7:39 a.m.
Hello, we are using keycloak as a local IDP, currently the keycloak server if being served
to SPs via simplesamlphp, the connection to the simplesaml server works, a user can login
and logout without issues, however, when a user tries to authneicate via an SP, the
keycloak server login page shows "invalid request".
Looking at the logs I see:
`2017-11-19 08:13:31,218 ERROR [org.keycloak.saml.common] (default task-2) Error in base64
decoding saml message: java.lang.RuntimeException: PL00064: Parser: Unknown Start Element:
Scoping::location=org.codehaus.stax2.XMLStreamLocation2$1@5917b7e5`
Here is the saml data when authenticate only via simplesaml (this works):
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_c1f8cff7fd9f03bac28dc34402ae2f128a59ac45f5"
Version="2.0"
IssueInstant="2017-11-16T07:28:00Z"
Destination="https://iuccidp.iucc.ac.il/auth/realms/IUCCIDP/protocol/saml"
AssertionConsumerServiceURL="https://iif.iucc.ac.il/idp/module.php/saml/sp/saml2-acs.php/default-sp"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
<saml:Issuer>https://iif.iucc.ac.il/idp/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference
URI="#_c1f8cff7fd9f03bac28dc34402ae2f128a59ac45f5">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>lQF9e0r3X8T4QbyUU9r0pjaWyPk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>MIdx3PVLBZqUYkkg9GGUQRlpdOo8p1ajmGoUYm29JcYkPE7FYiVfgEpSj6GQ97MStUOiVJHEggFp201a40ucORqG2YG9VD7rhH0Ac7FGkO0AcqfPaVzDk+jXxiEtQZKAdTWj8UDVUtHjSg52ZKwmXyPru84gOevPgr+zs6XU7r0fWCQniwg6Dqc4E1dB5QThpj04iaMMeIHLf0dyQWPALQUtW4URMWhwLog6swGrTig/4vPh/hI7jiXB45okGjcvBJZvRLXPsS7+M6Jeu+XLK9/wCUGc05vxpK7Yn9AHnkZDer5P1b5ZaOoo0yLMe/x5tLlfWYmOO0oec4dE/5C6mw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIFKzCCBBOgAwIBAgIQBVCwaVElAxhYhZHwR0xGhzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNzEwMzEwMDAwMDBaFw0yMDExMDQxMjAwMDBaMHQxCzAJBgNVBAYTAklMMREwDwYDVQQHEwhUZWwgQXZpdjEsMCoGA1UEChMjSW50ZXIgVW5pdmVyc2l0eSBDb21wdXRhdGlvbiBDZW50ZXIxCzAJBgNVBAsTAklUMRcwFQYDVQQDEw5paWYuaXVjYy5hYy5pbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCuGsVeVyl6ognK6FDnZZk0VLuA8vF0eQrOZmIyHMXV0O9tFdy5lap6cB4VvOrzUjU2vfX3baWjfy1H/9WWzb3dH2++2vBsTJ38Z5l1ot3FkjBUix9Tm7gm8IZfIRu1UMMqZ945a2I5QJWqEiXEQTCIqSxB9I2Gs9hmHmZxb+BIA3jdWOfjKCNn/gToP7WZ2ks2BfhM3NhwkMVWwE8Lnds/m8MKRoKGMDWdsuhN9nSy0Qq1A7hPhnTClFEl7Nw8eUx1pbgk8DZMJIxVq0X4h1ogeno1AJhCSpaClsVUCiGQpC9DFsB1mctnVj+gR+LOaPQPuWpXWU00u8H3GcKp59MCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFGf9iCAUJ5jHCdIlGbvpURFjdVBiMB0GA1UdDgQWBBRzclwqDCt2YJuQzNL7Q6xQSMFYvjAZBgNVHREEEjAQgg5paWYuaXVjYy5hYy5pbDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjBuBggrBgEFBQcBAQRiMGAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA4BggrBgEFBQcwAoYsaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAPT+syBAyrz97u7zvxk2JUjlvD5IdpXNuEwuO3hxmj8RAJ1HNKcelNi53UOGmc+bfug3BrwN4tm8e70lWbePKhLZ/wmZ0GtmC3hrQK9g6NalncY3Qq5P7mvFohWInUaXnVM0AhDNj+IzbBHT+kKiKySeDUBhE7me7Qf/g/wcICV7ukJEKwkkIs/eQgeUn20qLHSrD9ADMuMR1ezyTFDFNKGiHEN7QvlK2nXHHsYjnjs/GucT1zMYH9wRI3/HBOTvBRWNTYcUB9eHJvWC0Gscbo9itMwR6/xDaKLM3afHos4lAvlXfvLKMoW4/miNfqn1MOrmts5WJbfIlZ+4KxsMB7Q==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</samlp:AuthnRequest>
And here is the SAML data when authenticating vis an SP (this doesn't work):
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_c327a0622c69920a4bdefa8a2fd98847b67cf18473"
Version="2.0"
IssueInstant="2017-11-16T07:09:05Z"
Destination="https://iuccidp.iucc.ac.il/auth/realms/IUCCIDP/protocol/saml"
AssertionConsumerServiceURL="https://iif.iucc.ac.il/idp/module.php/saml/sp/saml2-acs.php/default-sp"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
<saml:Issuer>https://iif.iucc.ac.il/idp/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference
URI="#_c327a0622c69920a4bdefa8a2fd98847b67cf18473">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>lss9SZraPBlGe6oR6EbuUe9bbrE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>YFtlgSogdf4itNcckDhylaQNMx+nLi1MCndwvFsx9wBZFb4RTEZ05uYdK9lsIQBFIxjFnYmIil4h6CNLVoLzvdDKFZUdnY3Fpmz3p/Oo+0+ho/8gSp7bm1NlXJarMwHc36tFSKmFZb5fsGElX/1mH6NfsD2S46EmZiK7b7jYkbQVq4UaWVJ5ihvvil8FXTas5/JEUJai3X94/viglVhc5uptoBy/spRjdAnlUFSJKqmmgHWH/Dd/2ElOJiyi+z04O5lVvC5pjTWVHRxHwLlwKF/QjC3Z16cFKR4Y0Bm7uDxvQiGt5eH5Qvm96GYpLk5mV4cTlGELQbKRbECatnuS1Q==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIFKzCCBBOgAwIBAgIQBVCwaVElAxhYhZHwR0xGhzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNzEwMzEwMDAwMDBaFw0yMDExMDQxMjAwMDBaMHQxCzAJBgNVBAYTAklMMREwDwYDVQQHEwhUZWwgQXZpdjEsMCoGA1UEChMjSW50ZXIgVW5pdmVyc2l0eSBDb21wdXRhdGlvbiBDZW50ZXIxCzAJBgNVBAsTAklUMRcwFQYDVQQDEw5paWYuaXVjYy5hYy5pbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCuGsVeVyl6ognK6FDnZZk0VLuA8vF0eQrOZmIyHMXV0O9tFdy5lap6cB4VvOrzUjU2vfX3baWjfy1H/9WWzb3dH2++2vBsTJ38Z5l1ot3FkjBUix9Tm7gm8IZfIRu1UMMqZ945a2I5QJWqEiXEQTCIqSxB9I2Gs9hmHmZxb+BIA3jdWOfjKCNn/gToP7WZ2ks2BfhM3NhwkMVWwE8Lnds/m8MKRoKGMDWdsuhN9nSy0Qq1A7hPhnTClFEl7Nw8eUx1pbgk8DZMJIxVq0X4h1ogeno1AJhCSpaClsVUCiGQpC9DFsB1mctnVj+gR+LOaPQPuWpXWU00u8H3GcKp59MCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFGf9iCAUJ5jHCdIlGbvpURFjdVBiMB0GA1UdDgQWBBRzclwqDCt2YJuQzNL7Q6xQSMFYvjAZBgNVHREEEjAQgg5paWYuaXVjYy5hYy5pbDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjBuBggrBgEFBQcBAQRiMGAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA4BggrBgEFBQcwAoYsaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAPT+syBAyrz97u7zvxk2JUjlvD5IdpXNuEwuO3hxmj8RAJ1HNKcelNi53UOGmc+bfug3BrwN4tm8e70lWbePKhLZ/wmZ0GtmC3hrQK9g6NalncY3Qq5P7mvFohWInUaXnVM0AhDNj+IzbBHT+kKiKySeDUBhE7me7Qf/g/wcICV7ukJEKwkkIs/eQgeUn20qLHSrD9ADMuMR1ezyTFDFNKGiHEN7QvlK2nXHHsYjnjs/GucT1zMYH9wRI3/HBOTvBRWNTYcUB9eHJvWC0Gscbo9itMwR6/xDaKLM3afHos4lAvlXfvLKMoW4/miNfqn1MOrmts5WJbfIlZ+4KxsMB7Q==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlp:Scoping>
<samlp:RequesterID>https://terena.org/sp</samlp:RequesterID>
</samlp:Scoping>
</samlp:AuthnRequest>
3:16 p.m.
Please file a bug in JIRA with these details, this is an issue in parser.
On Sun, Nov 19, 2017 at 7:39 AM, Alex Zeleznikov <alex(a)iucc.ac.il> wrote:
Hello, we are using keycloak as a local IDP, currently the keycloak
server
if being served to SPs via simplesamlphp, the connection to the simplesaml
server works, a user can login and logout without issues, however, when a
user tries to authneicate via an SP, the keycloak server login page shows
"invalid request".
Looking at the logs I see:
`2017-11-19 08:13:31,218 ERROR [org.keycloak.saml.common] (default task-2)
Error in base64 decoding saml message: java.lang.RuntimeException: PL00064:
Parser: Unknown Start Element: Scoping::location=org.codehaus.stax2.
XMLStreamLocation2$1@5917b7e5`
Here is the saml data when authenticate only via simplesaml (this works):
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_c1f8cff7fd9f03bac28dc34402ae2f128a59ac45f5"
Version="2.0"
IssueInstant="2017-11-16T07:28:00Z"
Destination="https://iuccidp.iucc.ac.il/auth/realms/
IUCCIDP/protocol/saml"
AssertionConsumerServiceURL="h
ttps://iif.iucc.ac.il/idp/module.php/saml/sp/saml2-acs.php/default-sp"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:
HTTP-POST"
>
<saml:Issuer>https://iif.iucc.ac.il/idp/module.php/saml/sp/
metadata.php/default-sp</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/
2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/
2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_c1f8cff7fd9f03bac28dc34402ae2f
128a59ac45f5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/
2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/
2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/
2000/09/xmldsig#sha1" />
<ds:DigestValue>lQF9e0r3X8T4QbyUU9r0pjaWyPk=</
ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>MIdx3PVLBZqUYkkg9GGUQRlpdOo8p1
ajmGoUYm29JcYkPE7FYiVfgEpSj6GQ97MStUOiVJHEggFp201a40ucORqG2Y
G9VD7rhH0Ac7FGkO0AcqfPaVzDk+jXxiEtQZKAdTWj8UDVUtHjSg52ZKwmXyPru84gOevPgr+
zs6XU7r0fWCQniwg6Dqc4E1dB5QThpj04iaMMeIHLf0dyQWPALQUtW4URMWh
wLog6swGrTig/4vPh/hI7jiXB45okGjcvBJZvRLXPsS7+M6Jeu+XLK9/
wCUGc05vxpK7Yn9AHnkZDer5P1b5ZaOoo0yLMe/x5tLlfWYmOO0oec4dE/
5C6mw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIFKzCCBBOgAwIBAgIQBVCwaVElAx
hYhZHwR0xGhzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1
UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQ
QKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNzEwMz
EwMDAwMDBaFw0yMDExMDQxMjAwMDBaMHQxCzAJBgNVBAYTAklMMREwDwYDVQ
QHEwhUZWwgQXZpdjEsMCoGA1UEChMjSW50ZXIgVW5pdmVyc2l0eSBDb21wdX
RhdGlvbiBDZW50ZXIxCzAJBgNVBAsTAklUMRcwFQYDVQQDEw5paWYuaXVjYy
5hYy5pbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCuGsVeVy
l6ognK6FDnZZk0VLuA8vF0eQrOZmIyHMXV0O9tFdy5lap6cB4VvOrzUjU2vf
X3baWjfy1H/9WWzb3dH2++2vBsTJ38Z5l1ot3FkjBUix9Tm7gm8I
ZfIRu1UMMqZ945a2I5QJWqEiXEQTCIqSxB9I2Gs9hmHmZxb+BIA3jdWOfjKCNn/
gToP7WZ2ks2BfhM3NhwkMVWwE8Lnds/m8MKRoKGMDWdsuhN9nSy0Qq1A7hPhn
TClFEl7Nw8eUx1pbgk8DZMJIxVq0X4h1ogeno1AJhCSpaClsVUCiGQpC9DFsB1mctnVj+gR+
LOaPQPuWpXWU00u8H3GcKp59MCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFG
f9iCAUJ5jHCdIlGbvpURFjdVBiMB0GA1UdDgQWBBRzclwqDCt2YJuQzNL7Q6
xQSMFYvjAZBgNVHREEEjAQgg5paWYuaXVjYy5hYy5pbDAOBgNVHQ8BAf8EBA
MCBaAwHQYDVR0lB!
BYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0d
HA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3JsMC+
gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmN
ybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHR
wczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjBuBggrBgEFBQc
BAQRiMGAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA
4BggrBgEFBQcwAoYsaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL1RFUkV
OQVNTTENBMy5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAPT+
syBAyrz97u7zvxk2JUjlvD5IdpXNuEwuO3hxmj8RAJ1HNKcelNi53UOGmc+
bfug3BrwN4tm8e70lWbePKhLZ/wmZ0GtmC3hrQK9g6NalncY3Qq5P7mv
FohWInUaXnVM0AhDNj+IzbBHT+kKiKySeDUBhE7me7Qf/g/wcICV7ukJEKwkkIs/
eQgeUn20qLHSrD9ADMuMR1ezyTFDFNKGiHEN7QvlK2nXHHsYjnjs/GucT1zMYH9wRI3/
HBOTvBRWNTYcUB9eHJvWC0Gscbo9itMwR6/xDaKLM3afHos4lAvlXfvLKMoW4/
miNfqn1MOrmts5WJbfIlZ+4KxsMB7Q==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</samlp:AuthnRequest>
And here is the SAML data when authenticating vis an SP (this doesn't
work):
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_c327a0622c69920a4bdefa8a2fd98847b67cf18473"
Version="2.0"
IssueInstant="2017-11-16T07:09:05Z"
Destination="https://iuccidp.iucc.ac.il/auth/realms/
IUCCIDP/protocol/saml"
AssertionConsumerServiceURL="h
ttps://iif.iucc.ac.il/idp/module.php/saml/sp/saml2-acs.php/default-sp"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:
HTTP-POST"
>
<saml:Issuer>https://iif.iucc.ac.il/idp/module.php/saml/sp/
metadata.php/default-sp</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/
2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/
2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_c327a0622c69920a4bdefa8a2fd988
47b67cf18473">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/
2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/
2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/
2000/09/xmldsig#sha1" />
<ds:DigestValue>lss9SZraPBlGe6oR6EbuUe9bbrE=</
ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>YFtlgSogdf4itNcckDhylaQNMx+
nLi1MCndwvFsx9wBZFb4RTEZ05uYdK9lsIQBFIxjFnYmIil4h6CNLVoLzvdD
KFZUdnY3Fpmz3p/Oo+0+ho/8gSp7bm1NlXJarMwHc36tFSKmFZb5fsGElX/
1mH6NfsD2S46EmZiK7b7jYkbQVq4UaWVJ5ihvvil8FXTas5/JEUJai3X94/viglVhc5uptoBy/
spRjdAnlUFSJKqmmgHWH/Dd/2ElOJiyi+z04O5lVvC5pjTWVHRxHwLlwKF/
QjC3Z16cFKR4Y0Bm7uDxvQiGt5eH5Qvm96GYpLk5mV4cTlGELQbKRbECatnu
S1Q==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIFKzCCBBOgAwIBAgIQBVCwaVElAx
hYhZHwR0xGhzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJOTDEWMBQGA1
UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQ
QKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xNzEwMz
EwMDAwMDBaFw0yMDExMDQxMjAwMDBaMHQxCzAJBgNVBAYTAklMMREwDwYDVQ
QHEwhUZWwgQXZpdjEsMCoGA1UEChMjSW50ZXIgVW5pdmVyc2l0eSBDb21wdX
RhdGlvbiBDZW50ZXIxCzAJBgNVBAsTAklUMRcwFQYDVQQDEw5paWYuaXVjYy
5hYy5pbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCuGsVeVy
l6ognK6FDnZZk0VLuA8vF0eQrOZmIyHMXV0O9tFdy5lap6cB4VvOrzUjU2vf
X3baWjfy1H/9WWzb3dH2++2vBsTJ38Z5l1ot3FkjBUix9Tm7gm8I
ZfIRu1UMMqZ945a2I5QJWqEiXEQTCIqSxB9I2Gs9hmHmZxb+BIA3jdWOfjKCNn/
gToP7WZ2ks2BfhM3NhwkMVWwE8Lnds/m8MKRoKGMDWdsuhN9nSy0Qq1A7hPhn
TClFEl7Nw8eUx1pbgk8DZMJIxVq0X4h1ogeno1AJhCSpaClsVUCiGQpC9DFsB1mctnVj+gR+
LOaPQPuWpXWU00u8H3GcKp59MCAwEAAaOCAccwggHDMB8GA1UdIwQYMBaAFG
f9iCAUJ5jHCdIlGbvpURFjdVBiMB0GA1UdDgQWBBRzclwqDCt2YJuQzNL7Q6
xQSMFYvjAZBgNVHREEEjAQgg5paWYuaXVjYy5hYy5pbDAOBgNVHQ8BAf8EBA
MCBaAwHQYDVR0lB!
BYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0d
HA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3JsMC+
gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmN
ybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHR
wczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjBuBggrBgEFBQc
BAQRiMGAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA
4BggrBgEFBQcwAoYsaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL1RFUkV
OQVNTTENBMy5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAPT+
syBAyrz97u7zvxk2JUjlvD5IdpXNuEwuO3hxmj8RAJ1HNKcelNi53UOGmc+
bfug3BrwN4tm8e70lWbePKhLZ/wmZ0GtmC3hrQK9g6NalncY3Qq5P7mv
FohWInUaXnVM0AhDNj+IzbBHT+kKiKySeDUBhE7me7Qf/g/wcICV7ukJEKwkkIs/
eQgeUn20qLHSrD9ADMuMR1ezyTFDFNKGiHEN7QvlK2nXHHsYjnjs/GucT1zMYH9wRI3/
HBOTvBRWNTYcUB9eHJvWC0Gscbo9itMwR6/xDaKLM3afHos4lAvlXfvLKMoW4/
miNfqn1MOrmts5WJbfIlZ+4KxsMB7Q==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlp:Scoping>
<samlp:RequesterID>https://terena.org/sp</samlp:RequesterID>
</samlp:Scoping>
</samlp:AuthnRequest>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
2622
days inactive
2623
days old
1 comments
2 participants
participants (2)
-
Alex Zeleznikov -
Hynek Mlnarik