[keycloak-user] SAML response parsing failed
Erwin Steffens | Rovecom
esteffens at rovecom.nl
Mon May 1 02:45:39 EDT 2017
I think it is solved in v2.5.5.Final. Sorry for not testing this earlier.
-----------------------------
Rovecom
Erwin Steffens | Rovecom
softwareontwikkelaar
Elbe 2, 7908 HB Hoogeveen
Postbus 2126, 7900 BC Hoogeveen
0528 22 35 35
Voortdurend bezig met innoveren om beweging te stimuleren en groei te realiseren. Wij zijn Rovecom.
Disclaimer: http://www.rovecom.nl/maildisclaimer. Wanneer de link niet werkt, plak de link dan in uw internet browser.
-----------------------------
-----Oorspronkelijk bericht-----
Van: Hynek Mlnarik [mailto:hmlnarik at redhat.com]
Verzonden: woensdag 26 april 2017 23:12
Aan: Erwin Steffens | Rovecom <esteffens at rovecom.nl>
CC: keycloak-user at lists.jboss.org
Onderwerp: Re: [keycloak-user] SAML response parsing failed
Please file a JIRA issue with your findings (including full stacktraces).
Thanks
--Hynek
On Wed, Apr 26, 2017 at 10:08 PM, Erwin Steffens | Rovecom <esteffens at rovecom.nl> wrote:
>
> Ok, we did investigate the issue a little bit more. The initial parsing of the response seems ok. The full xml response is parsed successful. When we log the input in the 'serialize' method of the 'SAMLDataMarshaller' we see following XML (see new dropbox link). This piece of XML is invalid because the 'xmlns:ds' is missing. Somewhere the namespace is removed.
>
> https://www.dropbox.com/s/b1bmumdcnvnnlj6/connectis-saml-response.xml?
> dl=0
>
> Maybe we should post this to the dev mailing list?
>
>
> -----------------------------
> Rovecom
>
> Erwin Steffens | Rovecom
> softwareontwikkelaar
>
> Elbe 2, 7908 HB Hoogeveen
> Postbus 2126, 7900 BC Hoogeveen
> 0528 22 35 35
>
>
> Voortdurend bezig met innoveren om beweging te stimuleren en groei te realiseren. Wij zijn Rovecom.
> Disclaimer: http://www.rovecom.nl/maildisclaimer. Wanneer de link niet werkt, plak de link dan in uw internet browser.
>
>
> -----------------------------
>
> ________________________________________
> Van: Hynek Mlnarik <hmlnarik at redhat.com>
> Verzonden: woensdag 26 april 2017 16:48
> Aan: Erwin Steffens | Rovecom
> CC: keycloak-user at lists.jboss.org
> Onderwerp: Re: [keycloak-user] SAML response parsing failed
>
> Thank you. This seems to be related to woodstox. With standard JDK's
> XML event implementation (in fact xerces) that file is parsed
> correctly. Can you try using xerces instead?
>
> --Hynek
>
> On Wed, Apr 26, 2017 at 12:51 PM, Erwin Steffens | Rovecom
> <esteffens at rovecom.nl> wrote:
>>
>> Here it is:
>> https://www.dropbox.com/s/gjuems7k6nkjs19/connectis-saml-response-raw
>> .xml?dl=0
>>
>>
>>
>> -----------------------------
>> Rovecom
>>
>> Erwin Steffens | Rovecom
>> softwareontwikkelaar
>>
>> Elbe 2, 7908 HB Hoogeveen
>> Postbus 2126, 7900 BC Hoogeveen
>> 0528 22 35 35
>>
>>
>> Voortdurend bezig met innoveren om beweging te stimuleren en groei te realiseren. Wij zijn Rovecom.
>> Disclaimer: http://www.rovecom.nl/maildisclaimer. Wanneer de link niet werkt, plak de link dan in uw internet browser.
>>
>>
>> -----------------------------
>>
>> -----Oorspronkelijk bericht-----
>> Van: Hynek Mlnarik [mailto:hmlnarik at redhat.com]
>> Verzonden: woensdag 26 april 2017 11:48
>> Aan: Erwin Steffens | Rovecom <esteffens at rovecom.nl>
>> Onderwerp: Re: [keycloak-user] SAML response parsing failed
>>
>> Could you please store the SAML response to e.g. google drive/dropbox/... and send here a link to it?
>>
>> --Hynek
>>
>> On Wed, Apr 26, 2017 at 11:32 AM, Erwin Steffens | Rovecom <esteffens at rovecom.nl> wrote:
>>>
>>>
>>> We are integrating Keycloak with a SAML identity provider (dutch government). We seem to receive a valid response from the other party but Keycloak does seam to be able to parse the SAML response.
>>>
>>> The error we get is:
>>>
>>> 09:08:41,029 ERROR [io.undertow.request] (default task-14) UT005023:
>>> Exception handling request to
>>> /realms/datahub/login-actions/first-broker-login:
>>> org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeEx
>>> ception: java.lang.RuntimeException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "ds"
>>>
>>> When we run the received XML through a validation tool (https://www.samltool.com/validate_xml.php) it indicates that it is valid.
>>>
>>> Can I somehow attach the XML here?
>>>
>>> Erwin
>>>
>>>
>>>
>>>
>>> -----------------------------
>>> Rovecom
>>>
>>> Erwin Steffens | Rovecom
>>> softwareontwikkelaar
>>>
>>> Elbe 2, 7908 HB Hoogeveen
>>> Postbus 2126, 7900 BC Hoogeveen
>>> 0528 22 35 35
>>>
>>>
>>> Voortdurend bezig met innoveren om beweging te stimuleren en groei te realiseren. Wij zijn Rovecom.
>>> Disclaimer: http://www.rovecom.nl/maildisclaimer. Wanneer de link niet werkt, plak de link dan in uw internet browser.
>>>
>>>
>>> -----------------------------
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>> --
>>
>> --Hynek
>
>
>
> --
>
> --Hynek
--
--Hynek
More information about the keycloak-user
mailing list