Issue
When using Keycloak as an Identity Provider (IdP) for SAML authentication, you may encounter the following error in Access Server logs:
Found an Attribute element with duplicated Name
This error typically occurs when the SAML response contains multiple attributes with the same name, which can cause issues during the authentication process.
Cause
The error is caused by the presence of multiple SAML attributes with the same name in the response. This can happen when a user is assigned multiple roles or groups, and each role or group is included as a separate attribute in the SAML response.
Solution
To resolve this issue, activate the 'Single Role Attribute' switch in the Keycloak SAML configuration. This setting ensures that all roles are combined into a single attribute, preventing the duplication error.
Steps to Activate 'Single Role Attribute' in Keycloak
- Sign in to Keycloak Admin Console:
- Open your web browser and navigate to the Keycloak Admin Console.
- Enter your admin credentials to sign in.
- Select the realm:
- From the left-hand menu, select the realm where your SAML client is configured.
- Navigate to Clients:
- In the left-hand menu, click Clients.
- Select the client configured for SAML authentication.
- Go to Client Settings:
- Click the Settings tab for the selected client.
- Enable 'Single Role Attribute':
- Scroll down to the SAML Configuration section.
- Find the option labeled Single Role Attribute.
- Toggle the switch to ON to enable this setting.
- Save Changes:
- Scroll to the bottom of the page and click Save to apply the changes.
Verification
After enabling the 'Single Role Attribute' setting, test the SAML authentication process again to ensure the error is resolved. The user should be able to sign in successfully to both the Client Web UI and a VPN sessions.
Conclusion
By activating the 'Single Role Attribute' switch in the Keycloak SAML configuration, you can resolve the "Found an Attribute element with duplicated Name" error. This setting consolidates all roles into a single attribute, preventing duplication and ensuring smooth authentication.
If you continue to experience issues or have further questions, please submit a support request here.
Comments
0 comments
Article is closed for comments.