Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1430

[GSS] (7.2.2 patch) encrypted saml results in 'The prefix "ds" for element "ds:KeyInfo" is not bound' error

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • Archive - 21'
    • RH-SSO-7.2.2.GA
    • Protocol - SAML
    • None
    • Hide
      Patch Instructions:


      To apply this individual patch, follow the steps outlined in How do I apply individual or cumulative patches in JBoss EAP 6.2 and beyond [1]?

          To rollback this individual patch if installation has unexpected consequences, follow the steps outlined in How do I rollback individual or cumulative patches in JBoss EAP 6.2 and beyond [2]?

              [1] https://access.redhat.com/site/solutions/625683
              [2] https://access.redhat.com/site/solutions/639403
      Show
      Patch Instructions: To apply this individual patch, follow the steps outlined in How do I apply individual or cumulative patches in JBoss EAP 6.2 and beyond [1]?     To rollback this individual patch if installation has unexpected consequences, follow the steps outlined in How do I rollback individual or cumulative patches in JBoss EAP 6.2 and beyond [2]?         [1] https://access.redhat.com/site/solutions/625683         [2] https://access.redhat.com/site/solutions/639403

      Customer is running into an issue using saml based identity brokering when the saml response is encrypted.

      Here is the error:

      2018-05-09 13:59:16,405 ERROR [stderr] (default task-27) [Fatal Error] :1:902: The prefix "ds" for element "ds:KeyInfo" is not bound.
      2018-05-09 13:59:16,406 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-27) Uncaught server error: org.keycloak.broker.provider.IdentityBrokerException: Could not process response from SAML identity provider.

      <samlp:Response xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="https://imaIDP.imadomain.com:8443/auth/realms/master/broker/ImaIDP/endpoint" ID="dcac509c0348" InResponseTo="ID_123456" IssueInstant="2018-05-09T18:59:16Z" Version="2.0">
      <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.host.com/idp/saml20</saml:Issuer>
      <samlp:Status>
      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
      </samlp:Status>
      <saml:EncryptedAssertion>
      <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="uuid46459896-0163-11a4-91df-dcac509c0348" Type="http://www.w3.org/2001/04/xmlenc#Element">
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
      <ds:KeyInfo>
      <EncryptedKey Id="uuid46459897-0163-12b7-a4b4-dcac509c0348">
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
      <ds:KeyInfo>
      <ds:KeyName>cn=ImaKey</ds:KeyName>
      </ds:KeyInfo>

        1. rhsso-1430-3.zip
          2.03 MB

            Unassigned Unassigned
            rhn-support-dehort Derek Horton
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: