[keycloak-dev] Getting error with authentication using ecp.sh script
Stian Thorgersen
sthorger at redhat.com
Tue Jan 3 09:27:21 EST 2017
What version of Keycloak is this?
On 3 January 2017 at 15:10, John Dennis <jdennis at redhat.com> wrote:
> On 12/27/2016 08:52 AM, Rashmi Singh wrote:
> > Hi All, Just a reminder if some insights/help could be provided on my
> SAML
> > request and the issue I am facing.
>
> What Rashmi failed to mention is that after submitting the SAML
> AuthnRequest to Keycloak the response was a server 500 error. I asked
> him to look for any backtraces that appeared in the Keycloak log after
> receiving the AuthnRequest which he did and included here.
>
> To the best of my knowledge the AuthnRequest is well formed but even if
> it wasn't the response should have been a SAML Response with an error,
> not a HTTP 500 status code.
>
> What we need to figure out is why Keycloak is throwing an uncaught
> exception resulting in the HTTP 500 status code.
>
> ECP requires either basic or digest authentication on the endpoint
> processing the AuthnRequest. My suspicion based on the "Failed
> authentication" message at the beginning of the backtrace is either the
> authentication did not occur on the endpoint or there was a failure to
> record the authentication occurred and was successful, just a guess.
>
> >
> > On Fri, Dec 23, 2016 at 9:01 PM, Rashmi Singh <singhrasster at gmail.com>
> > wrote:
> >
> >> Hi All,
> >>
> >> I am using ecp.sh (provided by keycloak team, ofcourse with changes on
> >> idp_endpoint based on my keycloak environment) to perform
> authentication.
>
> Just to clarify, ecp.sh was not provided by the keycloak team. I
> provided it to Rashmi. It's a script I've used in the past to test ECP.
>
> >> I am using spring saml SP and keycloak IDP. I enabled ecp on the SP side
> >> and then I execute ecp.sh script as:
> >>
> >> ./ecp.sh -d rhsso http://192.168.99.100:8888/saml-sp/first.jsp newuser4
> >>
> >>
> >> My idp_endpoint is: "http://192.168.99.100:9990/auth/realms/xxxxxxxxxx/
> >> protocol/saml"
> >> where xxxxxxxxxx is my realm (replaced my realm with xxxxxxxxxx for this
> >> email)
> >>
> >> The script prompts me to enter password and then it sends an auth
> request
> >> to keycloak IDP.
> >>
> >> Now, something goes wrong at the IDP.
> >> I enabled saml logs on keycloak to see the incoming request and the
> >> following error from the logs:
> >>
> >> 00:51:40,656 DEBUG [org.keycloak.saml.SAMLRequestParser] (default
> task-2)
> >> SAML POST Binding
> >> 00:51:40,656 DEBUG [org.keycloak.saml.SAMLRequestParser] (default
> task-2)
> >> <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:
> tc:SAML:2.0:protocol"
> >> AssertionConsumerServiceURL="http://192.168.99.100:8888/
> saml-sp/saml/SSO"
> >> ForceAuthn="false" ID="a31ah57718g27gd149da6jeb08620ig"
> IsPassive="false"
> >> IssueInstant="2016-12-24T00:51:34.799Z" ProtocolBinding="urn:oasis:
> >> names:tc:SAML:2.0:bindings:PAOS" Version="2.0">
> >> <saml2:Issuer xmlns:saml2="urn:oasis:names:
> tc:SAML:2.0:assertion">http://
> >> 192.168.99.100:8888/saml-sp/saml/metadata</saml2:Issuer>
> >> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> <ds:SignedInfo>
> >> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/
> >> 2001/10/xml-exc-c14n#"/>
> >> <ds:SignatureMethod Algorithm="http://www.w3.org/
> 2000/09/xmldsig#rsa-sha1
> >> "/>
> >> <ds:Reference URI="#a31ah57718g27gd149da6jeb08620ig">
> >> <ds:Transforms>
> >> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-
> >> signature"/>
> >> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> >> </ds:Transforms>
> >> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> >> <ds:DigestValue>nfLQ9IFs9IFnSgw3HHHKuPkAbRY=</ds:DigestValue>
> >> </ds:Reference>
> >> </ds:SignedInfo>
> >> <ds:SignatureValue>iULSwpjBb38Vmtan4ZIocRx4PNr6fHRuhVbL+
> >> 7yXNz3wqjlSavtk7haUiADwUS2cTofRM5KDzUvIkaQPXBZqEkz2xnrhpNj71
> >> eIqJ6H4ZqW3mpvP8Bk9z3VEmcEQhZSd6j8rMf4JOdIBRtE7cea0wJhuQ1Uds
> >> HdcKeIdp+wuRvn8t9vS/mPKd9GAt11JpC+bgMQS0MDy+r1+AZof2+
> >> XMyMuwECVIkouTzwlgKDEmgvQh6Aq61f+QzIeeZ9+3efwJyIH61x7J4CaiSTpesezlXx8UQ
> >> nqIL+AToL1OFHSp2bgXXxkP1rHSkyNM34Eg92LmI5cN3oBfQDR8r+mCoEctWA==</
> >> ds:SignatureValue>
> >> <ds:KeyInfo>
> >> <ds:X509Data>
> >> <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBg
> >> kqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYT
> >> ERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeT
> >> EMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyOD
> >> AxWhcNMjIxMjMwMTEyODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVX
> >> VzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2
> >> FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wggEiMA0GCS
> >> qGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrD
> >> tUt00E5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/
> >> yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/
> >> rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7KqxpHx6No83WNZj4B
> >> 3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/
> >> KSaal3R26pONUUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/
> >> R93vBA6lnl5nTctZIRsyg0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQ
> >> wAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL82IvnKouGixGq
> >> AcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGO
> >> M6A8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/
> >> dgixKb1Rvby/tBuRogWgPONNSACiW+Z5o8UdAOqNMZQozD/
> >> i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEWbHwSoBy5hLPNALaE
> >> Uoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/
> >> GuHE=</ds:X509Certificate>
> >> </ds:X509Data>
> >> </ds:KeyInfo>
> >> </ds:Signature>
> >> </saml2p:AuthnRequest>
> >>
> >> 00:51:41,265 DEBUG [org.keycloak.saml.common] (default task-2) The
> >> provider ApacheXMLDSig - 2.05 was added at position: 2
> >> 00:51:41,545 WARN [org.keycloak.services] (default task-2)
> >> KC-SERVICES0013: Failed authentication: org.keycloak.authentication.
> >> AuthenticationFlowException
> >> at org.keycloak.authentication.DefaultAuthenticationFlow.
> >> processResult(DefaultAuthenticationFlow.java:242)
> >> at org.keycloak.authentication.DefaultAuthenticationFlow.
> >> processFlow(DefaultAuthenticationFlow.java:185)
> >> at org.keycloak.authentication.AuthenticationProcessor.
> >> authenticateOnly(AuthenticationProcessor.java:792)
> >> at org.keycloak.protocol.AuthorizationEndpointBase.
> >> handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:100)
> >> at org.keycloak.protocol.saml.SamlService.
> >> newBrowserAuthentication(SamlService.java:505)
> >> at org.keycloak.protocol.saml.profile.ecp.
> SamlEcpProfileService.
> >> newBrowserAuthentication(SamlEcpProfileService.java:89)
> >> at org.keycloak.protocol.saml.SamlService.
> >> newBrowserAuthentication(SamlService.java:501)
> >> at org.keycloak.protocol.saml.SamlService$BindingProtocol.
> >> loginRequest(SamlService.java:297)
> >> at org.keycloak.protocol.saml.profile.ecp.
> SamlEcpProfileService$1.
> >> loginRequest(SamlEcpProfileService.java:72)
> >> at org.keycloak.protocol.saml.SamlService$BindingProtocol.
> >> handleSamlRequest(SamlService.java:209)
> >> at org.keycloak.protocol.saml.SamlService$
> >> PostBindingProtocol.execute(SamlService.java:453)
> >> at org.keycloak.protocol.saml.profile.ecp.
> SamlEcpProfileService.
> >> authenticate(SamlEcpProfileService.java:74)
> >> at org.keycloak.protocol.saml.SamlService.soapBinding(
> >> SamlService.java:619)
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >> at sun.reflect.NativeMethodAccessorImpl.invoke(
> >> NativeMethodAccessorImpl.java:62)
> >> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> >> DelegatingMethodAccessorImpl.java:43)
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
> >> MethodInjectorImpl.java:139)
> >> at org.jboss.resteasy.core.ResourceMethodInvoker.
> invokeOnTarget(
> >> ResourceMethodInvoker.java:295)
> >> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
> >> ResourceMethodInvoker.java:249)
> >> at org.jboss.resteasy.core.ResourceLocatorInvoker.
> >> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
> >> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
> >> ResourceLocatorInvoker.java:101)
> >> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> >> SynchronousDispatcher.java:395)
> >> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> >> SynchronousDispatcher.java:202)
> >> at org.jboss.resteasy.plugins.server.servlet.
> >> ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
> >> at org.jboss.resteasy.plugins.server.servlet.
> >> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> >> at org.jboss.resteasy.plugins.server.servlet.
> >> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> >> at io.undertow.servlet.handlers.ServletHandler.handleRequest(
> >> ServletHandler.java:85)
> >> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> >> doFilter(FilterHandler.java:129)
> >> at org.keycloak.services.filters.KeycloakSessionServletFilter.
> >> doFilter(KeycloakSessionServletFilter.java:90)
> >> at io.undertow.servlet.core.ManagedFilter.doFilter(
> >> ManagedFilter.java:60)
> >> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> >> doFilter(FilterHandler.java:131)
> >> at io.undertow.servlet.handlers.FilterHandler.handleRequest(
> >> FilterHandler.java:84)
> >> at io.undertow.servlet.handlers.security.
> >> ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.
> >> java:62)
> >> at io.undertow.servlet.handlers.ServletDispatchingHandler.
> >> handleRequest(ServletDispatchingHandler.java:36)
> >> at org.wildfly.extension.undertow.security.
> >> SecurityContextAssociationHandler.handleRequest(
> >> SecurityContextAssociationHandler.java:78)
> >> at io.undertow.server.handlers.PredicateHandler.handleRequest(
> >> PredicateHandler.java:43)
> >> at io.undertow.servlet.handlers.security.
> >> SSLInformationAssociationHandler.handleRequest(
> >> SSLInformationAssociationHandler.java:131)
> >> at io.undertow.servlet.handlers.security.
> >> ServletAuthenticationCallHandler.handleRequest(
> >> ServletAuthenticationCallHandler.java:57)
> >> at io.undertow.server.handlers.PredicateHandler.handleRequest(
> >> PredicateHandler.java:43)
> >> at io.undertow.security.handlers.AbstractConfidentialityHandler
> >> .handleRequest(AbstractConfidentialityHandler.java:46)
> >> at io.undertow.servlet.handlers.security.
> >> ServletConfidentialityConstraintHandler.handleRequest(
> >> ServletConfidentialityConstraintHandler.java:64)
> >> at io.undertow.security.handlers.AuthenticationMechanismsHandle
> >> r.handleRequest(AuthenticationMechanismsHandler.java:60)
> >> at io.undertow.servlet.handlers.security.
> >> CachedAuthenticatedSessionHandler.handleRequest(
> >> CachedAuthenticatedSessionHandler.java:77)
> >> at io.undertow.security.handlers.NotificationReceiverHandler.
> >> handleRequest(NotificationReceiverHandler.java:50)
> >> at io.undertow.security.handlers.AbstractSecurityContextAssocia
> >> tionHandler.handleRequest(AbstractSecurityContextAssocia
> >> tionHandler.java:43)
> >> at io.undertow.server.handlers.PredicateHandler.handleRequest(
> >> PredicateHandler.java:43)
> >> at org.wildfly.extension.undertow.security.jacc.
> >> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> >> at io.undertow.server.handlers.PredicateHandler.handleRequest(
> >> PredicateHandler.java:43)
> >> at io.undertow.server.handlers.PredicateHandler.handleRequest(
> >> PredicateHandler.java:43)
> >> at io.undertow.servlet.handlers.ServletInitialHandler.
> >> handleFirstRequest(ServletInitialHandler.java:284)
> >> at io.undertow.servlet.handlers.ServletInitialHandler.
> >> dispatchRequest(ServletInitialHandler.java:263)
> >> at io.undertow.servlet.handlers.ServletInitialHandler.access$
> >> 000(ServletInitialHandler.java:81)
> >> at io.undertow.servlet.handlers.ServletInitialHandler$1.
> >> handleRequest(ServletInitialHandler.java:174)
> >> at io.undertow.server.Connectors.executeRootHandler(Connectors.
> >> java:202)
> >> at io.undertow.server.HttpServerExchange$1.run(
> >> HttpServerExchange.java:793)
> >> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> >> ThreadPoolExecutor.java:1142)
> >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> >> ThreadPoolExecutor.java:617)
> >> at java.lang.Thread.run(Thread.java:745)
> >>
> >> 00:51:41,548 WARN [org.keycloak.events] (default task-2)
> >> type=LOGIN_ERROR, realmId=O4ZR9N2V6U, clientId=http://192.168.99.
> >> 100:8888/saml-sp/saml/metadata, userId=null, ipAddress=192.168.99.1,
> >> error=in
> >> valid_user_credentials, auth_method=saml, redirect_uri=http://192.168.
> >> 99.100:8888/saml-sp/saml/SSO, code_id=fa04e6ff-3767-419c-
> a5bf-7bc2c94e8300
> >>
> >>
> >> I am a bit lost here on what is wrong. Does this request I pasted above
> >> look correct? If not, let me know what is wrong/missing there. Also, my
> >> understanding is that I don't need to enable anything on keycloak for
> this.
> >> I was earlier able to do browser based authentication using this same
> saml
> >> SP, IDP and the user. Then, I enabled ECP on SP to test authentication
> >> using ecp.sh script but I encountered the above error and output. I
> would
> >> appreciate any help or pointers on this.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> Also, for reference, this is the SP response (I printed the $sp_resp
> >> variable in ecp.sh):
> >>
> >> <?xml version="1.0" encoding="UTF-8"?>
> >> <soap11:Envelope xmlns:soap11="http://schemas.
> xmlsoap.org/soap/envelope/">
> >> <soap11:Header>
> >> <paos:Request xmlns:paos="urn:liberty:paos:2003-08"
> responseConsumerURL="
> >> http://192.168.99.100:8888/saml-sp/saml/SSO"
> service="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
> >> soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
> >> soap11:mustUnderstand="1"/>
> >> <ecp:Request xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"
> >> IsPassive="false" soap11:actor="http://schemas.
> xmlsoap.org/soap/actor/next"
> >> soap11:mustUnderstand="1">
> >> <saml2:Issuer xmlns:saml2="urn:oasis:names:
> tc:SAML:2.0:assertion">http://
> >> 192.168.99.100:8888/saml-sp/saml/metadata</saml2:Issuer>
> >> </ecp:Request>
> >> </soap11:Header>
> >> <soap11:Body>
> >> <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:
> tc:SAML:2.0:protocol"
> >> AssertionConsumerServiceURL="http://192.168.99.100:8888/
> saml-sp/saml/SSO"
> >> ForceAuthn="false" ID="a1bj9ed5f38c4c1f1331hifbg36363"
> IsPassive="false"
> >> IssueInstant="2016-12-24T01:14:48.538Z" ProtocolBinding="urn:oasis:
> >> names:tc:SAML:2.0:bindings:PAOS" Version="2.0">
> >> <saml2:Issuer xmlns:saml2="urn:oasis:names:
> tc:SAML:2.0:assertion">http://
> >> 192.168.99.100:8888/saml-sp/saml/metadata</saml2:Issuer>
> >> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> <ds:SignedInfo>
> >> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/
> >> 2001/10/xml-exc-c14n#"/>
> >> <ds:SignatureMethod Algorithm="http://www.w3.org/
> 2000/09/xmldsig#rsa-sha1
> >> "/>
> >> <ds:Reference URI="#a1bj9ed5f38c4c1f1331hifbg36363">
> >> <ds:Transforms>
> >> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-
> >> signature"/>
> >> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> >> </ds:Transforms>
> >> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> >> <ds:DigestValue>sOgymsP3qFQ4QQFiGP7oUjtutUw=</ds:DigestValue>
> >> </ds:Reference>
> >> </ds:SignedInfo>
> >> <ds:SignatureValue>ZGxJgqOcGe2XarIF1JtfjikRmpsIjg
> lB4mKeYdfUbwUavtH25XgZ/
> >> YmgTDFlCYbq2piAM0NvibcyPtXjgX26zATtWJg3URqHpqWclccql8I5arrVf
> >> kHTKUQxIx0Rk9bxxytsS012SptubO9F4a+b4LAWoaE9L4IymGVtLpZRLYRL2rhhj
> >> wIehT/hSXTWWNRWrLWYb03klaCp/1hZIEUIUW1nyeveyWfaeN1LF7BJ63y
> >> MdWOrtUEaF388chUcg1dpFB7HeYq1Q5GCYyEsFk3yi1CEcZ/
> >> qeXyfbHAwixFOG0pPNyeunn6QDZzFD8sSVepXzuFLb8MuuthNYSb0hVLrwQ=
> >> =</ds:SignatureValue>
> >> <ds:KeyInfo>
> >> <ds:X509Data>
> >> <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBg
> >> kqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
> >> CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBT
> b2Z0d2FyZSBPeTEM
> >> MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAx
> WhcNMjIxMjMwMTEy
> >> ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UE
> BxMISGVsc2lua2kx
> >> GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYD
> VQQDEwZhcG9sbG8w
> >> ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0
> alwsLafhrDtUt00E
> >> 5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEK
> WF5Z13
> >> F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7
> QghBuxh3K5gu7K
> >> qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1i
> PQ/KSaal3R26pON
> >> UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/
> R93vBA6lnl5nTctZIRsyg
> >> 0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/
> RRcB8bMAUUIG0hLGL
> >> 82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNR
> ttir6eyqwRFGOM6A
> >> 8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/
> dgixKb1Rvby/tBu
> >> RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXef
> xCFQ69FPcFDeEW
> >> bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+
> >> Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
> >> </ds:X509Data>
> >> </ds:KeyInfo>
> >> </ds:Signature>
> >> </saml2p:AuthnRequest>
> >> </soap11:Body>
> >> </soap11:Envelope>
> >>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>
>
> --
> John
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list