Hello Everyone,
Please be gentle. I am a complete noob to Keycloak.
I am trying to configure Keycloak SAML to send a User Principal of either the user name, email, id, etc. etc. to IBM’s TRIRIGA application through WebSphere Network Deployment 9.0.0.11. I am able to authenticate to Keycloak and being redirected to the TRIRIGA application but I do not see any user information through the User Principal variables. I receive this error message from the WebSphere server.
12/19/19 11:33:46:585 PST] 000000d9 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /home/jogee/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/ffdc/server1_88875f97_19.12.19_11.33.46.5813821301036171484864.txt com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation 519
[12/19/19 11:33:46:585 PST] 000000d9 WebAuthentica E SECJ0126E: Trust Association failed during validation. The exception is com.ibm.websphere.security.WebTrustAssociationFailedException: com.ibm.wsspi.wssecurity.core.SoapSecurityException
at com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor.createTAIErrorResult(ACSTrustAssociationInterceptor.java:784)
at com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor.invokeTAIbeforeSSO(ACSTrustAssociationInterceptor.java:623)
at com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor.negotiateValidateandEstablishTrust(ACSTrustAssociationInterceptor.java:397)
at com.ibm.ws.security.web.TAIWrapper.negotiateAndValidateEstablishedTrust(TAIWrapper.java:103)
…
Caused by: com.ibm.websphere.security.WebTrustAssociationFailedException: com.ibm.wsspi.wssecurity.core.SoapSecurityException
at com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor.createTAIErrorResult(ACSTrustAssociationInterceptor.java:775)
… 34 more
. Make sure that the setup is correct and that the user credentials are valid.
I do see the attributes being passed in within the logs.
SAML XML snippet.
<saml:AttributeValue xmlns:xs="" xmlns:xsi="" xsi:type=“xs:string”>Jose</saml:AttributeValue></saml:Attribute>
<saml:Attribute FriendlyName=“username” Name=“username” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:uri”><saml:AttributeValue xmlns:xs="" xmlns:xsi="" xsi:type=“xs:string”>system</saml:AttributeValue></saml:Attribute>
<saml:Attribute Name=“uid” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:uri”><saml:AttributeValue xmlns:xs="" xmlns:xsi="" xsi:type=“xs:string”>system</saml:AttributeValue>
</saml:Attribute>
Any suggestions? Any extra logs to view?
Thanks!
Jose