[keycloak-user] Using OneLogin php-saml library with keycloak
bburke at redhat.com
Fri Jun 5 02:51:03 EDT 2015
How is the relay state transfered? POST or Redirect GET? How is it
On 6/5/2015 2:43 AM, pubudu gunawardena wrote:
> Quoting from section "3.1.1 Use of RelayState" in the spec
> "Namely, if a SAML request message is accompanied by RelayState data,
> then the SAML responder MUST return its SAML protocol response using a
> binding that also supports a RelayState mechanism, and it MUST place
> the exact RelayState data it received with the request into the
> corresponding RelayState parameter in the response."
> which is not the case if keycloak is removing the forward slashes from
> the RelayState. So I think there should be a mechanism to escape the
> RelayState data and yet return the data to the Service Provider
> On Thu, Jun 4, 2015 at 5:43 PM, pubudu gunawardena <pubudupg at gmail.com> wrote:
>> After debugging found a possible cause for this. In line 305 of
>> SAML2BindingBuilder2 there is code as following
>> which removes the forward slashes from the url. So I guess this is a bug?
>> On Thu, Jun 4, 2015 at 5:14 PM, pubudu gunawardena <pubudupg at gmail.com> wrote:
>>> Hi All,
>>> I am trying to use the OneLogin php-saml library as a service
>>> provider that uses keycloak as a SAML identity provider. The
>>> "RelayState" parameter is sent properly form the SP to the IDP but in
>>> the response, the forward slashes are missing from the RelayState.
>>> For example in the post parameters of the authentication request, the
>>> RelayState shows "http://phpsaml/demo1/" but in the response from
>>> keycloak, it shows "http:phpsamldemo1". This is causing the php-saml
>>> library to throw exceptions. I'm using keycloak 1.2.0.Final.
>>> How can I overcome this problem?
JBoss, a division of Red Hat
More information about the keycloak-user