[keycloak-user] Logout error ("Success" + HTTP 500!?)
Pieter Lukasse
pieter at thehyve.nl
Wed Sep 13 07:32:24 EDT 2017
Hi,
I am currently getting a strange error when trying logout from my
application. The logout request is as follows (HTTP 200 code):
<*saml2p:LogoutRequest* xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="http://localhost:8081/auth/realms/test/protocol/saml"
ID="a370b54ee2i7g6j9275jbg40185b154"
IssueInstant="2017-09-13T11:22:04.100Z"
Version="2.0"
>
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">cbioportal</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#a370b54ee2i7g6j9275jbg40185b154">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>nKZrPGrsLZeR6xSgg0+xQ3dCg90=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>....</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>....</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
>pieter at thehyve.nl</saml2:NameID>
<saml2p:SessionIndex>2ce54b83-67c1-40fd-850d-947b29c721be</saml2p:SessionIndex>
</saml2p:LogoutRequest>
Which is replied with (HTTP 500 code!?):
<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
Destination="http://localhost:8081/auth/realms/test/protocol/saml"
ID="ID_1a5b931f-05b2-4b69-a32b-93cb7631fc98"
InResponseTo="a370b54ee2i7g6j9275jbg40185b154"
IssueInstant="2017-09-13T11:22:04.156Z"
Version="2.0"
>
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8081/auth/realms/test</saml:Issuer>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<dsig:Reference URI="#ID_1a5b931f-05b2-4b69-a32b-93cb7631fc98">
<dsig:Transforms>
<dsig:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<dsig:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<dsig:DigestValue>HMgEFe5f6mGdIlCwg8BRHif4JW8k7MLs+5V8j9BUwuE=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>...</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:KeyName>Yp3AF_Lz-EdxjwDdCJGk3dmvU9ZsWQE3SfV8pdT9OOQ</dsig:KeyName>
<dsig:X509Data>
<dsig:X509Certificate>...</dsig:X509Certificate>
</dsig:X509Data>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus>...</dsig:Modulus>
<dsig:Exponent>...</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>
</dsig:Signature>
<samlp:Status> <samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
</samlp:LogoutResponse>
So the reply states "Success" while at the same time it returns HTTP
500 (Internal Server Error). Is this a known bug? Or am I doing
something wrong?
This is the log on the server side:
13:21:19,378 WARN [org.keycloak.protocol.saml.SamlService] (default
task-13) Unknown saml response.
13:21:19,380 WARN [org.keycloak.events] (default task-13)
type=LOGOUT_ERROR, realmId=test, clientId=null, userId=null,
ipAddress=127.0.0.1, error=invalid_token
13:22:04,205 WARN [org.keycloak.protocol.saml.SamlService] (default
task-20) Unknown saml response.
13:22:04,206 WARN [org.keycloak.events] (default task-20)
type=LOGOUT_ERROR, realmId=test, clientId=null, userId=null,
ipAddress=127.0.0.1, error=invalid_token
Thanks,
PIeter
www.thehyve.nl
We empower scientists by building on open source software
More information about the keycloak-user
mailing list