Hello

Does this error have anything to do with not having a private key in the Realm? When I go to "Realm Settings -> Keys" the private key input is empty. I'm not sure if the page is simply not showing the private key or if it doesn't exist. If it does not exist, how to I generate a a keypair and input it manually?

I switched to the 'saml-broker-authentication' demo to have a more controlled environment. With every other signature algorithm (e.g., RSA_SHA1) everything just works.

On Tue, May 3, 2016 at 5:07 PM Emanuel Couto <emanuel.amaral.couto@gmail.com> wrote:
The signature algorithm is DSA_SHA1.

Note: Sorry, didn't reply all.

On Tue, May 3, 2016 at 5:02 PM Bill Burke <bburke@redhat.com> wrote:

What signature algorithm is configured?


On 5/3/2016 10:59 AM, Emanuel Couto wrote:
I'm getting the following error when trying to connect to a SAML 2.0 identity provider:

15:57:50,387 ERROR [org.keycloak.services] (default task-27) couldNotSendAuthenticationRequestMessage: org.keycloak.broker.provider.IdentityBrokerException: Could not create authentication request.
        at org.keycloak.broker.saml.SAMLIdentityProvider.performLogin(SAMLIdentityProvider.java:124)
        at org.keycloak.services.resources.IdentityBrokerService.performLogin(IdentityBrokerService.java:157)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
        at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
        at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
        at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:88)
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: org.keycloak.saml.common.exceptions.ProcessingException: javax.xml.crypto.dsig.XMLSignatureException: PL00100: Signing Process Failure:
        at org.keycloak.saml.processing.api.saml.v2.sig.SAML2Signature.signSAMLDocument(SAML2Signature.java:162)
        at org.keycloak.saml.BaseSAML2BindingBuilder.signDocument(BaseSAML2BindingBuilder.java:266)
        at org.keycloak.saml.BaseSAML2BindingBuilder$BasePostBindingBuilder.<init>(BaseSAML2BindingBuilder.java:145)
        at org.keycloak.protocol.saml.JaxrsSAML2BindingBuilder$PostBindingBuilder.<init>(JaxrsSAML2BindingBuilder.java:38)
        at org.keycloak.protocol.saml.JaxrsSAML2BindingBuilder.postBinding(JaxrsSAML2BindingBuilder.java:87)
        at org.keycloak.broker.saml.SAMLIdentityProvider.performLogin(SAMLIdentityProvider.java:119)
        ... 48 more
Caused by: javax.xml.crypto.dsig.XMLSignatureException: PL00100: Signing Process Failure:
        at org.keycloak.saml.common.DefaultPicketLinkLogger.signatureError(DefaultPicketLinkLogger.java:184)
        ... 54 more
Caused by: javax.xml.crypto.dsig.XMLSignatureException: java.security.InvalidKeyException: can't identify DSA private key.
        at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:403)
        at org.keycloak.saml.processing.core.util.XMLSignatureUtil.signImpl(XMLSignatureUtil.java:624)
        at org.keycloak.saml.processing.core.util.XMLSignatureUtil.sign(XMLSignatureUtil.java:347)
        at org.keycloak.saml.processing.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:143)
        at org.keycloak.saml.processing.api.saml.v2.sig.SAML2Signature.signSAMLDocument(SAML2Signature.java:160)
        ... 53 more
Caused by: java.security.InvalidKeyException: can't identify DSA private key.
        at org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil.generatePrivateKeyParameter(Unknown Source)
        at org.bouncycastle.jcajce.provider.asymmetric.dsa.DSASigner.engineInitSign(Unknown Source)
        at java.security.Signature$Delegate.init(Signature.java:1152)
        at java.security.Signature$Delegate.chooseProvider(Signature.java:1112)
        at java.security.Signature$Delegate.engineInitSign(Signature.java:1176)
        at java.security.Signature.initSign(Signature.java:527)
        at org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod.sign(DOMSignatureMethod.java:267)
        at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:399)
        ... 57 more

I don't understand this error.


_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user