6:56 p.m.
Hi there
We are using Keycloak 3.1.0 and when it is processing a SAML response, we
encountered the following error.
08:24:46,541 ERROR [io.undertow.request] (default task-352) UT005023:
Exception handling request to
/auth/realms/dev/login-actions/first-broker-login:
org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException:
java.lang.RuntimeException: com.ctc.wstx.exc.WstxParsingException:
Undeclared namespace prefix "dsig"
at [row,col {unknown-source}]: [1,338]
at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(
ExceptionHandler.java:76)
at org.jboss.resteasy.core.ExceptionHandler.handleException(
ExceptionHandler.java:212)
The "dsig" is declared in the header of the xml but Keycloak does not
appear to recognise it.
Here is the SAML response
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
*xmlns:dsig="http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig#>"*
xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:
attribute:X500"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Destination="https://www.bill.com/auth/realms/dev/broker/
saml/endpoint
<https://www.billview.com.au/auth/realms/billviewdev/broker/saml/endpoint&...
ID="id--nk-7uGxvonvTG7h8NL09hLwcKIpGZC053Zj-3Cz"
InResponseTo="ID_0c62fac6-d0d1-487d-91a6-44dd8c6cee16"
IssueInstant="2017-06-29T00:24:46Z"
Version="2.0"
<saml:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
http://iamdev.edu/oam/fed</saml:Issuer
<http://iamdev.ecu.edu.au/oam/fed%3c/saml:Issuer>>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"
/>
</samlp:Status>
<saml:Assertion ID="id-S80vqfesnCZBogvgpKyOKL2z1I8Y-mlMpAQwVk8q"
IssueInstant="2017-06-29T00:24:46Z"
Version="2.0"
<saml:Issuer Format="urn:oasis:names:tc:
SAML:2.0:nameid-format:entity">http://iamdev.edu/oam/fed</saml...
<http://iamdev.ecu.edu.au/oam/fed%3c/saml:Issuer>>
<dsig:Signature>
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/
2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="http://www.w3.org/
2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="#id-S80vqfesnCZBogvgpKyOKL2z1I8Y-
mlMpAQwVk8q">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/
2000/09/xmldsig#enveloped-signature" />
<dsig:Transform Algorithm="http://www.w3.org/
2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/
2000/09/xmldsig#sha1" />
<dsig:DigestValue>/9fx72oB3eQ5vDcEJE5q0u43P8k=</
dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
3:34 a.m.
Hi,
this has been reported already as
https://issues.jboss.org/browse/KEYCLOAK-4818. I suggest you to join
the list of watchers and please comment in the JIRA as much of the
details on your installation as possible: e.g. where it has happened
(in server? in adapter - in which server in that case?)
Thank you
--Hynek
On Fri, Jun 30, 2017 at 1:56 AM, Michael Mok <teatimej(a)gmail.com> wrote:
Hi there
We are using Keycloak 3.1.0 and when it is processing a SAML response, we
encountered the following error.
08:24:46,541 ERROR [io.undertow.request] (default task-352) UT005023:
Exception handling request to
/auth/realms/dev/login-actions/first-broker-login:
org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException:
java.lang.RuntimeException: com.ctc.wstx.exc.WstxParsingException:
Undeclared namespace prefix "dsig"
at [row,col {unknown-source}]: [1,338]
at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(
ExceptionHandler.java:76)
at org.jboss.resteasy.core.ExceptionHandler.handleException(
ExceptionHandler.java:212)
The "dsig" is declared in the header of the xml but Keycloak does not
appear to recognise it.
Here is the SAML response
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
*xmlns:dsig="http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig#>"*
xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:
attribute:X500"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Destination="https://www.bill.com/auth/realms/dev/broker/
saml/endpoint
<https://www.billview.com.au/auth/realms/billviewdev/broker/saml/endpoint&...
ID="id--nk-7uGxvonvTG7h8NL09hLwcKIpGZC053Zj-3Cz"
InResponseTo="ID_0c62fac6-d0d1-487d-91a6-44dd8c6cee16"
IssueInstant="2017-06-29T00:24:46Z"
Version="2.0"
>
<saml:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
http://iamdev.edu/oam/fed</saml:Issuer
<http://iamdev.ecu.edu.au/oam/fed%3c/saml:Issuer>>
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"
/>
</samlp:Status>
<saml:Assertion ID="id-S80vqfesnCZBogvgpKyOKL2z1I8Y-mlMpAQwVk8q"
IssueInstant="2017-06-29T00:24:46Z"
Version="2.0"
>
<saml:Issuer Format="urn:oasis:names:tc:
SAML:2.0:nameid-format:entity">http://iamdev.edu/oam/fed</saml...
<http://iamdev.ecu.edu.au/oam/fed%3c/saml:Issuer>>
<dsig:Signature>
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/
2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="http://www.w3.org/
2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="#id-S80vqfesnCZBogvgpKyOKL2z1I8Y-
mlMpAQwVk8q">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/
2000/09/xmldsig#enveloped-signature" />
<dsig:Transform Algorithm="http://www.w3.org/
2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/
2000/09/xmldsig#sha1" />
<dsig:DigestValue>/9fx72oB3eQ5vDcEJE5q0u43P8k=</
dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
2750
days inactive
2751
days old
1 comments
2 participants
participants (2)
-
Hynek Mlnarik -
Michael Mok