Re: [keycloak-user] SAML parsing error
Thanks, this is a bug in KC SAML parser, it does not handle properly
an empty attribute value set by empty element in the last attribute of
the AttributeStatement:
[...]
<Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue/>
</Attribute>
</AttributeStatement>
Could you please file a JIRA issue?
If that is possible for you, you might be able to work around the
issue by changing the order of attributes to put an attribute that
would never be empty to the last position.
Thanks
--Hynek
On Tue, Apr 25, 2017 at 8:57 AM, Anders KK
<anders.kabell.kristensen(a)systematic.com> wrote:
SAML-response.xml
<http://keycloak-user.88327.x6.nabble.com/file/n3674/SAML-response.xml>
Please find the response attached.
As far as we can see, character 9341 is inside the base 64 encoded chunk of
the Privileges_intermediate attribute. However, the error mentioned (Unknown
tag:AuthnStatement) is at a later position.
Thanks
Ulrik and Anders
--
View this message in context:
http://keycloak-user.88327.x6.nabble.com/SAML-parsing-error-tp3667p3674.html
Sent from the keycloak-user mailing list archive at Nabble.com.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek