[keycloak-user] Logout error ("Success" + HTTP 500!?)

Pieter Lukasse pieter at thehyve.nl
Wed Sep 13 07:50:24 EDT 2017 

Found a solution by setting the Logout Service POST Binding URL ( to
http://localhost:8080/cbioportal/saml/logout in my case):

[image: image]
<https://user-images.githubusercontent.com/2900303/30375816-42089802-988a-11e7-94b1-b3ae049cd8e2.png>

www.thehyve.nl
E pieter at thehyve.nl
T +31(0)30 700 9713
M +31(0)6 28 18 9540
Skype pieter.lukasse


We empower scientists by building on open source software

2017-09-13 13:32 GMT+02:00 Pieter Lukasse <pieter at thehyve.nl>:

> Hi,
>
> I am currently getting a strange error when trying logout from my
> application. The logout request is as follows (HTTP 200 code):
>
> <*saml2p:LogoutRequest* xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
>                       Destination="http://localhost:8081/auth/realms/test/protocol/saml"
>                       ID="a370b54ee2i7g6j9275jbg40185b154"
>                       IssueInstant="2017-09-13T11:22:04.100Z"
>                       Version="2.0"
>                       >
>     <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">cbioportal</saml2:Issuer>
>     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>         <ds:SignedInfo>
>             <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>             <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>             <ds:Reference URI="#a370b54ee2i7g6j9275jbg40185b154">
>                 <ds:Transforms>
>                     <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
>                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>                 </ds:Transforms>
>                 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>                 <ds:DigestValue>nKZrPGrsLZeR6xSgg0+xQ3dCg90=</ds:DigestValue>
>             </ds:Reference>
>         </ds:SignedInfo>
>         <ds:SignatureValue>....</ds:SignatureValue>
>         <ds:KeyInfo>
>             <ds:X509Data>....</ds:X509Certificate>
>             </ds:X509Data>
>         </ds:KeyInfo>
>     </ds:Signature>
>     <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>                   Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
>                   >pieter at thehyve.nl</saml2:NameID>
>     <saml2p:SessionIndex>2ce54b83-67c1-40fd-850d-947b29c721be</saml2p:SessionIndex>
> </saml2p:LogoutRequest>
>
>
> Which is replied with (HTTP 500 code!?):
>
> <samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
>
>                       xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
>                       Destination="http://localhost:8081/auth/realms/test/protocol/saml"
>                       ID="ID_1a5b931f-05b2-4b69-a32b-93cb7631fc98"
>                       InResponseTo="a370b54ee2i7g6j9275jbg40185b154"
>                       IssueInstant="2017-09-13T11:22:04.156Z"
>                       Version="2.0"
>                       >
>     <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8081/auth/realms/test</saml:Issuer>
>     <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
>         <dsig:SignedInfo>
>             <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>             <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
>             <dsig:Reference URI="#ID_1a5b931f-05b2-4b69-a32b-93cb7631fc98">
>                 <dsig:Transforms>
>                     <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
>                     <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>                 </dsig:Transforms>
>                 <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
>                 <dsig:DigestValue>HMgEFe5f6mGdIlCwg8BRHif4JW8k7MLs+5V8j9BUwuE=</dsig:DigestValue>
>             </dsig:Reference>
>         </dsig:SignedInfo>
>         <dsig:SignatureValue>...</dsig:SignatureValue>
>         <dsig:KeyInfo>
>             <dsig:KeyName>Yp3AF_Lz-EdxjwDdCJGk3dmvU9ZsWQE3SfV8pdT9OOQ</dsig:KeyName>
>             <dsig:X509Data>
>                 <dsig:X509Certificate>...</dsig:X509Certificate>
>             </dsig:X509Data>
>             <dsig:KeyValue>
>                 <dsig:RSAKeyValue>
>                     <dsig:Modulus>...</dsig:Modulus>
>                     <dsig:Exponent>...</dsig:Exponent>
>                 </dsig:RSAKeyValue>
>             </dsig:KeyValue>
>         </dsig:KeyInfo>
>     </dsig:Signature>
>     <samlp:Status>        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />    </samlp:Status>
> </samlp:LogoutResponse>
>
>
> So the reply states "Success" while at the same time it returns HTTP 500 (Internal Server Error). Is this a known bug? Or am I doing something wrong?
>
> This is the log on the server side:
>
>
> 13:21:19,378 WARN  [org.keycloak.protocol.saml.SamlService] (default task-13) Unknown saml response.
> 13:21:19,380 WARN  [org.keycloak.events] (default task-13) type=LOGOUT_ERROR, realmId=test, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token
> 13:22:04,205 WARN  [org.keycloak.protocol.saml.SamlService] (default task-20) Unknown saml response.
> 13:22:04,206 WARN  [org.keycloak.events] (default task-20) type=LOGOUT_ERROR, realmId=test, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token
>
>
> Thanks,
>
> PIeter
>
> www.thehyve.nl
>
>
>
> We empower scientists by building on open source software
>

More information about the keycloak-user mailing list