[keycloak-user] SAML2 exception - Undeclared namespace prefix "dsig"
Hynek Mlnarik
hmlnarik at redhat.com
Fri Jun 30 04:34:50 EDT 2017
Hi,
this has been reported already as
https://issues.jboss.org/browse/KEYCLOAK-4818. I suggest you to join
the list of watchers and please comment in the JIRA as much of the
details on your installation as possible: e.g. where it has happened
(in server? in adapter - in which server in that case?)
Thank you
--Hynek
On Fri, Jun 30, 2017 at 1:56 AM, Michael Mok <teatimej at gmail.com> wrote:
> Hi there
>
> We are using Keycloak 3.1.0 and when it is processing a SAML response, we
> encountered the following error.
>
> 08:24:46,541 ERROR [io.undertow.request] (default task-352) UT005023:
> Exception handling request to
> /auth/realms/dev/login-actions/first-broker-login:
> org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException:
> java.lang.RuntimeException: com.ctc.wstx.exc.WstxParsingException:
> Undeclared namespace prefix "dsig"
>
> at [row,col {unknown-source}]: [1,338]
>
> at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(
> ExceptionHandler.java:76)
>
> at org.jboss.resteasy.core.ExceptionHandler.handleException(
> ExceptionHandler.java:212)
>
>
> The "dsig" is declared in the header of the xml but Keycloak does not
> appear to recognise it.
>
>
> Here is the SAML response
>
> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
>
> *xmlns:dsig="http://www.w3.org/2000/09/xmldsig#
> <http://www.w3.org/2000/09/xmldsig#>"*
>
> xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
>
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>
> xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:
> attribute:X500"
>
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>
> Destination="https://www.bill.com/auth/realms/dev/broker/
> saml/endpoint
> <https://www.billview.com.au/auth/realms/billviewdev/broker/saml/endpoint>"
>
> ID="id--nk-7uGxvonvTG7h8NL09hLwcKIpGZC053Zj-3Cz"
>
> InResponseTo="ID_0c62fac6-d0d1-487d-91a6-44dd8c6cee16"
>
> IssueInstant="2017-06-29T00:24:46Z"
>
> Version="2.0"
>
> >
>
> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
> http://iamdev.edu/oam/fed</saml:Issuer
> <http://iamdev.ecu.edu.au/oam/fed%3c/saml:Issuer>>
>
> <samlp:Status>
>
> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"
> />
>
> </samlp:Status>
>
> <saml:Assertion ID="id-S80vqfesnCZBogvgpKyOKL2z1I8Y-mlMpAQwVk8q"
>
> IssueInstant="2017-06-29T00:24:46Z"
>
> Version="2.0"
>
> >
>
> <saml:Issuer Format="urn:oasis:names:tc:
> SAML:2.0:nameid-format:entity">http://iamdev.edu/oam/fed</saml:Issuer
> <http://iamdev.ecu.edu.au/oam/fed%3c/saml:Issuer>>
>
> <dsig:Signature>
>
> <dsig:SignedInfo>
>
> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/
> 2001/10/xml-exc-c14n#" />
>
> <dsig:SignatureMethod Algorithm="http://www.w3.org/
> 2000/09/xmldsig#rsa-sha1" />
>
> <dsig:Reference URI="#id-S80vqfesnCZBogvgpKyOKL2z1I8Y-
> mlMpAQwVk8q">
>
> <dsig:Transforms>
>
> <dsig:Transform Algorithm="http://www.w3.org/
> 2000/09/xmldsig#enveloped-signature" />
>
> <dsig:Transform Algorithm="http://www.w3.org/
> 2001/10/xml-exc-c14n#" />
>
> </dsig:Transforms>
>
> <dsig:DigestMethod Algorithm="http://www.w3.org/
> 2000/09/xmldsig#sha1" />
>
> <dsig:DigestValue>/9fx72oB3eQ5vDcEJE5q0u43P8k=</
> dsig:DigestValue>
>
> </dsig:Reference>
>
> </dsig:SignedInfo>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
More information about the keycloak-user
mailing list