[keycloak-dev] Saml authentication Signature verification Exception when Special Characters is the username

rony joy ronyjoy at gmail.com
Wed Nov 23 00:35:27 EST 2016 

Hi All,

We are getting signature verification exception at the client side after
Idp successfully authenticated the user("RoàåéèíñòøöùüßÅÄÖÜ") when the user
id contains special characters.

*UserName : RoàåéèíñòøöùüßÅÄÖÜ*
*Following are the keycloak settings. *
*Encryption req: false*
*Sign Document : true*

*Please find the below exception at the client side*

05:25:23at
org.keycloak.adapters.saml.profile.AbstractSamlAuthenticationHandler.verifyPostBindingSignature(AbstractSamlAuthenticationHandler.java:480)se
signature: org.keycloak.com
mon.Veriat
org.keycloak.adapters.saml.profile.AbstractSamlAuthenticationHandler.validateSamlSignature(AbstractSamlAuthenticationHandler.java:261)
        at
org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint.handle(SamlEndpoint.java:44)stractSamlAuthenticationHandler.java:183)
        at
org.keycloak.adapters.saml.undertow.AbstractSamlAuthMech.authenticate(AbstractSamlAuthMech.java:115)
        at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:263)
        at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125)31)
        at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)9)
        at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)(ServletAuthenticationCallHandler.java:55)
        at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)3)
        at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)ndler.java:64)
        at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)java:292)
        at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
        at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)tupAction.java:48)
        at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        at
io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)44)
        at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
        at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

More information about the keycloak-dev mailing list