[keycloak-user] Buffer overflow in keycloak.adapters.saml

Bill Burke bburke at redhat.com
Mon Jun 13 15:36:00 EDT 2016


Probably you are doing a very large POST or PUT to a secure URL, the 
adapter is trying to save the request in the HttpSession and running 
into buffer limits.  getMaxSavePostSize()  Probably a tomcat setting 
somewhere.


On 6/13/16 12:59 PM, Richard Lavallee wrote:
>
> *Is anyone familiar with the below stack trace trying to connect 
> Keycloak to Tomcat, please?*
>
> *
> *
>
> *type* Exception report
>
> *message* _Could not create authentication request._
>
> *description* _The server encountered an internal error that prevented 
> it from fulfilling this request._
>
> *exception*
>
> java.lang.RuntimeException: Could not create authentication request.
> 	org.keycloak.adapters.saml.AbstractInitiateLogin.challenge(AbstractInitiateLogin.java:63)
> 	org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.executeAuthenticator(AbstractSamlAuthenticatorValve.java:247)
> 	org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.authenticateInternal(AbstractSamlAuthenticatorValve.java:222)
> 	org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve.authenticate(SamlAuthenticatorValve.java:42)
> 	org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:574)
> 	org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.invoke(AbstractSamlAuthenticatorValve.java:184)
> 	org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> 	org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
> 	org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> 	org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
> 	org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> 	org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
> 	java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> 	java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> 	java.lang.Thread.run(Thread.java:744)
>
> *root cause*
>
> java.lang.RuntimeException: java.io.IOException: Buffer overflow, no sink 4096 4096
> 	org.keycloak.adapters.saml.CatalinaSamlSessionStore.saveRequest(CatalinaSamlSessionStore.java:226)
> 	org.keycloak.adapters.saml.AbstractInitiateLogin.challenge(AbstractInitiateLogin.java:58)
> 	org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.executeAuthenticator(AbstractSamlAuthenticatorValve.java:247)
> 	org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.authenticateInternal(AbstractSamlAuthenticatorValve.java:222)
> 	org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve.authenticate(SamlAuthenticatorValve.java:42)
> 	org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:574)
> 	org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.invoke(AbstractSamlAuthenticatorValve.java:184)
> 	org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> 	org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
> 	org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> 	org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
> 	org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> 	org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
> 	java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> 	java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> 	java.lang.Thread.run(Thread.java:744)
>
> *root cause*
>
> java.io.IOException: Buffer overflow, no sink 4096 4096
> 	org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:477)
> 	org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:366)
> 	org.apache.catalina.authenticator.FormAuthenticator.saveRequest(FormAuthenticator.java:664)
> 	org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.keycloakSaveRequest(AbstractSamlAuthenticatorValve.java:253)
> 	org.keycloak.adapters.saml.CatalinaSamlSessionStore.saveRequest(CatalinaSamlSessionStore.java:224)
> 	org.keycloak.adapters.saml.AbstractInitiateLogin.challenge(AbstractInitiateLogin.java:58)
> 	org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.executeAuthenticator(AbstractSamlAuthenticatorValve.java:247)
> 	org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.authenticateInternal(AbstractSamlAuthenticatorValve.java:222)
> 	org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve.authenticate(SamlAuthenticatorValve.java:42)
> 	org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:574)
> 	org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.invoke(AbstractSamlAuthenticatorValve.java:184)
> 	org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> 	org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
> 	org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> 	org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
> 	org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> 	org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
> 	java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> 	java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> 	java.lang.Thread.run(Thread.java:744)
> ------------------------------------------------------------------------
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160613/d1d79a92/attachment.html 


More information about the keycloak-user mailing list