[keycloak-user] CatalinaSamlAuthenticator issue using keycloak saml eap6 adapter
Jacobs, Michael
Michael.Jacobs at nuance.com
Tue Apr 25 20:04:07 EDT 2017
I have plugged keycloak-saml-eap6-adapter-dist-2.5.5.Final into JBoss eap-6.4.1 following these instructions:
http://www.keycloak.org/docs/2.5/securing_apps/topics/saml/java/saml-jboss-adapter.html
I am using Keycloak 2.5.5 as well. I have my client set up to use POST binding, and was getting into a loop of the client trying to login over and over in loop.
I narrowed it down to the CatalinaSamlAuthenticator which overrides createBrowserHandler() to set up a BrowserHandler, as opposed to the WebBrowserSsoAuthenticationHandler the parent class sets up.
This BrowserHandler overrides handle() in a way that does not read the samlResponse from the façade. This leads to initiateLogin() in the parent class getting called over and over.
If I comment createBrowserHandler() in CatalinaSamlAuthenticator I get the WebBrowserSsoAuthenticationHandler implementation which has a version of handle() that works.
Am I misconfigured somehow? Or is this a bug?
Thanks,
MJ
More information about the keycloak-user
mailing list