4:13 a.m.
Hello Ekemokai,
mmm, at first glance your saml response looks OK to me. Perhaps you could
increase the level of logging in org.keycloak.adapters? Also could you
provided a bit more details of your setup? For me the below one works:
java version "1.8.0_162" --> Java HotSpot(TM) 64-Bit Server VM (build
25.162-b12, mixed mode)
keycloak-saml-tomcat8-adapter-4.8.3.Final
Server version: Apache Tomcat/9.0.5
CentOS Linux release 7.5.1804 (Core)
If you use tomcat as well you can add org.keycloak.adapters.level = FINE
Hope it helps,
Luis
El vie., 22 feb. 2019 a las 22:26, Edmond Kemokai (<ekemokai(a)gmail.com>)
escribió:
Hi All,
I am getting below exception when positing a saml response to /saml
consumer endpoint:
org.keycloak.adapters.saml.profile.webbrowsersso.WebBrowserSsoAuthenticationHandler
- Error extracting SAML assertion: null
A snippet of the response, I have stripped out the signature information:
<saml2p:Response xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
ID="SOLVENT_72186bc0-0724-439c-a4a4-d1768907d1a0"
InResponseTo="ID_9c0491da-5a6f-465a-8b66-a9b7784e0eef"
IssueInstant="2019-02-22T17:19:46Z" Version="2.0">
<saml2:Issuer>Portal</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode>
</saml2p:Status>
<saml2:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
ID="SOLVENT_93f7919c-c92a-45ab-8d79-380e072b235b"
IssueInstant="2019-02-22T17:19:46Z" Version="2.0">
<saml2:Issuer>Portal</saml2:Issuer>
<saml2:Subject>
<saml2:NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">ek@gmail.com
</saml2:NameID>
<saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData
InResponseTo="ID_9c0491da-5a6f-465a-8b66-a9b7784e0eef"
NotOnOrAfter="2019-02-22T17:20:46Z"></saml2:SubjectConfirmationData>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:AuthnStatement AuthnInstant="2019-02-22T17:19:46Z">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml2:AttributeValue xsi:type="xs:string">ek@gmail.com
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="roles"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml2:AttributeValue
xsi:type="xs:string">developer</saml2:AttributeValue>
<saml2:AttributeValue
xsi:type="xs:string">sysadmin</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett