-
Bug
-
Resolution: Done
-
Major
-
RH-SSO-7.2.1.GA
Customer is running into an issue using saml based identity brokering when the saml response is encrypted.
Here is the error:
2018-05-09 13:59:16,405 ERROR [stderr] (default task-27) [Fatal Error] :1:902: The prefix "ds" for element "ds:KeyInfo" is not bound.
2018-05-09 13:59:16,406 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-27) Uncaught server error: org.keycloak.broker.provider.IdentityBrokerException: Could not process response from SAML identity provider.
<samlp:Response xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="https://imaIDP.imadomain.com:8443/auth/realms/master/broker/ImaIDP/endpoint" ID="dcac509c0348" InResponseTo="ID_123456" IssueInstant="2018-05-09T18:59:16Z" Version="2.0">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.host.com/idp/saml20</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:EncryptedAssertion>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="uuid46459896-0163-11a4-91df-dcac509c0348" Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo>
<EncryptedKey Id="uuid46459897-0163-12b7-a4b4-dcac509c0348">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo>
<ds:KeyName>cn=ImaKey</ds:KeyName>
</ds:KeyInfo>
- is cloned by
-
-
- Closed
-
- relates to
-
-
- Closed
-