[keycloak-user] Error extracting SAML assertion
Edmond Kemokai
ekemokai at gmail.com
Tue Feb 26 20:37:23 EST 2019
Thanks Luis,
I just ended up working from one of the sample responses in the keycloak
repo, that solved my problem.
On Mon, Feb 25, 2019 at 5:16 AM Luis Rodríguez Fernández <uo67113 at gmail.com>
wrote:
> Hello Ekemokai,
>
> mmm, at first glance your saml response looks OK to me. Perhaps you could
> increase the level of logging in org.keycloak.adapters? Also could you
> provided a bit more details of your setup? For me the below one works:
>
> java version "1.8.0_162" --> Java HotSpot(TM) 64-Bit Server VM (build
> 25.162-b12, mixed mode)
> keycloak-saml-tomcat8-adapter-4.8.3.Final
> Server version: Apache Tomcat/9.0.5
> CentOS Linux release 7.5.1804 (Core)
>
> If you use tomcat as well you can add org.keycloak.adapters.level = FINE
>
> Hope it helps,
>
> Luis
>
>
>
>
>
>
>
>
>
>
>
> El vie., 22 feb. 2019 a las 22:26, Edmond Kemokai (<ekemokai at gmail.com>)
> escribió:
>
> > Hi All,
> >
> > I am getting below exception when positing a saml response to /saml
> > consumer endpoint:
> >
> >
> >
> org.keycloak.adapters.saml.profile.webbrowsersso.WebBrowserSsoAuthenticationHandler
> > - Error extracting SAML assertion: null
> >
> > A snippet of the response, I have stripped out the signature information:
> >
> >
> > <saml2p:Response xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
> > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
> > ID="SOLVENT_72186bc0-0724-439c-a4a4-d1768907d1a0"
> > InResponseTo="ID_9c0491da-5a6f-465a-8b66-a9b7784e0eef"
> > IssueInstant="2019-02-22T17:19:46Z" Version="2.0">
> > <saml2:Issuer>Portal</saml2:Issuer>
> > <saml2p:Status>
> > <saml2p:StatusCode
> > Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode>
> > </saml2p:Status>
> > <saml2:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="
> > http://www.w3.org/2001/XMLSchema-instance"
> > ID="SOLVENT_93f7919c-c92a-45ab-8d79-380e072b235b"
> > IssueInstant="2019-02-22T17:19:46Z" Version="2.0">
> > <saml2:Issuer>Portal</saml2:Issuer>
> > <saml2:Subject>
> > <saml2:NameID
> > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
> ek at gmail.com
> > </saml2:NameID>
> > <saml2:SubjectConfirmation
> > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
> > <saml2:SubjectConfirmationData
> > InResponseTo="ID_9c0491da-5a6f-465a-8b66-a9b7784e0eef"
> > NotOnOrAfter="2019-02-22T17:20:46Z"></saml2:SubjectConfirmationData>
> > </saml2:SubjectConfirmation>
> > </saml2:Subject>
> > <saml2:AuthnStatement AuthnInstant="2019-02-22T17:19:46Z">
> > <saml2:AuthnContext>
> >
> >
> >
> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
> > </saml2:AuthnContext>
> > </saml2:AuthnStatement>
> > <saml2:AttributeStatement>
> > <saml2:Attribute Name="email"
> > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
> > <saml2:AttributeValue xsi:type="xs:string">ek at gmail.com
> > </saml2:AttributeValue>
> > </saml2:Attribute>
> > <saml2:Attribute Name="roles"
> > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
> > <saml2:AttributeValue
> > xsi:type="xs:string">developer</saml2:AttributeValue>
> > <saml2:AttributeValue
> > xsi:type="xs:string">sysadmin</saml2:AttributeValue>
> > </saml2:Attribute>
> > </saml2:AttributeStatement>
> > </saml2:Assertion>
> >
> > </saml2p:Response>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list