[keycloak-user] Error extracting SAML assertion

Luis Rodríguez Fernández uo67113 at gmail.com
Mon Feb 25 05:13:50 EST 2019 

Hello Ekemokai,

mmm, at first glance your saml response looks OK to me. Perhaps you could
increase the level of logging in org.keycloak.adapters? Also could you
provided a bit more details of your setup? For me the below one works:

java version "1.8.0_162" --> Java HotSpot(TM) 64-Bit Server VM (build
25.162-b12, mixed mode)
keycloak-saml-tomcat8-adapter-4.8.3.Final
Server version: Apache Tomcat/9.0.5
CentOS Linux release 7.5.1804 (Core)

If you use tomcat as well you can add org.keycloak.adapters.level = FINE

Hope it helps,

Luis











El vie., 22 feb. 2019 a las 22:26, Edmond Kemokai (<ekemokai at gmail.com>)
escribió:

> Hi All,
>
> I am getting below exception when positing a saml response to /saml
> consumer endpoint:
>
>
> org.keycloak.adapters.saml.profile.webbrowsersso.WebBrowserSsoAuthenticationHandler
> - Error extracting SAML assertion: null
>
> A snippet of the response, I have stripped out the signature information:
>
>
> <saml2p:Response xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
> ID="SOLVENT_72186bc0-0724-439c-a4a4-d1768907d1a0"
> InResponseTo="ID_9c0491da-5a6f-465a-8b66-a9b7784e0eef"
> IssueInstant="2019-02-22T17:19:46Z" Version="2.0">
>   <saml2:Issuer>Portal</saml2:Issuer>
>     <saml2p:Status>
>     <saml2p:StatusCode
> Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode>
>   </saml2p:Status>
>   <saml2:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"
> ID="SOLVENT_93f7919c-c92a-45ab-8d79-380e072b235b"
> IssueInstant="2019-02-22T17:19:46Z" Version="2.0">
>     <saml2:Issuer>Portal</saml2:Issuer>
>     <saml2:Subject>
>       <saml2:NameID
> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">ek at gmail.com
> </saml2:NameID>
>       <saml2:SubjectConfirmation
> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
>         <saml2:SubjectConfirmationData
> InResponseTo="ID_9c0491da-5a6f-465a-8b66-a9b7784e0eef"
> NotOnOrAfter="2019-02-22T17:20:46Z"></saml2:SubjectConfirmationData>
>       </saml2:SubjectConfirmation>
>     </saml2:Subject>
>     <saml2:AuthnStatement AuthnInstant="2019-02-22T17:19:46Z">
>       <saml2:AuthnContext>
>
>
> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
>       </saml2:AuthnContext>
>     </saml2:AuthnStatement>
>     <saml2:AttributeStatement>
>       <saml2:Attribute Name="email"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
>         <saml2:AttributeValue xsi:type="xs:string">ek at gmail.com
> </saml2:AttributeValue>
>       </saml2:Attribute>
>       <saml2:Attribute Name="roles"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
>         <saml2:AttributeValue
> xsi:type="xs:string">developer</saml2:AttributeValue>
>         <saml2:AttributeValue
> xsi:type="xs:string">sysadmin</saml2:AttributeValue>
>       </saml2:Attribute>
>     </saml2:AttributeStatement>
>   </saml2:Assertion>
>
> </saml2p:Response>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

More information about the keycloak-user mailing list