How to configure SAML SSO

yuvaraj · April 9, 2024, 7:33am

Hi,

When I try to configure keyclock SSO in my application, I have a separate assertion url to validate SAML responses. How do I configure keyclock in my application?

Note that for other Saml services, I’ll send the request in base64 to the query string “SAMLRequest”.

Image: ScreenShot

My Error Log

2024-04-09 11:40:17,067 ERROR [org.jboss.threads.errors] (executor-thread-47) Thread Thread[#144,executor-thread-47,5,main] threw an uncaught exception: java.lang.NullPointerException: Cannot invoke "java.util.concurrent.Executor.execute(java.lang.Runnable)" because the return value of "java.util.function.Supplier.get()" is null
        at org.jboss.resteasy.reactive.server.core.multipart.MultiPartParserDefinition$MultiPartUploadHandler.deleteFiles(MultiPartParserDefinition.java:390)
        at org.jboss.resteasy.reactive.server.core.multipart.MultiPartParserDefinition$MultiPartUploadHandler.close(MultiPartParserDefinition.java:384)
        at org.jboss.resteasy.reactive.server.core.multipart.MultiPartParserDefinition$1.onComplete(MultiPartParserDefinition.java:88)
        at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.onComplete(AbstractResteasyReactiveContext.java:395)
        at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.close(AbstractResteasyReactiveContext.java:117)
        at org.jboss.resteasy.reactive.server.core.ResteasyReactiveRequestContext.close(ResteasyReactiveRequestContext.java:373)
        at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:198)
        at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
        at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
        at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
        at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:1583)

2024-04-09 11:45:38,348 ERROR [org.keycloak.broker.saml.SAMLEndpoint] (executor-thread-49) validation failed: org.keycloak.common.VerificationException: org.keycloak.common.VerificationException: Invalid query param signature
        at org.keycloak.protocol.saml.SamlProtocolUtils.verifyRedirectSignature(SamlProtocolUtils.java:179)
        at org.keycloak.protocol.saml.SamlProtocolUtils.verifyRedirectSignature(SamlProtocolUtils.java:144)
        at org.keycloak.broker.saml.SAMLEndpoint$RedirectBinding.verifySignature(SAMLEndpoint.java:771)
        at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlRequest(SAMLEndpoint.java:309)
        at org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:286)
        at org.keycloak.broker.saml.SAMLEndpoint.redirectBinding(SAMLEndpoint.java:181)
        at org.keycloak.broker.saml.SAMLEndpoint$quarkusrestinvoker$redirectBinding_7c63e823b68932e2f32a8f0be75074a030c2c146.invoke(Unknown Source)
        at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
        at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
        at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
        at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
        at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
        at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
        at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: org.keycloak.common.VerificationException: Invalid query param signature
        at org.keycloak.protocol.saml.SamlProtocolUtils.verifyRedirectSignature(SamlProtocolUtils.java:176)
        ... 16 more

2024-04-09 11:45:38,349 WARN  [org.keycloak.events] (executor-thread-49) type="IDENTITY_PROVIDER_RESPONSE_ERROR", realmId="f63f5c31-8c98-4619-9be1-04373a078d8e", clientId="null", userId="null", ipAddress="127.0.0.1", error="invalid_signature"

Topic		Replies	Views
Setup another Keycloak client as SAML identity provider gives "invalid signature" Securing applications saml	1	3746	November 22, 2022
Invalid Requester with Slack SAML provider Configuring the server authentication , ldap , saml	0	1802	February 21, 2023
SAML Validate Signatures Getting advice saml	3	502	November 20, 2024
Keycloak 18.0.0 as SAML Service Provider - Signature validation failure Securing applications saml	0	454	November 21, 2022
SLO SP-Initiated : error=invalid_signature Getting advice saml	1	6461	April 16, 2020

How to configure SAML SSO

Related topics