[keycloak-user] SAML Logout fails with: "Invalid query param signature"
Luis Rodríguez Fernández
uo67113 at gmail.com
Mon Sep 3 12:38:56 EDT 2018
Hello there,
Using keycloak-saml-tomcat8-adapter-dist-4.2.1.Final, I always get
"org.keycloak.common.VerificationException: Invalid query param signature"
when the IdP sends the LogoutResponse.
I've compared the implementation of
AbstractSamlAuthenticationHandler.verifyRedirectBindingSignature [1] with a
custom one that I developed myself and the only differences are:
- The way on how the parameters are decoded. Me I use java.util.Base64
while keycloak use its own (org.keycloak.saml.common.util.Base64)
I am using the REDIRECT for the SingleLogoutService.responseBinding
Any thoughts on this?
Thanks in advance,
Luis
[1]
https://github.com/keycloak/keycloak/blob/79774d2f0730593d504072aaabb1b87d77e3968c/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/AbstractSamlAuthenticationHandler.java#L602
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
More information about the keycloak-user
mailing list