[keycloak-user] SAML response parsing failed
Erwin Steffens | Rovecom
esteffens at rovecom.nl
Wed Apr 26 16:08:32 EDT 2017
Ok, we did investigate the issue a little bit more. The initial parsing of the response seems ok. The full xml response is parsed successful. When we log the input in the 'serialize' method of the 'SAMLDataMarshaller' we see following XML (see new dropbox link). This piece of XML is invalid because the 'xmlns:ds' is missing. Somewhere the namespace is removed.
https://www.dropbox.com/s/b1bmumdcnvnnlj6/connectis-saml-response.xml?dl=0
Maybe we should post this to the dev mailing list?
-----------------------------
Rovecom
Erwin Steffens | Rovecom
softwareontwikkelaar
Elbe 2, 7908 HB Hoogeveen
Postbus 2126, 7900 BC Hoogeveen
0528 22 35 35
Voortdurend bezig met innoveren om beweging te stimuleren en groei te realiseren. Wij zijn Rovecom.
Disclaimer: http://www.rovecom.nl/maildisclaimer. Wanneer de link niet werkt, plak de link dan in uw internet browser.
-----------------------------
________________________________________
Van: Hynek Mlnarik <hmlnarik at redhat.com>
Verzonden: woensdag 26 april 2017 16:48
Aan: Erwin Steffens | Rovecom
CC: keycloak-user at lists.jboss.org
Onderwerp: Re: [keycloak-user] SAML response parsing failed
Thank you. This seems to be related to woodstox. With standard JDK's
XML event implementation (in fact xerces) that file is parsed
correctly. Can you try using xerces instead?
--Hynek
On Wed, Apr 26, 2017 at 12:51 PM, Erwin Steffens | Rovecom
<esteffens at rovecom.nl> wrote:
>
> Here it is: https://www.dropbox.com/s/gjuems7k6nkjs19/connectis-saml-response-raw.xml?dl=0
>
>
>
> -----------------------------
> Rovecom
>
> Erwin Steffens | Rovecom
> softwareontwikkelaar
>
> Elbe 2, 7908 HB Hoogeveen
> Postbus 2126, 7900 BC Hoogeveen
> 0528 22 35 35
>
>
> Voortdurend bezig met innoveren om beweging te stimuleren en groei te realiseren. Wij zijn Rovecom.
> Disclaimer: http://www.rovecom.nl/maildisclaimer. Wanneer de link niet werkt, plak de link dan in uw internet browser.
>
>
> -----------------------------
>
> -----Oorspronkelijk bericht-----
> Van: Hynek Mlnarik [mailto:hmlnarik at redhat.com]
> Verzonden: woensdag 26 april 2017 11:48
> Aan: Erwin Steffens | Rovecom <esteffens at rovecom.nl>
> Onderwerp: Re: [keycloak-user] SAML response parsing failed
>
> Could you please store the SAML response to e.g. google drive/dropbox/... and send here a link to it?
>
> --Hynek
>
> On Wed, Apr 26, 2017 at 11:32 AM, Erwin Steffens | Rovecom <esteffens at rovecom.nl> wrote:
>>
>>
>> We are integrating Keycloak with a SAML identity provider (dutch government). We seem to receive a valid response from the other party but Keycloak does seam to be able to parse the SAML response.
>>
>> The error we get is:
>>
>> 09:08:41,029 ERROR [io.undertow.request] (default task-14) UT005023:
>> Exception handling request to
>> /realms/datahub/login-actions/first-broker-login:
>> org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeEx
>> ception: java.lang.RuntimeException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "ds"
>>
>> When we run the received XML through a validation tool (https://www.samltool.com/validate_xml.php) it indicates that it is valid.
>>
>> Can I somehow attach the XML here?
>>
>> Erwin
>>
>>
>>
>>
>> -----------------------------
>> Rovecom
>>
>> Erwin Steffens | Rovecom
>> softwareontwikkelaar
>>
>> Elbe 2, 7908 HB Hoogeveen
>> Postbus 2126, 7900 BC Hoogeveen
>> 0528 22 35 35
>>
>>
>> Voortdurend bezig met innoveren om beweging te stimuleren en groei te realiseren. Wij zijn Rovecom.
>> Disclaimer: http://www.rovecom.nl/maildisclaimer. Wanneer de link niet werkt, plak de link dan in uw internet browser.
>>
>>
>> -----------------------------
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
>
> --Hynek
--
--Hynek
More information about the keycloak-user
mailing list