[keycloak-user] Keycloak as SP with ping federate
Chris Stephens
chris.stephens at edlogics.com
Sun Jul 28 12:17:49 EDT 2019
I am having issues integrating keycloak with ping federate. We are using keycloak version 5.0.0. Ping federate is the idp and keycloak is the service provider. Keycloak gives me a generic error "An internal server error has occurred”. When I dive deeper into the logs I see this stack trace.
[0m[31m15:59:02,925 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-341) Uncaught server error: org.keycloak.broker.provider.IdentityBrokerException: Could not process response from SAML identity provider.
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpoint.java:469)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoint.java:504)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:244)
at org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:160)
at sun.reflect.GeneratedMethodAccessor1101.invoke(Unknown Source)
...
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
There is no line number on the above null pointer exception. I only know it is happening in handleLoginResponse.
Here is the formatted xml from the /endpoint response in the browser":
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="J8RPRFTJWzphQNpjsdDMOBAzanc" IssueInstant="2019-07-28T15:47:20.101Z" Destination="https://access-dev.myedlogics.com/auth/realms/intervent/broker/intervent/endpoint">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">localhost:default:entityId</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#J8RPRFTJWzphQNpjsdDMOBAzanc">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>nhnAGsnEubW52HlCQIQ6X9aRQvsiKt2QMxu82hqka3E=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Z2zn8MXkhPk8iw4AXmFV/qK+UbyKQhYT5faq9yyPzF2OCS7joaboMm29/qtZhBHBrFNf0113f3jeAG6mX9RvOYOsoI9k0aLNvH42UDSZw9Iwv8AOIBxa06bqVw7VfJpxwNp4spJgvMRme61OnJd57sqF8V7CNe4X8VMm6L1DDDkvrpL1WieN8OrEjMOm7F3HtlIBTAfy3WvFn2P/Ly3ofSM4CFb9pOgyG0Ypi9KWVaCOQ0qVvaOXu97HpOY4+fp9kg/fMq3UlxJ93WTLiZ8/hXgz9x+Of6DXqY/+XjjRUPdhH2dSXwg7vpXCIc1q5JyG79uNHotLQoDhbO21Osp/QQ==</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="fCWnVphoi6J6jBnD.Ohe_UTtf1D" IssueInstant="2019-07-28T15:47:20.158Z" Version="2.0">
<saml:Issuer>localhost:default:entityId</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">joe</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient="https://access-dev.myedlogics.com/auth/realms/intervent/broker/intervent/endpoint" NotOnOrAfter="2019-07-28T15:52:20.162Z"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2019-07-28T15:42:20.162Z" NotOnOrAfter="2019-07-28T15:52:20.162Z">
<saml:AudienceRestriction>
<saml:Audience>https://access-dev.myedlogics.com/auth/realms/intervent</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement SessionIndex="fCWnVphoi6J6jBnD.Ohe_UTtf1D" AuthnInstant="2019-07-28T15:47:20.136Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">chris.stephens+1 at edlogics.net</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
Does anyone see any obvious mistakes I am making? Is the xml invalid and messing with keycloak?
Thanks,
Chris
More information about the keycloak-user
mailing list