As a newcomer to the IT industry, I'm attempting to send a SAML request to my Identity Provider (Keycloak) using the following approach. However, I'm encountering an "InvalidRequest" error upon redirecting to the authorization endpoint URL, which I've set as "http://localhost:8080/realms/realmsname/protocol/saml".
String samlRequest = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<samlp:AuthnRequest
xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" "
+ "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" "
+ "ID=\""+ Instant.now().toEpochMilli() + "\" "
+ "Version=\"2.0\" "
+"IssueInstant=\"" + Instant.now() + "\" "
+ "ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" "
+ "AssertionConsumerServiceURL=\"http:localhost:8001/saml/login\">"
+ "<saml:Issuer>http://localhost:8080/realms/<></saml:Issuer>"
+ "<samlp:NameIDPolicy Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\" AllowCreate=\"true\"/>"
+ "</samlp:AuthnRequest>";
// Encode SAML request into Base64 (no need for compression)
String base64Encoded = Base64.toBase64String(samlRequest.getBytes());
URL url = new URL(deploymentUtil.getIdpAuthorizationEndpoint());
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("GET");
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
// Redirect user to the Keycloak authorization endpoint
String redirectUrl = url+ "?SAMLRequest=" + base64Encoded;
resp.sendRedirect(redirectUrl);
please if anyone knows about it then please help me.
I have tried with this and try to validate against some online tools to validate the saml Request and I get the error as Invalid SAML AuthN Request. Not match the saml-schema-protocol-2.0.xsd
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="1712556379904" Version="2.0" IssueInstant="2024-04-08T06:06:19.904Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://localhost:8005/sso/restapp/saml/login"><saml:Issuer>"http://localhost:8080/realms/<realmsName>" </saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
After Performing more Validation using Online Now at Online tools I get THE SAML AUTHN REQUEST IS VALID. But still, I am facing invalid Request at keycloak.
<?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_882154b2ee4fa83b774e16a149713064" Version="2.0" IssueInstant="2024-04-09T11:48:28.540Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://localhost:8001/rbac/login/cas"><saml:Issuer>http://localhost:8080/realms/OBSuiteRealm</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true"/><samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact"><saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext></samlp:AuthnRequest>
And Redirect Url is something in this way
http://127.0.0.1:8080/realms/releamname/protocol/saml?SAMLRequest=nVNNb+MgFPw............
My Identity Provider excepting the HTTP-Redirect Binding and I am trying to send the SamlAuthn Request using HTTP-Post Binding.
When you are using HTTP-Redirect Binding then you have to send saml Request which has been compressed and (Deflate+Base64+UrlEncoder using UTF-8)
ClientId should match with Service Provider EntityId