Re: [keycloak-user] AssertionConsumerServiceURL Requirement in AuthnRequest

Monday, 9 February 2015

Here is the AuthnRequest that was generated by WebLogic.

Do you still want me to create a JIRA?

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
  Destination="http://clokpsbmw01:8080/auth/realms/dev/protocol/saml/"
  ForceAuthn="false"
  ID="_0xadc0f2f6b3f36e604d310d4209db5c31"
  IsPassive="false"
  IssueInstant="2015-02-06T17:13:31.151Z"
  Version="2.0">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
http://clokpsbmw01:7001/saml2</saml:Issuer>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
     <ds:SignedInfo>
       <ds:CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
       <ds:SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
       <ds:Reference URI="#_0xadc0f2f6b3f36e604d310d4209db5c31">
       <ds:Transforms>
         <ds:Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
         <ds:Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#WithComments">
           <ec:InclusiveNamespaces xmlns:ec="
http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp"/>
         </ds:Transform>
       </ds:Transforms>
      <ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<ds:DigestValue>AGcoZLrPSDr5TgULgb/AQdpGAofuP9YstgnYMryKams=</ds:DigestValue>
    </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>
ROJaB9lwk5LiNfZMZmWrOrZmeXSZnjZiGwb9Q/ODzSscrs49ucJLhEzjzVXmr5jbLNg5UR5Pi1H+
N2hM/hZKEPpzxDtaR8RRzi8MYCiEwtqcbUD429txx0Sr1ZgPkhtw+KPsWAc5c17y8egzHCwe77DZ
CXDYzMtYlMui92kZ29Jj2QdgztSzxUNwHfOVGl6KAWu3NGlzobV+jbKtw20LOxAfpIW/e9hdwNAM
9OCwpKdcp6bvZrZ4GZZ/LXHJQzeZZtC3avwz4NHWX/9sOyYmspAVukTfCAyXeRxsbTgYX2vZKCOj
/a1ONd65CtgTCyE9tOzD7Ar1sWyp4FylrArABw==
  </ds:SignatureValue>
</ds:Signature>
</samlp:AuthnRequest>

On Mon, Feb 9, 2015 at 1:10 PM, Bill Burke <bburke(a)redhat.com&gt; wrote:

...
 Actually, I'll need some way of identifying the client making the
authn
 request.  Can you post the SAML request perchance?

 On 2/6/2015 2:42 PM, Jacob D'Onofrio wrote:
 > Hi,
 >
 > I am experimenting with using keycloak (1.1.0.Final) running on wildfly
 > 8.2.0.Final as an IDP for a service which is running on WebLogic 10.3.6.
 > When WebLogic sends the request to keycloak, I get a
 > NullPointerException like so:
 >
 > Caused by: java.lang.NullPointerException
 >          at
 >

org.keycloak.protocol.saml.SamlService$BindingProtocol.loginRequest(SamlService.java:195)
 > [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
 >          at
 >

org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:175)
 > [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
 >          at
 >
 org.keycloak.protocol.saml.SamlService$PostBindingProtocol.execute(SamlService.java:320)
 > [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
 >          at
 > org.keycloak.protocol.saml.SamlService.postBinding(SamlService.java:413)
 > [keycloak-saml-protocol-1.1.0.Final.jar:1.1.0.Final]
 >          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 > [rt.jar:1.7.0_65]
 >          at
 >
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 > [rt.jar:1.7.0_65]
 >          at
 >
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 > [rt.jar:1.7.0_65]
 >          at java.lang.reflect.Method.invoke(Method.java:606)
 > [rt.jar:1.7.0_65]
 >          at
 >
 org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
 > [resteasy-jaxrs-3.0.10.Final.jar:]
 >          at
 >

org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
 > [resteasy-jaxrs-3.0.10.Final.jar:]
 >          at
 >
 org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
 > [resteasy-jaxrs-3.0.10.Final.jar:]
 >          at
 >

org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
 > [resteasy-jaxrs-3.0.10.Final.jar:]
 >          at
 >
 org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
 > [resteasy-jaxrs-3.0.10.Final.jar:]
 >          at
 >
 org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
 > [resteasy-jaxrs-3.0.10.Final.jar:]
 >          ... 39 more
 >
 > I truncated the stack trace a bit. Looks like the method loginRequest of
 > SamlService.BindingProtocol expects that the AuthNRequest token specify
 > a AssertionConsumerServiceURL attribute, which WebLogic is not setting,
 > however the SAML documentation states that the attribute is optional.
 >
 > I wanted to check here before I posted a JIRA issue if this is a bug, or
 > intended behavior.
 >
 > Thanks,
 > Jacob
 >
 >
 > _______________________________________________
 > keycloak-user mailing list
 > keycloak-user(a)lists.jboss.org
 > https://lists.jboss.org/mailman/listinfo/keycloak-user
 >

 --
 Bill Burke
 JBoss, a division of Red Hat
 http://bill.burkecentral.com
 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] AssertionConsumerServiceURL Requirement in AuthnRequest