1:42 p.m.
Hi,
I am experimenting with using keycloak (1.1.0.Final) running on wildfly
8.2.0.Final as an IDP for a service which is running on WebLogic 10.3.6.
When WebLogic sends the request to keycloak, I get a NullPointerException
like so:
Caused by: java.lang.NullPointerException
at
org.keycloak.protocol.saml.SamlService$BindingProtocol.loginRequest(SamlService.java:195)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:175)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.protocol.saml.SamlService$PostBindingProtocol.execute(SamlService.java:320)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.protocol.saml.SamlService.postBinding(SamlService.java:413)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[rt.jar:1.7.0_65]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_65]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_65]
at java.lang.reflect.Method.invoke(Method.java:606)
[rt.jar:1.7.0_65]
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
[resteasy-jaxrs-3.0.10.Final.jar:]
... 39 more
I truncated the stack trace a bit. Looks like the method loginRequest of
SamlService.BindingProtocol expects that the AuthNRequest token specify a
AssertionConsumerServiceURL attribute, which WebLogic is not setting,
however the SAML documentation states that the attribute is optional.
I wanted to check here before I posted a JIRA issue if this is a bug, or
intended behavior.
Thanks,
Jacob
12:09 p.m.
Post a JIRA, I'll fix it.
On 2/6/2015 2:42 PM, Jacob D'Onofrio wrote:
Hi,
I am experimenting with using keycloak (1.1.0.Final) running on wildfly
8.2.0.Final as an IDP for a service which is running on WebLogic 10.3.6.
When WebLogic sends the request to keycloak, I get a
NullPointerException like so:
Caused by: java.lang.NullPointerException
at
org.keycloak.protocol.saml.SamlService$BindingProtocol.loginRequest(SamlService.java:195)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:175)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.protocol.saml.SamlService$PostBindingProtocol.execute(SamlService.java:320)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.protocol.saml.SamlService.postBinding(SamlService.java:413)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[rt.jar:1.7.0_65]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_65]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_65]
at java.lang.reflect.Method.invoke(Method.java:606)
[rt.jar:1.7.0_65]
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
[resteasy-jaxrs-3.0.10.Final.jar:]
... 39 more
I truncated the stack trace a bit. Looks like the method loginRequest of
SamlService.BindingProtocol expects that the AuthNRequest token specify
a AssertionConsumerServiceURL attribute, which WebLogic is not setting,
however the SAML documentation states that the attribute is optional.
I wanted to check here before I posted a JIRA issue if this is a bug, or
intended behavior.
Thanks,
Jacob
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
12:10 p.m.
Actually, I'll need some way of identifying the client making the authn
request. Can you post the SAML request perchance?
On 2/6/2015 2:42 PM, Jacob D'Onofrio wrote:
Hi,
I am experimenting with using keycloak (1.1.0.Final) running on wildfly
8.2.0.Final as an IDP for a service which is running on WebLogic 10.3.6.
When WebLogic sends the request to keycloak, I get a
NullPointerException like so:
Caused by: java.lang.NullPointerException
at
org.keycloak.protocol.saml.SamlService$BindingProtocol.loginRequest(SamlService.java:195)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:175)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.protocol.saml.SamlService$PostBindingProtocol.execute(SamlService.java:320)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.protocol.saml.SamlService.postBinding(SamlService.java:413)
[keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[rt.jar:1.7.0_65]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[rt.jar:1.7.0_65]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_65]
at java.lang.reflect.Method.invoke(Method.java:606)
[rt.jar:1.7.0_65]
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
[resteasy-jaxrs-3.0.10.Final.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
[resteasy-jaxrs-3.0.10.Final.jar:]
... 39 more
I truncated the stack trace a bit. Looks like the method loginRequest of
SamlService.BindingProtocol expects that the AuthNRequest token specify
a AssertionConsumerServiceURL attribute, which WebLogic is not setting,
however the SAML documentation states that the attribute is optional.
I wanted to check here before I posted a JIRA issue if this is a bug, or
intended behavior.
Thanks,
Jacob
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
1 p.m.
Here is the AuthnRequest that was generated by WebLogic.
Do you still want me to create a JIRA?
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="http://clokpsbmw01:8080/auth/realms/dev/protocol/saml/"
ForceAuthn="false"
ID="_0xadc0f2f6b3f36e604d310d4209db5c31"
IsPassive="false"
IssueInstant="2015-02-06T17:13:31.151Z"
Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
http://clokpsbmw01:7001/saml2</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_0xadc0f2f6b3f36e604d310d4209db5c31">
<ds:Transforms>
<ds:Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#WithComments">
<ec:InclusiveNamespaces xmlns:ec="
http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>AGcoZLrPSDr5TgULgb/AQdpGAofuP9YstgnYMryKams=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ROJaB9lwk5LiNfZMZmWrOrZmeXSZnjZiGwb9Q/ODzSscrs49ucJLhEzjzVXmr5jbLNg5UR5Pi1H+
N2hM/hZKEPpzxDtaR8RRzi8MYCiEwtqcbUD429txx0Sr1ZgPkhtw+KPsWAc5c17y8egzHCwe77DZ
CXDYzMtYlMui92kZ29Jj2QdgztSzxUNwHfOVGl6KAWu3NGlzobV+jbKtw20LOxAfpIW/e9hdwNAM
9OCwpKdcp6bvZrZ4GZZ/LXHJQzeZZtC3avwz4NHWX/9sOyYmspAVukTfCAyXeRxsbTgYX2vZKCOj
/a1ONd65CtgTCyE9tOzD7Ar1sWyp4FylrArABw==
</ds:SignatureValue>
</ds:Signature>
</samlp:AuthnRequest>
On Mon, Feb 9, 2015 at 1:10 PM, Bill Burke <bburke(a)redhat.com> wrote:
Actually, I'll need some way of identifying the client making the
authn
request. Can you post the SAML request perchance?
On 2/6/2015 2:42 PM, Jacob D'Onofrio wrote:
> Hi,
>
> I am experimenting with using keycloak (1.1.0.Final) running on wildfly
> 8.2.0.Final as an IDP for a service which is running on WebLogic 10.3.6.
> When WebLogic sends the request to keycloak, I get a
> NullPointerException like so:
>
> Caused by: java.lang.NullPointerException
> at
>
org.keycloak.protocol.saml.SamlService$BindingProtocol.loginRequest(SamlService.java:195)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
> at
>
org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:175)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
> at
>
org.keycloak.protocol.saml.SamlService$PostBindingProtocol.execute(SamlService.java:320)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
> at
> org.keycloak.protocol.saml.SamlService.postBinding(SamlService.java:413)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [rt.jar:1.7.0_65]
> at
>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> [rt.jar:1.7.0_65]
> at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.7.0_65]
> at java.lang.reflect.Method.invoke(Method.java:606)
> [rt.jar:1.7.0_65]
> at
>
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> ... 39 more
>
> I truncated the stack trace a bit. Looks like the method loginRequest of
> SamlService.BindingProtocol expects that the AuthNRequest token specify
> a AssertionConsumerServiceURL attribute, which WebLogic is not setting,
> however the SAML documentation states that the attribute is optional.
>
> I wanted to check here before I posted a JIRA issue if this is a bug, or
> intended behavior.
>
> Thanks,
> Jacob
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
4:43 p.m.
Ok, I'm working on it right now. I'll change it so that you can
register the asssertion consumer service url in the admin console.
https://issues.jboss.org/browse/KEYCLOAK-1034
On 2/9/2015 2:00 PM, Jacob D'Onofrio wrote:
Here is the AuthnRequest that was generated by WebLogic.
Do you still want me to create a JIRA?
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="http://clokpsbmw01:8080/auth/realms/dev/protocol/saml/"
ForceAuthn="false"
ID="_0xadc0f2f6b3f36e604d310d4209db5c31"
IsPassive="false"
IssueInstant="2015-02-06T17:13:31.151Z"
Version="2.0">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://clokpsbmw01:7001/saml2</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_0xadc0f2f6b3f36e604d310d4209db5c31">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature&quo...
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"...
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml
samlp"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>AGcoZLrPSDr5TgULgb/AQdpGAofuP9YstgnYMryKams=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ROJaB9lwk5LiNfZMZmWrOrZmeXSZnjZiGwb9Q/ODzSscrs49ucJLhEzjzVXmr5jbLNg5UR5Pi1H+
N2hM/hZKEPpzxDtaR8RRzi8MYCiEwtqcbUD429txx0Sr1ZgPkhtw+KPsWAc5c17y8egzHCwe77DZ
CXDYzMtYlMui92kZ29Jj2QdgztSzxUNwHfOVGl6KAWu3NGlzobV+jbKtw20LOxAfpIW/e9hdwNAM
9OCwpKdcp6bvZrZ4GZZ/LXHJQzeZZtC3avwz4NHWX/9sOyYmspAVukTfCAyXeRxsbTgYX2vZKCOj
/a1ONd65CtgTCyE9tOzD7Ar1sWyp4FylrArABw==
</ds:SignatureValue>
</ds:Signature>
</samlp:AuthnRequest>
On Mon, Feb 9, 2015 at 1:10 PM, Bill Burke <bburke(a)redhat.com
<mailto:bburke@redhat.com>> wrote:
Actually, I'll need some way of identifying the client making the authn
request. Can you post the SAML request perchance?
On 2/6/2015 2:42 PM, Jacob D'Onofrio wrote:
> Hi,
>
> I am experimenting with using keycloak (1.1.0.Final) running on
wildfly
> 8.2.0.Final as an IDP for a service which is running on WebLogic
10.3.6.
> When WebLogic sends the request to keycloak, I get a
> NullPointerException like so:
>
> Caused by: java.lang.NullPointerException
> at
>
org.keycloak.protocol.saml.SamlService$BindingProtocol.loginRequest(SamlService.java:195)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
> at
>
org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:175)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
> at
>
org.keycloak.protocol.saml.SamlService$PostBindingProtocol.execute(SamlService.java:320)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
> at
>
org.keycloak.protocol.saml.SamlService.postBinding(SamlService.java:413)
> [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
> [rt.jar:1.7.0_65]
> at
>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> [rt.jar:1.7.0_65]
> at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.7.0_65]
> at java.lang.reflect.Method.invoke(Method.java:606)
> [rt.jar:1.7.0_65]
> at
>
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
> [resteasy-jaxrs-3.0.10.Final.jar:]
> ... 39 more
>
> I truncated the stack trace a bit. Looks like the method
loginRequest of
> SamlService.BindingProtocol expects that the AuthNRequest token
specify
> a AssertionConsumerServiceURL attribute, which WebLogic is not
setting,
> however the SAML documentation states that the attribute is optional.
>
> I wanted to check here before I posted a JIRA issue if this is a
bug, or
> intended behavior.
>
> Thanks,
> Jacob
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3627
days inactive
3630
days old
4 comments
2 participants
participants (2)
-
Bill Burke -
Jacob D'Onofrio