[keycloak-user] SAML not be able to proceed SP assertion
Olivier Rivat
orivat at janua.fr
Tue May 28 14:01:11 EDT 2019
Hi,
I am using Keycloak 6.0.1 and trying to connect to an external IDP using
SAML V2.
The steup has been working laster year with leycloak 3.4.3
I am able to authenticate against the IDP, and I can see teh SAM packet
returned using teh SAML tracer.
I haven't seen any dispcrency.
But on keycloak, I obtain the message
We're sorry,
Login timeout
with the following trace
19:52:23,399 INFO [org.keycloak.saml.validators.ConditionsValidator]
(default task-3) Assertion id18815101930494101523411623 is not addressed
to this SP.
19:52:23,399 ERROR [org.keycloak.broker.saml.SAMLEndpoint] (default
task-3) Assertion expired.
19:52:23,400 WARN [org.keycloak.events] (default task-3)
type=IDENTITY_PROVIDER_RESPONSE_ERROR, realmId=demo, clientId=null,
userId=null, ipAddress=127.0.0.1, error=invalid_saml_response
I've just visited the code of ConditionsValidator.java, where the
warning is issued, but cannot figure out what could be wrong.
Any idea of waht could be causing such an issue ?
Regards,
Olivier Rivat
--
<http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/images/LogoSignature.gif>
<http://www.janua.fr/images/6g_top.gif>
Olivier Rivat
CTO
orivat at janua.fr <mailto:dchikhaoui at janua.fr>
Gsm: +33(0)682 801 609
Tél: +33(0)489 829 238
Fax: +33(0)955 260 370
http://www.janua.fr <http://www.janua.fr/>
<http://www.janua.fr/images/6g_top.gif>
More information about the keycloak-user
mailing list