[keycloak-user] Testing SAML Identity Brokering
Craig Setera
craig at baseventure.com
Thu Oct 11 16:36:11 EDT 2018
I'm attempting to set up a test of identity brokering all within a single
Keycloak server. I have two realms set up. The "saml-demo" realm is set
up with a SAML client. I've exported the SAML definition from that client
and imported it into the Identity Brokering for the second realm.
Unfortunately, I can't seem to get to the login page of the "saml-demo"
when navigating from the second realm. When I click on the identity broker
realm link, I'm seeing the following in the logs:
keycloak_1 | Caused by: java.security.SignatureException: Signature length
not correct: got 256 but was expecting 128
keycloak_1 | at
sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189)
keycloak_1 | at
java.security.Signature$Delegate.engineVerify(Signature.java:1222)
keycloak_1 | at java.security.Signature.verify(Signature.java:655)
keycloak_1 | at
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod.verify(DOMSignatureMethod.java:236)
I've turned up logging for all of the Keycloak SAML functionality as well
as for java.security. However, I'm struggling to figure out where the
mismatch is located in the configuration and not quite sure where to even
look.
Can anyone offer suggestions on how to go about setting this up or
troubleshooting what I'm doing?
Thanks,
Craig
=================================
*Craig Setera*
*Chief Technology Officer*
More information about the keycloak-user
mailing list