[keycloak-user] Error extracting SAML assertion

Edmond Kemokai ekemokai at gmail.com
Fri Feb 22 12:34:02 EST 2019 

Hi All,

I am getting below exception when positing a saml response to /saml
consumer endpoint:

org.keycloak.adapters.saml.profile.webbrowsersso.WebBrowserSsoAuthenticationHandler
- Error extracting SAML assertion: null

A snippet of the response, I have stripped out the signature information:


<saml2p:Response xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
ID="SOLVENT_72186bc0-0724-439c-a4a4-d1768907d1a0"
InResponseTo="ID_9c0491da-5a6f-465a-8b66-a9b7784e0eef"
IssueInstant="2019-02-22T17:19:46Z" Version="2.0">
  <saml2:Issuer>Portal</saml2:Issuer>
    <saml2p:Status>
    <saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode>
  </saml2p:Status>
  <saml2:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
ID="SOLVENT_93f7919c-c92a-45ab-8d79-380e072b235b"
IssueInstant="2019-02-22T17:19:46Z" Version="2.0">
    <saml2:Issuer>Portal</saml2:Issuer>
    <saml2:Subject>
      <saml2:NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">ek at gmail.com
</saml2:NameID>
      <saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml2:SubjectConfirmationData
InResponseTo="ID_9c0491da-5a6f-465a-8b66-a9b7784e0eef"
NotOnOrAfter="2019-02-22T17:20:46Z"></saml2:SubjectConfirmationData>
      </saml2:SubjectConfirmation>
    </saml2:Subject>
    <saml2:AuthnStatement AuthnInstant="2019-02-22T17:19:46Z">
      <saml2:AuthnContext>

<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
      </saml2:AuthnContext>
    </saml2:AuthnStatement>
    <saml2:AttributeStatement>
      <saml2:Attribute Name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml2:AttributeValue xsi:type="xs:string">ek at gmail.com
</saml2:AttributeValue>
      </saml2:Attribute>
      <saml2:Attribute Name="roles"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml2:AttributeValue
xsi:type="xs:string">developer</saml2:AttributeValue>
        <saml2:AttributeValue
xsi:type="xs:string">sysadmin</saml2:AttributeValue>
      </saml2:Attribute>
    </saml2:AttributeStatement>
  </saml2:Assertion>

</saml2p:Response>

More information about the keycloak-user mailing list