RH-SSO SAML adapter expects a Subject with the NameID field provided

Solution Verified - Updated -

Issue

  • SAML adapter throws NPE when receiving the SAML response with no NameID in the Subject.
  • The SAML adapter is throwing the following exception:

    ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /webapp-template/saml: java.lang.NullPointerException
            at org.keycloak.adapters.saml.profile.AbstractSamlAuthenticationHandler.handleLoginResponse(AbstractSamlAuthenticationHandler.java:410)
            at org.keycloak.adapters.saml.profile.AbstractSamlAuthenticationHandler.handleSamlResponse(AbstractSamlAuthenticationHandler.java:219)
            at org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint.handle(SamlEndpoint.java:44)
            at org.keycloak.adapters.saml.SamlAuthenticator.authenticate(SamlAuthenticator.java:48)
            at org.keycloak.adapters.saml.undertow.AbstractSamlAuthMech.authenticate(AbstractSamlAuthMech.java:115)
            at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:244)
            ...
    

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In