mon, Dec 18, 2017 at 10:56 AM, Pankaj Mahajan <
Pankaj.Mahajan at harbingergroup.com> wrote:
> Hi Team,
>
> I am trying to verify multitenant keycloak support in SAML application. I
> have gone through example provided for OIDC application and it worked
> perfectly fine.
>
> Based on SAML documentation available in Keycloak below is my understanding
> 1) Need to provide implementation for SamlConfigResolver's resolve()
> method in SAML application.
> 2) Mention above implementation in web.xml.
>
> For this verification I am trying to customize post-with-signature example.
>
> I have added keycloak-saml-adapter-core and keycloak-adapter-spi
> dependancies in pom.xml.
>
> I just write an SOP statement in resolve method.
> When I run, I get java.lang.NullPointerException
>
> Please share your thoughts on following points:
> 1) Is my above understanding is correct? In case if I am missing something
> then please let me know.
> 2) Is there any other approach with which we can achieve this behavior?
>
> Below is the stack trace for the reference:
>
> Stack Trace
> java.lang.NullPointerException
> org.keycloak.adapters.saml.undertow.AbstractSamlAuthMech.authenticate(
> AbstractSamlAuthMech.java:102)
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(
> SecurityContextImpl.java:233)
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(
> SecurityContextImpl.java:250)
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(
> SecurityContextImpl.java:219)
> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(
> SecurityContextImpl.java:121)
> io.undertow.security.impl.SecurityContextImpl.authTransition(
> SecurityContextImpl.java:96)
> io.undertow.security.impl.SecurityContextImpl.authenticate(
> SecurityContextImpl.java:89)
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandl
> er.handleRequest(ServletAuthenticationCallHandler.java:55)
> io.undertow.server.handlers.DisableCacheHandler.handleRequest(
> DisableCacheHandler.java:33)
> io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> io.undertow.security.handlers.AuthenticationConstraintHandle
> r.handleRequest(AuthenticationConstraintHandler.java:51)
> io.undertow.security.handlers.AbstractConfidentialityHandler
> .handleRequest(AbstractConfidentialityHandler.java:46)
> io.undertow.servlet.handlers.security.ServletConfidentialityConstrai
> ntHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandl
> er.handleRequest(ServletSecurityConstraintHandler.java:56)
> io.undertow.security.handlers.AuthenticationMechanismsHandle
> r.handleRequest(AuthenticationMechanismsHandler.java:60)
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHand
> ler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(
> NotificationReceiverHandler.java:50)
> io.undertow.security.handlers.AbstractSecurityContextAssocia
> tionHandler.handleRequest(AbstractSecurityContextAssocia
> tionHandler.java:43)
> io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.
> handleRequest(JACCContextIdHandler.java:61)
> io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(
> ServletInitialHandler.java:284)
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(
> ServletInitialHandler.java:263)
> io.undertow.servlet.handlers.ServletInitialHandler.access$
> 000(ServletInitialHandler.java:81)
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(
> ServletInitialHandler.java:174)
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
> java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> java.lang.Thread.run(Thread.java:745)
>
>
>
> Thanks & Regards,
>
> Pankaj Mahajan
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
--Hynek
More information about the keycloak-user
mailing list