Parser Exception when configuring Auth0 as IDP

Hi,

I’m trying to setup a Keycloak instance as an identity broker for SSO. I don’t want to keep my own user base but reuse an existing Auth0 instance as SAML IDP.

The configuration seem pretty straight forward but when I return to keycloak from Auth0 with the SAML response I get an error: invalidFederatedIdentityActionMessage

The related log message for this is:

keycloak-0 keycloak 14:45:03,403 ERROR [org.keycloak.saml.common] (default task-21) Error in base64 decoding saml message: ParsingException [location=null]org.keycloak.saml.common.exceptions.ParsingException: PL0065: Parser : Unknown xsi:type=xs:double
keycloak-0 keycloak 14:45:03,404 WARN  [org.keycloak.events] (default task-21) type=IDENTITY_PROVIDER_RESPONSE_ERROR, realmId=vwn, clientId=null, userId=null, ipAddress=172.20.54.57, error=invalid_saml_response, reason=invalid_saml_document

The only attribute that is of type xs:double is the expires_in attribute:

      <saml:Attribute Name="http://schemas.auth0.com/identities/default/expires_in" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
        <saml:AttributeValue xsi:type="xs:double">3599</saml:AttributeValue>
      </saml:Attribute>

This XML looks totally normal to me and I fail to find anything related on the web.
It looks to me as if this is a parser issue and I’m not sure how to get this to work.

I tried the latest version 11 release (image 11.0.3-debian-10-r59 from bitnami) and version 12 (12.0.1 from jfrog). Both show the same issue.

Cheers,
Frank

The solution was to use OIDC with Auth0.