[keycloak-user] SAML parsing error

Hynek Mlnarik hmlnarik at redhat.com
Tue Apr 25 03:56:18 EDT 2017


Thanks, this is a bug in KC SAML parser, it does not handle properly
an empty attribute value set by empty element in the last attribute of
the AttributeStatement:

[...]
            <Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <AttributeValue/>
            </Attribute>
        </AttributeStatement>

Could you please file a JIRA issue?

If that is possible for you, you might be able to work around the
issue by changing the order of attributes to put an attribute that
would never be empty to the last position.

Thanks

--Hynek

On Tue, Apr 25, 2017 at 8:57 AM, Anders KK
<anders.kabell.kristensen at systematic.com> wrote:
> SAML-response.xml
> <http://keycloak-user.88327.x6.nabble.com/file/n3674/SAML-response.xml>
>
> Please find the response attached.
> As far as we can see, character 9341 is inside the base 64 encoded chunk of
> the Privileges_intermediate attribute. However, the error mentioned (Unknown
> tag:AuthnStatement) is at a later position.
>
> Thanks
> Ulrik and Anders
>
>
>
>
> --
> View this message in context: http://keycloak-user.88327.x6.nabble.com/SAML-parsing-error-tp3667p3674.html
> Sent from the keycloak-user mailing list archive at Nabble.com.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



-- 

--Hynek


More information about the keycloak-user mailing list