222twotwotwo opened a new issue, #141: URL: https://github.com/apache/dubbo-go-pixiu-samples/issues/141
<!-- Please use this template while reporting a bug and provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner. Thanks! --> **What happened**: The auth/saml sample uses keycloak:latest in its compose file. Since Keycloak 26+, the SAML client enables "Client signature required" by default. The current Pixiu SAML filter does not implement or expose AuthnRequest signature configuration, so Keycloak rejects the login request with "invalid request". **What you expected to happen**: The SAML login flow should work out of the box with the default docker-compose setup. **How to reproduce it (as minimally and precisely as possible)**: 1. Start the environment using the sample's docker-compose.yml. 2. Access the protected app via Pixiu. 3. Redirect to Keycloak and log in. 4. Keycloak returns "invalid request". **Anything else we need to know?**: This issue is caused by Keycloak version changes. - Keycloak 25 and earlier: Client signature required is OFF by default. - Keycloak 26 and later: Client signature required is ON by default. The Pixiu SAML filter currently lacks support for signed AuthnRequest, causing the integration to break with latest Keycloak images. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
