[keycloak-user] Logout error ("Success" + HTTP 500!?)
Pieter Lukasse
pieter at thehyve.nl
Wed Sep 13 07:50:24 EDT 2017
Found a solution by setting the Logout Service POST Binding URL ( to
http://localhost:8080/cbioportal/saml/logout in my case):
[image: image]
<https://user-images.githubusercontent.com/2900303/30375816-42089802-988a-11e7-94b1-b3ae049cd8e2.png>
www.thehyve.nl
E pieter at thehyve.nl
T +31(0)30 700 9713
M +31(0)6 28 18 9540
Skype pieter.lukasse
We empower scientists by building on open source software
2017-09-13 13:32 GMT+02:00 Pieter Lukasse <pieter at thehyve.nl>:
> Hi,
>
> I am currently getting a strange error when trying logout from my
> application. The logout request is as follows (HTTP 200 code):
>
> <*saml2p:LogoutRequest* xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
> Destination="http://localhost:8081/auth/realms/test/protocol/saml"
> ID="a370b54ee2i7g6j9275jbg40185b154"
> IssueInstant="2017-09-13T11:22:04.100Z"
> Version="2.0"
> >
> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">cbioportal</saml2:Issuer>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> <ds:Reference URI="#a370b54ee2i7g6j9275jbg40185b154">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <ds:DigestValue>nKZrPGrsLZeR6xSgg0+xQ3dCg90=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>....</ds:SignatureValue>
> <ds:KeyInfo>
> <ds:X509Data>....</ds:X509Certificate>
> </ds:X509Data>
> </ds:KeyInfo>
> </ds:Signature>
> <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
> >pieter at thehyve.nl</saml2:NameID>
> <saml2p:SessionIndex>2ce54b83-67c1-40fd-850d-947b29c721be</saml2p:SessionIndex>
> </saml2p:LogoutRequest>
>
>
> Which is replied with (HTTP 500 code!?):
>
> <samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
>
> xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
> Destination="http://localhost:8081/auth/realms/test/protocol/saml"
> ID="ID_1a5b931f-05b2-4b69-a32b-93cb7631fc98"
> InResponseTo="a370b54ee2i7g6j9275jbg40185b154"
> IssueInstant="2017-09-13T11:22:04.156Z"
> Version="2.0"
> >
> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8081/auth/realms/test</saml:Issuer>
> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
> <dsig:SignedInfo>
> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
> <dsig:Reference URI="#ID_1a5b931f-05b2-4b69-a32b-93cb7631fc98">
> <dsig:Transforms>
> <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </dsig:Transforms>
> <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
> <dsig:DigestValue>HMgEFe5f6mGdIlCwg8BRHif4JW8k7MLs+5V8j9BUwuE=</dsig:DigestValue>
> </dsig:Reference>
> </dsig:SignedInfo>
> <dsig:SignatureValue>...</dsig:SignatureValue>
> <dsig:KeyInfo>
> <dsig:KeyName>Yp3AF_Lz-EdxjwDdCJGk3dmvU9ZsWQE3SfV8pdT9OOQ</dsig:KeyName>
> <dsig:X509Data>
> <dsig:X509Certificate>...</dsig:X509Certificate>
> </dsig:X509Data>
> <dsig:KeyValue>
> <dsig:RSAKeyValue>
> <dsig:Modulus>...</dsig:Modulus>
> <dsig:Exponent>...</dsig:Exponent>
> </dsig:RSAKeyValue>
> </dsig:KeyValue>
> </dsig:KeyInfo>
> </dsig:Signature>
> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp:Status>
> </samlp:LogoutResponse>
>
>
> So the reply states "Success" while at the same time it returns HTTP 500 (Internal Server Error). Is this a known bug? Or am I doing something wrong?
>
> This is the log on the server side:
>
>
> 13:21:19,378 WARN [org.keycloak.protocol.saml.SamlService] (default task-13) Unknown saml response.
> 13:21:19,380 WARN [org.keycloak.events] (default task-13) type=LOGOUT_ERROR, realmId=test, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token
> 13:22:04,205 WARN [org.keycloak.protocol.saml.SamlService] (default task-20) Unknown saml response.
> 13:22:04,206 WARN [org.keycloak.events] (default task-20) type=LOGOUT_ERROR, realmId=test, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token
>
>
> Thanks,
>
> PIeter
>
> www.thehyve.nl
>
>
>
> We empower scientists by building on open source software
>
More information about the keycloak-user
mailing list