<div dir="ltr"><div>Here is the AuthnRequest that was generated by WebLogic. </div><div><br></div><div>Do you still want me to create a JIRA?</div><div><br></div><div><br></div><div><?xml version="1.0" encoding="UTF-8"?></div><div><samlp:AuthnRequest </div><div> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"</div><div> Destination="<a href="http://clokpsbmw01:8080/auth/realms/dev/protocol/saml/">http://clokpsbmw01:8080/auth/realms/dev/protocol/saml/</a>"</div><div> ForceAuthn="false"</div><div> ID="_0xadc0f2f6b3f36e604d310d4209db5c31"</div><div> IsPassive="false"</div><div> IssueInstant="2015-02-06T17:13:31.151Z"</div><div> Version="2.0"></div><div> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><a href="http://clokpsbmw01:7001/saml2">http://clokpsbmw01:7001/saml2</a></saml:Issuer></div><div> <ds:Signature xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#">http://www.w3.org/2000/09/xmldsig#</a>"></div><div> <ds:SignedInfo></div><div> <ds:CanonicalizationMethod Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>"/></div><div> <ds:SignatureMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>"/></div><div> <ds:Reference URI="#_0xadc0f2f6b3f36e604d310d4209db5c31"></div><div> <ds:Transforms></div><div> <ds:Transform Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"/></div><div> <ds:Transform Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n#WithComments">http://www.w3.org/2001/10/xml-exc-c14n#WithComments</a>"></div><div> <ec:InclusiveNamespaces xmlns:ec="<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>" PrefixList="ds saml samlp"/></div><div> </ds:Transform></div><div> </ds:Transforms></div><div> <ds:DigestMethod Algorithm="<a href="http://www.w3.org/2001/04/xmlenc#sha256">http://www.w3.org/2001/04/xmlenc#sha256</a>"/></div><div> <ds:DigestValue>AGcoZLrPSDr5TgULgb/AQdpGAofuP9YstgnYMryKams=</ds:DigestValue></div><div> </ds:Reference></div><div> </ds:SignedInfo></div><div> <ds:SignatureValue></div><div>ROJaB9lwk5LiNfZMZmWrOrZmeXSZnjZiGwb9Q/ODzSscrs49ucJLhEzjzVXmr5jbLNg5UR5Pi1H+</div><div>N2hM/hZKEPpzxDtaR8RRzi8MYCiEwtqcbUD429txx0Sr1ZgPkhtw+KPsWAc5c17y8egzHCwe77DZ</div><div>CXDYzMtYlMui92kZ29Jj2QdgztSzxUNwHfOVGl6KAWu3NGlzobV+jbKtw20LOxAfpIW/e9hdwNAM</div><div>9OCwpKdcp6bvZrZ4GZZ/LXHJQzeZZtC3avwz4NHWX/9sOyYmspAVukTfCAyXeRxsbTgYX2vZKCOj</div><div>/a1ONd65CtgTCyE9tOzD7Ar1sWyp4FylrArABw==</div><div> </ds:SignatureValue></div><div></ds:Signature></div><div></samlp:AuthnRequest></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 9, 2015 at 1:10 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Actually, I'll need some way of identifying the client making the authn<br>
request. Can you post the SAML request perchance?<br>
<br>
On 2/6/2015 2:42 PM, Jacob D'Onofrio wrote:<br>
> Hi,<br>
><br>
> I am experimenting with using keycloak (1.1.0.Final) running on wildfly<br>
> 8.2.0.Final as an IDP for a service which is running on WebLogic 10.3.6.<br>
> When WebLogic sends the request to keycloak, I get a<br>
> NullPointerException like so:<br>
><br>
> Caused by: java.lang.NullPointerException<br>
> at<br>
> org.keycloak.protocol.saml.SamlService$BindingProtocol.loginRequest(SamlService.java:195)<br>
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]<br>
> at<br>
> org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:175)<br>
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]<br>
> at<br>
> org.keycloak.protocol.saml.SamlService$PostBindingProtocol.execute(SamlService.java:320)<br>
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]<br>
> at<br>
> org.keycloak.protocol.saml.SamlService.postBinding(SamlService.java:413)<br>
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]<br>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br>
> [rt.jar:1.7.0_65]<br>
> at<br>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)<br>
> [rt.jar:1.7.0_65]<br>
> at<br>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br>
> [rt.jar:1.7.0_65]<br>
> at java.lang.reflect.Method.invoke(Method.java:606)<br>
> [rt.jar:1.7.0_65]<br>
> at<br>
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)<br>
> [resteasy-jaxrs-3.0.10.Final.jar:]<br>
> at<br>
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)<br>
> [resteasy-jaxrs-3.0.10.Final.jar:]<br>
> at<br>
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)<br>
> [resteasy-jaxrs-3.0.10.Final.jar:]<br>
> at<br>
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)<br>
> [resteasy-jaxrs-3.0.10.Final.jar:]<br>
> at<br>
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)<br>
> [resteasy-jaxrs-3.0.10.Final.jar:]<br>
> at<br>
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)<br>
> [resteasy-jaxrs-3.0.10.Final.jar:]<br>
> ... 39 more<br>
><br>
> I truncated the stack trace a bit. Looks like the method loginRequest of<br>
> SamlService.BindingProtocol expects that the AuthNRequest token specify<br>
> a AssertionConsumerServiceURL attribute, which WebLogic is not setting,<br>
> however the SAML documentation states that the attribute is optional.<br>
><br>
> I wanted to check here before I posted a JIRA issue if this is a bug, or<br>
> intended behavior.<br>
><br>
> Thanks,<br>
> Jacob<br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</font></span></blockquote></div><br></div>