3:56 a.m.
Hi Team,
I am trying to verify multitenant keycloak support in SAML application. I have gone
through example provided for OIDC application and it worked perfectly fine.
Based on SAML documentation available in Keycloak below is my understanding
1) Need to provide implementation for SamlConfigResolver's resolve() method in SAML
application.
2) Mention above implementation in web.xml.
For this verification I am trying to customize post-with-signature example.
I have added keycloak-saml-adapter-core and keycloak-adapter-spi dependancies in pom.xml.
I just write an SOP statement in resolve method.
When I run, I get java.lang.NullPointerException
Please share your thoughts on following points:
1) Is my above understanding is correct? In case if I am missing something then please let
me know.
2) Is there any other approach with which we can achieve this behavior?
Below is the stack trace for the reference:
Stack Trace
java.lang.NullPointerException
org.keycloak.adapters.saml.undertow.AbstractSamlAuthMech.authenticate(AbstractSamlAuthMech.java:102)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
java.lang.Thread.run(Thread.java:745)
Thanks & Regards,
Pankaj Mahajan
8:03 a.m.
Multitenancy for SAML adapter is not supported at this moment, see
https://issues.jboss.org/browse/KEYCLOAK-1925.
Community contribution would be welcome.
On Mon, Dec 18, 2017 at 10:56 AM, Pankaj Mahajan <
Pankaj.Mahajan(a)harbingergroup.com> wrote:
Hi Team,
I am trying to verify multitenant keycloak support in SAML application. I
have gone through example provided for OIDC application and it worked
perfectly fine.
Based on SAML documentation available in Keycloak below is my understanding
1) Need to provide implementation for SamlConfigResolver's resolve()
method in SAML application.
2) Mention above implementation in web.xml.
For this verification I am trying to customize post-with-signature example.
I have added keycloak-saml-adapter-core and keycloak-adapter-spi
dependancies in pom.xml.
I just write an SOP statement in resolve method.
When I run, I get java.lang.NullPointerException
Please share your thoughts on following points:
1) Is my above understanding is correct? In case if I am missing something
then please let me know.
2) Is there any other approach with which we can achieve this behavior?
Below is the stack trace for the reference:
Stack Trace
java.lang.NullPointerException
org.keycloak.adapters.saml.undertow.AbstractSamlAuthMech.authenticate(
AbstractSamlAuthMech.java:102)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(
SecurityContextImpl.java:233)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(
SecurityContextImpl.java:250)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(
SecurityContextImpl.java:219)
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(
SecurityContextImpl.java:121)
io.undertow.security.impl.SecurityContextImpl.authTransition(
SecurityContextImpl.java:96)
io.undertow.security.impl.SecurityContextImpl.authenticate(
SecurityContextImpl.java:89)
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandl
er.handleRequest(ServletAuthenticationCallHandler.java:55)
io.undertow.server.handlers.DisableCacheHandler.handleRequest(
DisableCacheHandler.java:33)
io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
io.undertow.security.handlers.AuthenticationConstraintHandle
r.handleRequest(AuthenticationConstraintHandler.java:51)
io.undertow.security.handlers.AbstractConfidentialityHandler
.handleRequest(AbstractConfidentialityHandler.java:46)
io.undertow.servlet.handlers.security.ServletConfidentialityConstrai
ntHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandl
er.handleRequest(ServletSecurityConstraintHandler.java:56)
io.undertow.security.handlers.AuthenticationMechanismsHandle
r.handleRequest(AuthenticationMechanismsHandler.java:60)
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHand
ler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(
NotificationReceiverHandler.java:50)
io.undertow.security.handlers.AbstractSecurityContextAssocia
tionHandler.handleRequest(AbstractSecurityContextAssocia
tionHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.
handleRequest(JACCContextIdHandler.java:61)
io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(
ServletInitialHandler.java:284)
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(
ServletInitialHandler.java:263)
io.undertow.servlet.handlers.ServletInitialHandler.access$
000(ServletInitialHandler.java:81)
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(
ServletInitialHandler.java:174)
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
java.lang.Thread.run(Thread.java:745)
Thanks & Regards,
Pankaj Mahajan
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
8:18 a.m.
Thank you for your quick response.
Thanks & Regards,
Pankaj Mahajan
________________________________
From: Hynek Mlnarik <hmlnarik(a)redhat.com>
Sent: Monday, December 18, 2017 7:33:52 PM
To: Pankaj Mahajan
Cc: keycloak-user(a)lists.jboss.org; Abhijit Gokhale
Subject: Re: [keycloak-user] Multitenancy for SAML applications
Multitenancy for SAML adapter is not supported at this moment, see
https://issues.jboss.org/browse/KEYCLOAK-1925.
Community contribution would be welcome.
On Mon, Dec 18, 2017 at 10:56 AM, Pankaj Mahajan
<Pankaj.Mahajan@harbingergroup.com<mailto:Pankaj.Mahajan@harbingergroup.com>>
wrote:
Hi Team,
I am trying to verify multitenant keycloak support in SAML application. I have gone
through example provided for OIDC application and it worked perfectly fine.
Based on SAML documentation available in Keycloak below is my understanding
1) Need to provide implementation for SamlConfigResolver's resolve() method in SAML
application.
2) Mention above implementation in web.xml.
For this verification I am trying to customize post-with-signature example.
I have added keycloak-saml-adapter-core and keycloak-adapter-spi dependancies in pom.xml.
I just write an SOP statement in resolve method.
When I run, I get java.lang.NullPointerException
Please share your thoughts on following points:
1) Is my above understanding is correct? In case if I am missing something then please let
me know.
2) Is there any other approach with which we can achieve this behavior?
Below is the stack trace for the reference:
Stack Trace
java.lang.NullPointerException
org.keycloak.adapters.saml.undertow.AbstractSamlAuthMech.authenticate(AbstractSamlAuthMech.java:102)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
java.lang.Thread.run(Thread.java:745)
Thanks & Regards,
Pankaj Mahajan
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
2515
days inactive
2515
days old
2 comments
2 participants
participants (2)
-
Hynek Mlnarik -
Pankaj Mahajan