Hi, We have setup Keycloak as an identity broker with a SAML IdP. Keycloak recieves a SAML response from the IdP and we can decrypt this response by hand and it looks like we expect. When the browser hits our SAML endpoint (https://[domain]/auth/realms/[realm]/[client]/[IdP alias]/endpoint) we get an exception: org.keycloak.broker.provider.IdentityBrokerException: Could not process response from SAML identity provider. The log shows this error: PL00062: Parser : Unknown tag:AuthnStatement::location=[row,col {unknown-source}]: [1,9341] It seems that Keycloak do not know the tag AuthnStatement even though this is part of the SAML 2.0 standard? Are we missing something here? Kind regards, Ulrik and Anders -- View this message in context: http://keycloak-user.88327.x6.nabble.com/SAML-parsing-error-tp3667.html Sent from the keycloak-user mailing list archive at Nabble.com. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Hi again, We now experience another problem that seems to be related. When we create a new SAML v2.0 IdP in KC we would like to import the metadata file from our IdP (see the attached file). It fails and the log shows this: PL00062: Parser : Unknown tag:Attribute::location=[row,col {unknown-source}]: [207,5] We have tried to change a few things in the meta data file (i.e. avoiding an empty last attribute) with no luck. IdPMetadata_test.xml <http://keycloak-user.88327.x6.nabble.com/file/n3723/IdPMetadata_test.xml> Best regards, Anders and Ulrik -- View this message in context: http://keycloak-user.88327.x6.nabble.com/SAML-parsing-error-tp3667p3723.html Sent from the keycloak-user mailing list archive at Nabble.com. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user