Hi
Can any one please help how to update IDP certificate in Identity provider SAML configuration.
I configured the “validate signature” and uploaded the “Validating X509 certificates” in SAML IDP configuration.
User get sign in successfully on IDP but when it redirected to keycloak getting below error.
2024-04-04 00:37:41,950 DEBUG [org.keycloak.events.jpa.JpaEventStoreProvider] (Timer-0) Cleared 0 expired events in all realms
2024-04-04 00:37:47,959 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-25) Uncaught server error: java.lang.RuntimeException: org.keycloak.saml.common.exceptions.ProcessingException: PL00102: Processing Exception:
at org.keycloak.broker.saml.SAMLEndpoint$Binding.getIDPKeyLocator(SAMLEndpoint.java:264)
at org.keycloak.broker.saml.SAMLEndpoint$PostBinding.verifySignature(SAMLEndpoint.java:716)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoint.java:648)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:276)
at org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:187)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:380)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:358)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:90)
at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:545)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.keycloak.saml.common.exceptions.ProcessingException: PL00102: Processing Exception:
at org.keycloak.saml.common.DefaultPicketLinkLogger.processingError(DefaultPicketLinkLogger.java:164)
at org.keycloak.saml.processing.core.util.XMLSignatureUtil.getX509CertificateFromKeyInfoString(XMLSignatureUtil.java:592)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.getIDPKeyLocator(SAMLEndpoint.java:258)
... 55 more
Caused by: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Illegal footer: -----BEGINCERTIFICATE-----MIIDpddjCCAo6gAwIBAgIGAYI2kIDzMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC2Rldi0zOTI5NTc4MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMB4XDTIyMDcyNTE4MTIzNloXDTMyMDcyNTE4MTMzNVowgZMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLZGV2LTM5Mjk1NzgxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWtju4TgEfMwYZI2g++Tg/csv+Xkoob+j/daEEheJlObyj2TxNpfrOxQh8ZrkoYndPg1qEnlSEARWMHWrFDSsJsgfaj3mcukVbXHOdiprTS7Hgwh8vFnI5BgnxhXeik2osqZZPWre2MFvxTkbvhH6kE01BBZ/sEhDYJDE8APLH9DelOO9aR+OiClKLf8QfpTw6aXpqx50EHGlbDhvHbdA03yeROQu1UI+93hY3cPLVE+IitQkSK5gi1gbdjzYyviyTttPbR3xmhQheGETZWtNKLraagDTL1vTqPNMHPLOAqst1kudLqugoAYFEaAooWeigRX7YtudpOfL61rRC375XAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAInDFnMsnItqamFAgnOTVkjnXhA99Jqa/2Q2pERHqcX6A3SndiU9BX3dN6tqG5ops6h3QzsHqrmva+mAnvmGX+M4sVMJNG4CmrjPmZgg1vK6Rkem0/f085/BghE9RAe3nzxiuHM4yHspnoY3sArEjAfJJk29aXbMM19kYxzb5JRyn6rPcGDgAPLlyymsiLJsrmCMhpVLUx5Cw/3e9bGpajcsaEb3NQqTKt9CBO2QGcX1W5RkDtX+rSkZtJj5aAsNODAAKeBk/uNR6wTA/ATLq6s+82byhoc5QLlWOa/46z9OGxLuWS0F54SfGxplyfUCIJ//RTtYemjAg3bT1bWDH64=-----ENDCERTIFICATE-----
at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:115)
at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
at org.keycloak.saml.processing.core.util.XMLSignatureUtil.getX509CertificateFromKeyInfoString(XMLSignatureUtil.java:589)
... 56 more
Caused by: java.io.IOException: Illegal footer: -----BEGINCERTIFICATE-----MIIDpjCCAo6gAwIBAgIGAYddI2kIDzMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC2Rldi0zOTI5NTc4MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMB4XDTIyMDcyNTE4MTIzNloXDTMyMDcyNTE4MTMzNVowgZMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLZGV2LTM5Mjk1NzgxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWtju4TgEfMwYZI2g++Tg/csv+Xkoob+j/daEEheJlObyj2TxNpfrOxQh8ZrkoYndPg1qEnlSEARWMHWrFDSsJsgfaj3mcukVbXHOdiprTS7Hgwh8vFnI5BgnxhXeik2osqZZPWre2MFvxTkbvhH6kE01BBZ/sEhDYJDE8APLH9DelOO9aR+OiClKLf8QfpTw6aXpqx50EHGlbDhvHbdA03yeROQu1UI+93hY3cPLVE+IitQkSK5gi1gbdjzYyviyTttPbR3xmhQheGETZWtNKLraagDTL1vTqPNMHPLOAqst1kudLqugoAYFEaAooWeigRX7YtudpOfL61rRC375XAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAInDFnMsnItqamFAgnOTVkjnXhA99Jqa/2Q2pERHqcX6A3SndiU9BX3dN6tqG5ops6h3QzsHqrmva+mAnvmGX+M4sVMJNG4CmrjPmZgg1vK6Rkem0/f085/BghE9RAe3nzxiuHM4yHspnoY3sArEjAfJJk29aXbMM19kYxzb5JRyn6rPcGDgAPLlyymsiLJsrmCMhpVLUx5Cw/3e9bGpajcsaEb3NQqTKt9CBO2QGcX1W5RkDtX+rSkZtJj5aAsNODAAKeBk/uNR6wTA/ATLq6s+82byhoc5QLlWOa/46z9OGxLuWS0F54SfGxplyfUCIJ//RTtYemjAg3bT1bWDH64=-----ENDCERTIFICATE-----
at java.base/sun.security.provider.X509Factory.checkHeaderFooter(X509Factory.java:661)
at java.base/sun.security.provider.X509Factory.readOneBlock(X509Factory.java:643)
at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:99)
... 58 more