Hi,
I’m trying to setup a Keycloak instance as an identity broker for SSO. I don’t want to keep my own user base but reuse an existing Auth0 instance as SAML IDP.
The configuration seem pretty straight forward but when I return to keycloak from Auth0 with the SAML response I get an error: invalidFederatedIdentityActionMessage
The related log message for this is:
keycloak-0 keycloak 14:45:03,403 ERROR [org.keycloak.saml.common] (default task-21) Error in base64 decoding saml message: ParsingException [location=null]org.keycloak.saml.common.exceptions.ParsingException: PL0065: Parser : Unknown xsi:type=xs:double
keycloak-0 keycloak 14:45:03,404 WARN [org.keycloak.events] (default task-21) type=IDENTITY_PROVIDER_RESPONSE_ERROR, realmId=vwn, clientId=null, userId=null, ipAddress=172.20.54.57, error=invalid_saml_response, reason=invalid_saml_document
The only attribute that is of type xs:double is the expires_in attribute:
<saml:Attribute Name="http://schemas.auth0.com/identities/default/expires_in" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:double">3599</saml:AttributeValue>
</saml:Attribute>
This XML looks totally normal to me and I fail to find anything related on the web.
It looks to me as if this is a parser issue and I’m not sure how to get this to work.
I tried the latest version 11 release (image 11.0.3-debian-10-r59 from bitnami) and version 12 (12.0.1 from jfrog). Both show the same issue.
Cheers,
Frank