inodb
commented
8 months ago @lamenawuer thanks for reaching out! I don't think cBioPortal works with keycloak v21 yet unfortunately. I filed a separate ticket for enabling v22 support: https://github.com/cBioPortal/cbioportal/issues/10360. Is it possible for you to use an older version of keycloak for now? Thanks!
lamenawuer
Hello ,
I'm migration an old version 4 Keycloak client that connected with cbioportal with saml into a version 21 one and I can't make it work. I'm getting this error stack in the logs:
2023-08-28 09:28:39,135 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-90) Uncaught server error: java.lang.NoClassDefFoundError: Could not initialize class org.jcp.xml.dsig.internal.dom.Policy at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(DOMSignedInfo.java:154) at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:141) at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:193) at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:148) at org.keycloak.saml.processing.core.util.XMLSignatureUtil.validateUsingKeySelector(XMLSignatureUtil.java:493) at org.keycloak.saml.processing.core.util.XMLSignatureUtil.validateSingleNode(XMLSignatureUtil.java:462) at org.keycloak.saml.processing.core.util.XMLSignatureUtil.validate(XMLSignatureUtil.java:443) at org.keycloak.saml.processing.api.saml.v2.sig.SAML2Signature.validate(SAML2Signature.java:175) at org.keycloak.protocol.saml.SamlProtocolUtils.verifyDocumentSignature(SamlProtocolUtils.java:95) at org.keycloak.protocol.saml.SamlProtocolUtils.verifyDocumentSignature(SamlProtocolUtils.java:81) at org.keycloak.protocol.saml.SamlService$PostBindingProtocol.verifySignature(SamlService.java:771) at org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:304) at org.keycloak.protocol.saml.SamlService$BindingProtocol.execute(SamlService.java:702) at org.keycloak.protocol.saml.SamlService.postBinding(SamlService.java:885) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42) at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84) at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71) at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430) at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408) at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:833) Caused by: java.lang.ExceptionInInitializerError: Exception java.lang.SecurityException: Cannot initialize the secure validation policy [in thread "executor-thread-81"] at java.xml.crypto/org.jcp.xml.dsig.internal.dom.Policy.<clinit>(Policy.java:58) ... 60 moreMy v21 keycloak client settings:
My saml settings for cbioportal:
saml.sp.metadata.entityid=cbioportal saml.sp.metadata.wantassertionsigned=true saml.sp.metadata.entitybaseurl=https://<my_address> saml.idp.metadata.location=classpath:/client-tailored-saml-idp-metadata.xml saml.idp.metadata.entityid=<my_keycloak_realm_address> saml.keystore.location=classpath:/samlKeystore.jks saml.keystore.password=**** saml.keystore.private-key.key=secure-key saml.keystore.private-key.password=**** saml.keystore.default-key=secure-key saml.idp.comm.binding.settings=defaultBinding saml.idp.comm.binding.type= saml.idp.metadata.attribute.username=username saml.idp.metadata.attribute.email=email saml.idp.metadata.attribute.role=Role saml.custom.userservice.class=org.cbioportal.security.spring.authentication.keycloak.SAMLUserDetailsServiceImpl saml.logout.local=false saml.logout.url=/Could someone please give me a hand?
Thanks a lot