[keycloak-user] Unable to process SAML response from Azure AD
Lynxlogic
info at lynxlogic.com
Tue May 15 21:06:07 EDT 2018
I’m trying to setup SAML SSO between Azure AD and Keycloak. On the redirect back after auth, Keycloak is failing to process the response and generates an internal server error:
00:27:04,170 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-5) Uncaught server error: org.keycloak.broker.provider.IdentityBrokerException: Could not process response from SAML identity provider.
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpoint.java:444)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoint.java:479)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:237)
at org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:157)
.
.
.
Caused by: java.lang.NullPointerException
at java.util.regex.Matcher.getTextLength(Matcher.java:1283)
at java.util.regex.Matcher.reset(Matcher.java:309)
at java.util.regex.Matcher.<init>(Matcher.java:229)
at java.util.regex.Pattern.matcher(Pattern.java:1093)
at java.util.regex.Pattern.split(Pattern.java:1206)
at org.keycloak.broker.provider.util.IdentityBrokerState.encoded(IdentityBrokerState.java:41)
at org.keycloak.services.resources.IdentityBrokerService.parseEncodedSessionCode(IdentityBrokerService.java:980)
at org.keycloak.services.resources.IdentityBrokerService.authenticated(IdentityBrokerService.java:490)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpoint.java:440)
... 63 more
I’ve posted the SAML response at https://gist.github.com/dieseldjango/72057b7df68dbe3dc289ec8e3f5826bf <https://gist.github.com/dieseldjango/72057b7df68dbe3dc289ec8e3f5826bf>.
The stack trace indicates it’s failing at IdentityBrokerService.parseEncodedSessionCode(). I’ve tried this with Keycloak 3.2.1 and with 4.0 Beta 2. Can someone point me in the right direction to solve this?
Thanks,
David
More information about the keycloak-user
mailing list