[keycloak-user] When using Keycloak as SP in SAML via filter i.e. SamlFilter, we get exception (details inside)
Akshay Kini
kga.official at gmail.com
Mon Jan 11 03:34:21 EST 2016
Hi,
I did a bit more investigation and I believe the following code change
should be made to Keycloak to handle this scenario:
In FilterSessionStore.java
we need to change the getDateHeader() method to (after cleanup of comments
of course):
@Override
public long getDateHeader(String name) {
if (!needRequestRestore) return super.getDateHeader(name);
/*throw new RuntimeException("This method is not supported in a
restored authenticated request");*/
return -1; //http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html
specifies that if it isn't present, return -1.
}
This is because of the JEE spec that says that if an implementation cannot
get the Date Header, it should return -1
http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html#getDateHeader-java.lang.String-
Could someone look into this please?
Thanks,
Regards,
Akshay
On Thu, Jan 7, 2016 at 9:08 AM, Akshay Kini <kga.official at gmail.com> wrote:
> Hi Folks,
>
> We have configured Keycloak as an SP via filter.
> Keycloak Version 1.7.0
>
> We get this exception:
> ERROR
> [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/].[AppName]]
> Servlet.service() for servlet NasDefault threw exception:
> java.lang.RuntimeException: This method is not supported in a restored
> authenticated request
> at
> org.keycloak.adapters.servlet.FilterSessionStore$1.getDateHeader(FilterSessionStore.java:178)
> [:1.7.0.CR1]
> at
> org.apache.catalina.servlets.DefaultServlet.checkIfModifiedSince(DefaultServlet.java:1731)
> [:]
> at
> org.apache.catalina.servlets.DefaultServlet.checkIfHeaders(DefaultServlet.java:608)
> [:]
> at
> org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:714)
> [:]
> at
> org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:368)
> [:]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
> [:1.0.0.Final]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
> [:1.0.0.Final]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324)
> [:]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242)
> [:]
> ... (trimmed)
> ...
> at
> org.keycloak.adapters.saml.servlet.SamlFilter.doFilter(SamlFilter.java:125)
> [:1.7.0.CR1]
> ...(trimmed)
> ...
> etc.
>
> Any ideas on what this error means?
>
> Thanks,
> Regards,
> Akshay
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160111/ed69e954/attachment.html
More information about the keycloak-user
mailing list