Multitenancy for SAML adapter is not supported at this moment, see
https://issues.jboss.org/browse/KEYCLOAK-1925.
Community contribution would be welcome.
On Mon, Dec 18, 2017 at 10:56 AM, Pankaj Mahajan <
Pankaj.Mahajan(a)harbingergroup.com> wrote:
Hi Team,
I am trying to verify multitenant keycloak support in SAML application. I
have gone through example provided for OIDC application and it worked
perfectly fine.
Based on SAML documentation available in Keycloak below is my understanding
1) Need to provide implementation for SamlConfigResolver's resolve()
method in SAML application.
2) Mention above implementation in web.xml.
For this verification I am trying to customize post-with-signature example.
I have added keycloak-saml-adapter-core and keycloak-adapter-spi
dependancies in pom.xml.
I just write an SOP statement in resolve method.
When I run, I get java.lang.NullPointerException
Please share your thoughts on following points:
1) Is my above understanding is correct? In case if I am missing something
then please let me know.
2) Is there any other approach with which we can achieve this behavior?
Below is the stack trace for the reference:
Stack Trace
java.lang.NullPointerException
org.keycloak.adapters.saml.undertow.AbstractSamlAuthMech.authenticate(
AbstractSamlAuthMech.java:102)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(
SecurityContextImpl.java:233)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(
SecurityContextImpl.java:250)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(
SecurityContextImpl.java:219)
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(
SecurityContextImpl.java:121)
io.undertow.security.impl.SecurityContextImpl.authTransition(
SecurityContextImpl.java:96)
io.undertow.security.impl.SecurityContextImpl.authenticate(
SecurityContextImpl.java:89)
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandl
er.handleRequest(ServletAuthenticationCallHandler.java:55)
io.undertow.server.handlers.DisableCacheHandler.handleRequest(
DisableCacheHandler.java:33)
io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
io.undertow.security.handlers.AuthenticationConstraintHandle
r.handleRequest(AuthenticationConstraintHandler.java:51)
io.undertow.security.handlers.AbstractConfidentialityHandler
.handleRequest(AbstractConfidentialityHandler.java:46)
io.undertow.servlet.handlers.security.ServletConfidentialityConstrai
ntHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandl
er.handleRequest(ServletSecurityConstraintHandler.java:56)
io.undertow.security.handlers.AuthenticationMechanismsHandle
r.handleRequest(AuthenticationMechanismsHandler.java:60)
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHand
ler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(
NotificationReceiverHandler.java:50)
io.undertow.security.handlers.AbstractSecurityContextAssocia
tionHandler.handleRequest(AbstractSecurityContextAssocia
tionHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.
handleRequest(JACCContextIdHandler.java:61)
io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(
ServletInitialHandler.java:284)
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(
ServletInitialHandler.java:263)
io.undertow.servlet.handlers.ServletInitialHandler.access$
000(ServletInitialHandler.java:81)
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(
ServletInitialHandler.java:174)
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
java.lang.Thread.run(Thread.java:745)
Thanks & Regards,
Pankaj Mahajan
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek