Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-11634

Setup Keycloak as SP and Salesforce as IDP. SAML Request and response are successful, however it's going into an infinite loop for authentication.

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Rejected
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: Protocol - SAML
    • Labels:
      None
    • Security Sensitive Issue:
      This issue is security relevant
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Environment JBoss EAP 7.2.0.Beta (WildFly Core 5.0.5.Final-redhat-00001) with Keycloak 7,0

      I've setup Keycloak as SP and Salesforce as IDP. SAML Request and response are successful, however it's going into an infinite loop for authentication.

      Here are the detailed logs. I see the message repeatedly that Session is expired on some other node - Please help me understand and resolve the issue.

      2019-10-07 02:08:19,063 DEBUG [org.keycloak.adapters.saml.SamlSessionStore] (default task-1) Session p65xTS3xjPTvpROjT0Ad8c0Yfj_TBv2i0u_MrBbL has expired on some other node

      2019-10-07 02:08:07,985 DEBUG [org.keycloak.saml.common] (default task-1) Check addJceProvider method of org.picketlink.identity.federation.core.util.ProvidersUtil for more info.
      2019-10-07 02:08:08,003 WARN [org.keycloak.saml.common] (default task-1) XML External Entity switches are not supported. You may get XML injection vulnerabilities.
      2019-10-07 02:08:08,060 TRACE [org.keycloak.saml.common] (default task-1) Document to be signed=<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://testacn1-dev-ed.my.salesforce.com/idp/endpoint/HttpPost" ForceAuthn="false" ID="ID_cb94ed75-6c79-425b-9b5b-d29a643175cd" IsPassive="false" IssueInstant="2019-10-07T06:08:07.899Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://10.100.90.74:8443/sales-post-sig1/</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest>
      2019-10-07 02:08:08,089 DEBUG [org.apache.xml.security.utils.resolver.ResourceResolver] (default task-1) check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
      2019-10-07 02:08:08,090 DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment] (default task-1) State I can resolve reference: "#ID_cb94ed75-6c79-425b-9b5b-d29a643175cd"
      2019-10-07 02:08:08,090 DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment] (default task-1) Try to catch an Element with ID ID_cb94ed75-6c79-425b-9b5b-d29a643175cd and Element was [samlp:AuthnRequest: null]
      2019-10-07 02:08:08,095 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature"
      2019-10-07 02:08:08,096 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:Transform: null]
      2019-10-07 02:08:08,098 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:Transform, "null")
      2019-10-07 02:08:08,099 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
      2019-10-07 02:08:08,101 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:Transform: null]
      2019-10-07 02:08:08,101 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:Transform, "null")
      2019-10-07 02:08:08,107 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
      2019-10-07 02:08:08,107 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:CanonicalizationMethod: null]
      2019-10-07 02:08:08,108 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:CanonicalizationMethod, "null")
      2019-10-07 02:08:08,164 TRACE [org.keycloak.saml.common] (default task-1) Signed document=<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://testacn1-dev-ed.my.salesforce.com/idp/endpoint/HttpPost" ForceAuthn="false" ID="ID_cb94ed75-6c79-425b-9b5b-d29a643175cd" IsPassive="false" IssueInstant="2019-10-07T06:08:07.899Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://10.100.90.74:8443/sales-post-sig1/</saml:Issuer><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><dsig:Reference URI="#ID_cb94ed75-6c79-425b-9b5b-d29a643175cd"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>O8pVWxiXwHN5OI+yQDizmujceEMCalAo2gVHgd2R0V4=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>e9pEgWJkp5qFg86MOMc34T+/WzxMRk/zkhVNmP2kyhDLvr8LNCDPce58jaxfbKHDKnxwk7zjFheoGXDY7qWoDdjr2GgE3IkqlaiA3BikcRxFQQPV17YuLbM6qqvgnl/nItqGmmGl+a0j2w8PDt2nUvrWYDvSK+4JBQKvL5DqxkSHsq/LpSpNIu/3yHIcvP4OGENJ79uDbotApVKYX75HPTTuOMUK4MlAllE1K1AagAzmAj8ox0OXXj4L4Mda30Wyjn6JMfV8d7zGCcosHViii2cPmGWwn8eRczP2umwRp0zaeg/yZ4KiV/SSl7FhIhRKE8ZPWbiD+oyEemcYBnHjpQ==</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>1lE2bZfJK+3RS8jEjoBU8EJ+0mIdGGubJBrhjUjOJofwu+qmul6EeDv0XMepWhQYKRNv/Aij5ihWkMSAGk680lork0dJ4DL8cqcGgorA8PBD4oxoTd6SHeXCbX+RATn2BbGyAUvdK01dZvvS8i0h28mGeRr6d4kErGr27hdtLfyyh1fHkWEG1j1trWEU2S/ATmOtGJkOxq/tfYP2ebzTw+kWde5COGi1nrMwdpR7LkUwShKpMUrdfshRvXdfh9SWj76Mp0lYCVfks9wiXqlgZW3Q5gJfPiBipthhzL1ZHYIs29vzw3AmBBmBFciTVgcXMAmsUrANgaboywUcCadGNQ==</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest>
      2019-10-07 02:08:18,474 DEBUG [org.keycloak.adapters.saml.SamlAuthenticator] (default task-1) SamlAuthenticator is using handler [org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler@62c6c70b]
      2019-10-07 02:08:18,475 DEBUG [org.keycloak.adapters.saml.SamlSessionStore] (default task-1) Session p65xTS3xjPTvpROjT0Ad8c0Yfj_TBv2i0u_MrBbL has expired on some other node
      2019-10-07 02:08:18,475 DEBUG [org.keycloak.saml.common] (default task-1) org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil issueInstant: 2019-10-07T06:08:18.475Z
      2019-10-07 02:08:18,490 TRACE [org.keycloak.saml.common] (default task-1) Document to be signed=<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://testacn1-dev-ed.my.salesforce.com/idp/endpoint/HttpPost" ForceAuthn="false" ID="ID_0d8c6691-2d51-4bcf-b064-03101277c3bb" IsPassive="false" IssueInstant="2019-10-07T06:08:18.475Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://10.100.90.74:8443/sales-post-sig1/</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest>
      2019-10-07 02:08:18,490 DEBUG [org.apache.xml.security.utils.resolver.ResourceResolver] (default task-1) check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
      2019-10-07 02:08:18,490 DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment] (default task-1) State I can resolve reference: "#ID_0d8c6691-2d51-4bcf-b064-03101277c3bb"
      2019-10-07 02:08:18,491 DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment] (default task-1) Try to catch an Element with ID ID_0d8c6691-2d51-4bcf-b064-03101277c3bb and Element was [samlp:AuthnRequest: null]
      2019-10-07 02:08:18,491 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature"
      2019-10-07 02:08:18,492 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:Transform: null]
      2019-10-07 02:08:18,492 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:Transform, "null")
      2019-10-07 02:08:18,492 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
      2019-10-07 02:08:18,492 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:Transform: null]
      2019-10-07 02:08:18,493 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:Transform, "null")
      2019-10-07 02:08:18,493 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
      2019-10-07 02:08:18,494 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:CanonicalizationMethod: null]
      2019-10-07 02:08:18,494 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:CanonicalizationMethod, "null")
      2019-10-07 02:08:18,505 TRACE [org.keycloak.saml.common] (default task-1) Signed document=<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://testacn1-dev-ed.my.salesforce.com/idp/endpoint/HttpPost" ForceAuthn="false" ID="ID_0d8c6691-2d51-4bcf-b064-03101277c3bb" IsPassive="false" IssueInstant="2019-10-07T06:08:18.475Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://10.100.90.74:8443/sales-post-sig1/</saml:Issuer><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><dsig:Reference URI="#ID_0d8c6691-2d51-4bcf-b064-03101277c3bb"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>ID7FKCxggBVEfIKQqXaVKwYWY7xG4mBbvqozrc7D15o=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>dysyssZSeVrhltUjAlnS7/PMinVrfz2rxEDpPCmhXmBCPRRGeHUhaNk4O0JtRnJpdPQm9ybBUK7xci2WfezjotrcrKrTwTU0YJgwdui7rN0Xx4jg6pfNF3sgdyE0RSSJfFImtKP6lvbMG7sh2SP9Rarf9LGLiBbcWAjDZzF78Sxvobg9vGmrYlBgN0DRHNOjsDUyieAvSXKffEPJl+IIOmFxdvyPl8XM5jrCe3k2U7GDKTA9DdJN+7HV2kUYItvI7SfDKUI8np//xRMBNEONXBgLPSQ3Dzn3Ibo3MFklSwJptUN/btLaRLShFfWarRJHqv4YeZEQB3/GajsYgOfYtQ==</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>1lE2bZfJK+3RS8jEjoBU8EJ+0mIdGGubJBrhjUjOJofwu+qmul6EeDv0XMepWhQYKRNv/Aij5ihWkMSAGk680lork0dJ4DL8cqcGgorA8PBD4oxoTd6SHeXCbX+RATn2BbGyAUvdK01dZvvS8i0h28mGeRr6d4kErGr27hdtLfyyh1fHkWEG1j1trWEU2S/ATmOtGJkOxq/tfYP2ebzTw+kWde5COGi1nrMwdpR7LkUwShKpMUrdfshRvXdfh9SWj76Mp0lYCVfks9wiXqlgZW3Q5gJfPiBipthhzL1ZHYIs29vzw3AmBBmBFciTVgcXMAmsUrANgaboywUcCadGNQ==</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest>
      2019-10-07 02:08:19,062 DEBUG [org.keycloak.adapters.saml.SamlAuthenticator] (default task-1) SamlAuthenticator is using handler [org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler@55b9a3ef]
      2019-10-07 02:08:19,063 DEBUG [org.keycloak.adapters.saml.SamlSessionStore] (default task-1) Session p65xTS3xjPTvpROjT0Ad8c0Yfj_TBv2i0u_MrBbL has expired on some other node

      2019-10-07 02:08:07,985 DEBUG [org.keycloak.saml.common] (default task-1) Check addJceProvider method of org.picketlink.identity.federation.core.util.ProvidersUtil for more info.
      2019-10-07 02:08:08,003 WARN [org.keycloak.saml.common] (default task-1) XML External Entity switches are not supported. You may get XML injection vulnerabilities.
      2019-10-07 02:08:08,060 TRACE [org.keycloak.saml.common] (default task-1) Document to be signed=<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://testacn1-dev-ed.my.salesforce.com/idp/endpoint/HttpPost" ForceAuthn="false" ID="ID_cb94ed75-6c79-425b-9b5b-d29a643175cd" IsPassive="false" IssueInstant="2019-10-07T06:08:07.899Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://10.100.90.74:8443/sales-post-sig1/</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest>
      2019-10-07 02:08:08,089 DEBUG [org.apache.xml.security.utils.resolver.ResourceResolver] (default task-1) check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
      2019-10-07 02:08:08,090 DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment] (default task-1) State I can resolve reference: "#ID_cb94ed75-6c79-425b-9b5b-d29a643175cd"
      2019-10-07 02:08:08,090 DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment] (default task-1) Try to catch an Element with ID ID_cb94ed75-6c79-425b-9b5b-d29a643175cd and Element was [samlp:AuthnRequest: null]
      2019-10-07 02:08:08,095 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature"
      2019-10-07 02:08:08,096 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:Transform: null]
      2019-10-07 02:08:08,098 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:Transform, "null")
      2019-10-07 02:08:08,099 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
      2019-10-07 02:08:08,101 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:Transform: null]
      2019-10-07 02:08:08,101 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:Transform, "null")
      2019-10-07 02:08:08,107 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
      2019-10-07 02:08:08,107 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:CanonicalizationMethod: null]
      2019-10-07 02:08:08,108 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:CanonicalizationMethod, "null")
      2019-10-07 02:08:08,164 TRACE [org.keycloak.saml.common] (default task-1) Signed document=<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://testacn1-dev-ed.my.salesforce.com/idp/endpoint/HttpPost" ForceAuthn="false" ID="ID_cb94ed75-6c79-425b-9b5b-d29a643175cd" IsPassive="false" IssueInstant="2019-10-07T06:08:07.899Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://10.100.90.74:8443/sales-post-sig1/</saml:Issuer><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><dsig:Reference URI="#ID_cb94ed75-6c79-425b-9b5b-d29a643175cd"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>O8pVWxiXwHN5OI+yQDizmujceEMCalAo2gVHgd2R0V4=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>e9pEgWJkp5qFg86MOMc34T+/WzxMRk/zkhVNmP2kyhDLvr8LNCDPce58jaxfbKHDKnxwk7zjFheoGXDY7qWoDdjr2GgE3IkqlaiA3BikcRxFQQPV17YuLbM6qqvgnl/nItqGmmGl+a0j2w8PDt2nUvrWYDvSK+4JBQKvL5DqxkSHsq/LpSpNIu/3yHIcvP4OGENJ79uDbotApVKYX75HPTTuOMUK4MlAllE1K1AagAzmAj8ox0OXXj4L4Mda30Wyjn6JMfV8d7zGCcosHViii2cPmGWwn8eRczP2umwRp0zaeg/yZ4KiV/SSl7FhIhRKE8ZPWbiD+oyEemcYBnHjpQ==</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>1lE2bZfJK+3RS8jEjoBU8EJ+0mIdGGubJBrhjUjOJofwu+qmul6EeDv0XMepWhQYKRNv/Aij5ihWkMSAGk680lork0dJ4DL8cqcGgorA8PBD4oxoTd6SHeXCbX+RATn2BbGyAUvdK01dZvvS8i0h28mGeRr6d4kErGr27hdtLfyyh1fHkWEG1j1trWEU2S/ATmOtGJkOxq/tfYP2ebzTw+kWde5COGi1nrMwdpR7LkUwShKpMUrdfshRvXdfh9SWj76Mp0lYCVfks9wiXqlgZW3Q5gJfPiBipthhzL1ZHYIs29vzw3AmBBmBFciTVgcXMAmsUrANgaboywUcCadGNQ==</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest>
      2019-10-07 02:08:18,474 DEBUG [org.keycloak.adapters.saml.SamlAuthenticator] (default task-1) SamlAuthenticator is using handler [org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler@62c6c70b]
      2019-10-07 02:08:18,475 DEBUG [org.keycloak.adapters.saml.SamlSessionStore] (default task-1) Session p65xTS3xjPTvpROjT0Ad8c0Yfj_TBv2i0u_MrBbL has expired on some other node
      2019-10-07 02:08:18,475 DEBUG [org.keycloak.saml.common] (default task-1) org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil issueInstant: 2019-10-07T06:08:18.475Z
      2019-10-07 02:08:18,490 TRACE [org.keycloak.saml.common] (default task-1) Document to be signed=<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://testacn1-dev-ed.my.salesforce.com/idp/endpoint/HttpPost" ForceAuthn="false" ID="ID_0d8c6691-2d51-4bcf-b064-03101277c3bb" IsPassive="false" IssueInstant="2019-10-07T06:08:18.475Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://10.100.90.74:8443/sales-post-sig1/</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest>
      2019-10-07 02:08:18,490 DEBUG [org.apache.xml.security.utils.resolver.ResourceResolver] (default task-1) check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
      2019-10-07 02:08:18,490 DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment] (default task-1) State I can resolve reference: "#ID_0d8c6691-2d51-4bcf-b064-03101277c3bb"
      2019-10-07 02:08:18,491 DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment] (default task-1) Try to catch an Element with ID ID_0d8c6691-2d51-4bcf-b064-03101277c3bb and Element was [samlp:AuthnRequest: null]
      2019-10-07 02:08:18,491 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature"
      2019-10-07 02:08:18,492 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:Transform: null]
      2019-10-07 02:08:18,492 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:Transform, "null")
      2019-10-07 02:08:18,492 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
      2019-10-07 02:08:18,492 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:Transform: null]
      2019-10-07 02:08:18,493 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:Transform, "null")
      2019-10-07 02:08:18,493 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
      2019-10-07 02:08:18,494 DEBUG [org.apache.xml.security.transforms.Transform] (default task-1) The NodeList is [dsig:CanonicalizationMethod: null]
      2019-10-07 02:08:18,494 DEBUG [org.apache.xml.security.utils.ElementProxy] (default task-1) setElement(dsig:CanonicalizationMethod, "null")
      2019-10-07 02:08:18,505 TRACE [org.keycloak.saml.common] (default task-1) Signed document=<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://testacn1-dev-ed.my.salesforce.com/idp/endpoint/HttpPost" ForceAuthn="false" ID="ID_0d8c6691-2d51-4bcf-b064-03101277c3bb" IsPassive="false" IssueInstant="2019-10-07T06:08:18.475Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://10.100.90.74:8443/sales-post-sig1/</saml:Issuer><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><dsig:Reference URI="#ID_0d8c6691-2d51-4bcf-b064-03101277c3bb"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>ID7FKCxggBVEfIKQqXaVKwYWY7xG4mBbvqozrc7D15o=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>dysyssZSeVrhltUjAlnS7/PMinVrfz2rxEDpPCmhXmBCPRRGeHUhaNk4O0JtRnJpdPQm9ybBUK7xci2WfezjotrcrKrTwTU0YJgwdui7rN0Xx4jg6pfNF3sgdyE0RSSJfFImtKP6lvbMG7sh2SP9Rarf9LGLiBbcWAjDZzF78Sxvobg9vGmrYlBgN0DRHNOjsDUyieAvSXKffEPJl+IIOmFxdvyPl8XM5jrCe3k2U7GDKTA9DdJN+7HV2kUYItvI7SfDKUI8np//xRMBNEONXBgLPSQ3Dzn3Ibo3MFklSwJptUN/btLaRLShFfWarRJHqv4YeZEQB3/GajsYgOfYtQ==</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>1lE2bZfJK+3RS8jEjoBU8EJ+0mIdGGubJBrhjUjOJofwu+qmul6EeDv0XMepWhQYKRNv/Aij5ihWkMSAGk680lork0dJ4DL8cqcGgorA8PBD4oxoTd6SHeXCbX+RATn2BbGyAUvdK01dZvvS8i0h28mGeRr6d4kErGr27hdtLfyyh1fHkWEG1j1trWEU2S/ATmOtGJkOxq/tfYP2ebzTw+kWde5COGi1nrMwdpR7LkUwShKpMUrdfshRvXdfh9SWj76Mp0lYCVfks9wiXqlgZW3Q5gJfPiBipthhzL1ZHYIs29vzw3AmBBmBFciTVgcXMAmsUrANgaboywUcCadGNQ==</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest>
      2019-10-07 02:08:19,062 DEBUG [org.keycloak.adapters.saml.SamlAuthenticator] (default task-1) SamlAuthenticator is using handler [org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler@55b9a3ef]
      2019-10-07 02:08:19,063 DEBUG [org.keycloak.adapters.saml.SamlSessionStore] (default task-1) Session p65xTS3xjPTvpROjT0Ad8c0Yfj_TBv2i0u_MrBbL has expired on some other node

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                sridevimadabhushi Sridevi Madabhushi
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: