5 a.m.
Hello David,
Me, in your <samlp:Response> I am missing a couple of attributes:
Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
InResponseTo="ID_99d1aa37-7ed7-4565-90b4-19ed50d38489"
Probably "consent" one is not causing the issue, but "inresponseto"
contains the id of the AuthRequest sent by keycloak, and maybe keycloak
wants to verify it. My setup is keycloak SP and ADFS2 IdP (very similar to
yours BTW). You can have a look here to one of the ADFS2 responses:
https://gist.github.com/lurodrig/34fa5092da4cef85d1f3cfaa2ac3025a
Hope it helps,
Luis
2018-05-16 3:06 GMT+02:00 Lynxlogic <info(a)lynxlogic.com>:
I’m trying to setup SAML SSO between Azure AD and Keycloak. On the
redirect back after auth, Keycloak is failing to process the response and
generates an internal server error:
00:27:04,170 ERROR [org.keycloak.services.error.KeycloakErrorHandler]
(default task-5) Uncaught server error:
org.keycloak.broker.provider.IdentityBrokerException:
Could not process response from SAML identity provider.
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(
SAMLEndpoint.java:444)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(
SAMLEndpoint.java:479)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(
SAMLEndpoint.java:237)
at org.keycloak.broker.saml.SAMLEndpoint.postBinding(
SAMLEndpoint.java:157)
.
.
.
Caused by: java.lang.NullPointerException
at java.util.regex.Matcher.getTextLength(Matcher.java:1283)
at java.util.regex.Matcher.reset(Matcher.java:309)
at java.util.regex.Matcher.<init>(Matcher.java:229)
at java.util.regex.Pattern.matcher(Pattern.java:1093)
at java.util.regex.Pattern.split(Pattern.java:1206)
at org.keycloak.broker.provider.util.IdentityBrokerState.
encoded(IdentityBrokerState.java:41)
at org.keycloak.services.resources.IdentityBrokerService.
parseEncodedSessionCode(IdentityBrokerService.java:980)
at org.keycloak.services.resources.IdentityBrokerService.authenticated(
IdentityBrokerService.java:490)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(
SAMLEndpoint.java:440)
... 63 more
I’ve posted the SAML response at https://gist.github.com/dieseldjango/
72057b7df68dbe3dc289ec8e3f5826bf <https://gist.github.com/dieseldjango/
72057b7df68dbe3dc289ec8e3f5826bf>.
The stack trace indicates it’s failing at
IdentityBrokerService.parseEncodedSessionCode().
I’ve tried this with Keycloak 3.2.1 and with 4.0 Beta 2. Can someone point
me in the right direction to solve this?
Thanks,
David
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett