Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13713

SAML Client - Server error when assertion contains xs:date AttributeValue

    Details

    • Type: Enhancement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 9.0.2
    • Fix Version/s: 11.0.0
    • Component/s: Protocol - SAML
    • Labels:
      None
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      I am using Keycloak as a client to a remote SAML IdP. The remote IdP returns a valid Assertion containing a handful of Attributes, one of those has type xs:date (see attachment for the complete Assertion):

      <saml:Attribute Name="dateOfBirth">
          <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:date">1972-06-07</saml:AttributeValue>
      </saml:Attribute>
      

      Keycloak returns an error during the processing of this assertion:

      Caused by: java.lang.RuntimeException: PL00084: Writer: Unsupported Attribute Value:org.apache.xerces.jaxp.datatype.XMLGregorianCalendarImpl
      	at org.keycloak.saml.common.DefaultPicketLinkLogger.writerUnsupportedAttributeValueError(DefaultPicketLinkLogger.java:620)
      	at org.keycloak.saml.processing.core.saml.v2.writers.BaseWriter.writeAttributeTypeWithoutRootTag(BaseWriter.java:176)
      	at org.keycloak.saml.processing.core.saml.v2.writers.BaseWriter.write(BaseWriter.java:127)
      	at org.keycloak.saml.processing.core.saml.v2.writers.SAMLAssertionWriter.write(SAMLAssertionWriter.java:188)
      	at org.keycloak.saml.processing.core.saml.v2.writers.SAMLAssertionWriter.write(SAMLAssertionWriter.java:157)
      	at org.keycloak.broker.saml.SAMLDataMarshaller.serialize(SAMLDataMarshaller.java:60)
      	at org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext.serialize(SerializedBrokeredIdentityContext.java:308)
      	at org.keycloak.services.resources.IdentityBrokerService.authenticated(IdentityBrokerService.java:596)
      
      

      If I remove the xs:date attribute the assertion processing completes successfully.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                l.scorcia Luca Leonardo Scorcia
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: