Currently we have a custom IDP to which keycloak connects. In the SAML assertion the custom IDP doesnt send “InResponseTo” tag. Integration between Keycloak and the custom IDP was working on old version of Keycloak 1.12. However, we are trying to upgrade to version 2.22 and now while trying to authenticate, I am getting following error.
{“message”:"2024-07-25 03:21:26,662 ERROR [org.keycloak.broker.saml.SAMLEndpoint] (executor-thread-907) Response Validation Error: InResponseTo attribute was expected but not present in received response",“metadata”:{“container_name”:“iam”,“namespace”:“telstra”,“pod_name”:“access-mgmt-0”},“service_id”:“access-mgmt”,“severity”:“error”,“timestamp”:“2024-07-25T03:21:26.663+00:00”,“version”:“1.2.0”}
{“message”:“2024-07-25 03:21:26,664 WARN [org.keycloak.events] (executor-thread-907) type=IDENTITY_PROVIDER_RESPONSE_ERROR, realmId=ee9eb0a2-ee82-4f7a-873d-30915e0c5367, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_saml_response, authSessionParentId=8f3302ff-9fef-4af3-9b12-3e39b84fd7ee, authSessionTabId=8gRXaPCN6ks”,“metadata”:{“container_name”:“iam”,“namespace”:“telstra”,“pod_name”:“access-mgmt-0”},“service_id”:“access-mgmt”,“severity”:“warning”,“timestamp”:“2024-07-25T03:21:26.664+00:00”,“version”:“1.2.0”}
I am looking for options on how I can disable the validation of the InResponseTo attribute in Keycloak. I am using docker image based keycloak with postgres backend.
Appreciate your help on this.