9:28 a.m.
Thanks Hynek,
However it did'nt solve my issue.
The method in question is
protected AuthOutcome handleSamlResponse(String samlResponse, String
relayState, OnSessionCreated onCreateSession) {
SAMLDocumentHolder holder = null;
boolean postBinding = false;
String requestUri = facade.getRequest().getURI();
if (facade.getRequest().getMethod().equalsIgnoreCase("GET")) {
int index = requestUri.indexOf('?');
if (index > -1) {
requestUri = requestUri.substring(0, index);
}
holder = extractRedirectBindingResponse(samlResponse);
} else {
postBinding = true;
holder = extractPostBindingResponse(samlResponse);
}
final StatusResponseType statusResponse = (StatusResponseType)
holder.getSamlObject();
// validate destination
if (!requestUri.equals(statusResponse.getDestination())) {
log.error("Request URI does not match SAML request destination");
return AuthOutcome.FAILED;
}
What I am trying to find out is what are the values of requestUri and
statusResponse.getDestination() so that I can then check my redirect rules
effectively.
Regards,
Pulkit
On Mon, May 22, 2017 at 5:47 PM, Hynek Mlnarik <hmlnarik(a)redhat.com> wrote:
You can enable TRACE logging on org.keycloak.saml package to see the
whole parsed / generated SAML documents (together with lots of other
stuff). On WildFly/EAP you can use the following jboss-cli.sh command:
/subsystem=logging/logger=org.keycloak.saml:add(level=TRACE)
You can also capture the requests at the client or the reverse proxy
and decode SAML requests/responses manually.
--Hynek
On Mon, May 22, 2017 at 1:28 PM, Pulkit Gupta <pulgupta(a)redhat.com> wrote:
> Hi All,
>
> I am getting an error for one of my SAML enabled application in one of
our
> environment.
>
> "Request URI does not match SAML request destination"
>
>
> It seems to be an issue with the reverse proxy but I want to debug it to
> find some more information about it. I checked the class "
> *AbstractSamlAuthenticationHandler*" and can see that there is no good
> debug logging codded. Can you please guide me how can I gather some more
> information about the issue at hand.
>
> --
>
> PULKIT GUPTA
>
> SENIOR SOFTWARE APPLICATIONS ENGINEER
>
> Red Hat IN IT GBD <https://www.redhat.com/>
>
> Pune - India
>
> pulgupta(a)redhat.com T: +91-2066817536
> <http://redhatemailsignature-marketing.itos.redhat.com/> IM:
pulgupta
> <https://red.ht/sig>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
--
PULKIT GUPTA
SENIOR SOFTWARE APPLICATIONS ENGINEER
Red Hat IN IT GBD <https://www.redhat.com/>
Pune - India
pulgupta(a)redhat.com T: +91-2066817536
<http://redhatemailsignature-marketing.itos.redhat.com/> IM: pulgupta
<https://red.ht/sig>