Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Rejected
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Protocol - SAML
    • Labels:
      None
    • Security Sensitive Issue:
      This issue is security relevant
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Hi,
      when we authenticate our users through Netscaler, we check the attribute "member of" in their ldap account.
      So we extract all ldap groups, which the user belongs to.
      The user can be in some ldap groups, which have a special character in its name.
      E.g. OR_SALES_MUSTERMANN&FLORIAN_MSC
      In this case & would be the special character.
      Keycloak parses such a special character in the standard xml syntax, which would be

      in that case. So the group looks like this:
      OR_SALES_MUSTERMANN FLORIAN_MSC
      When we send this SAML response to Keycloak, we receive the following error:

      11:33:40,538 ERROR [stderr] (default task-79) [Fatal Error] :1:7990: The reference to entity "FLORIAN_MSC" must end with the ';' delimiter.
      keycloak prod
      11:33:40,538 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-79) Uncaught server error: org.keycloak.broker.provider.IdentityBrokerException: Could not process response from SAML identity provider.

      So the authentication fails.
      Please help us to solve this error.

        Gliffy Diagrams

          Attachments

          1. screenshot-1.png
            0.7 kB
            Michael Ungern-Sternberg
          2. screenshot-2.png
            0.7 kB
            Michael Ungern-Sternberg

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                michael.ungern-sternberg Michael Ungern-Sternberg
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: