[keycloak-dev] NPE while getting token through Direct Access Grant

Kamal Jagadevan j.kamal at ymail.com
Fri Oct 16 11:12:53 EDT 2015 

Marek,  You are right...it was an LDAP issue, after I added(deleting the older one) new profile I no longer see this issue.
Thanks for your inputs.
ThanksKamal

  From: Marek Posolda <mposolda at redhat.com>
 To: stian at redhat.com; Kamal Jagadevan <j.kamal at ymail.com> 
Cc: Keycloak-dev <keycloak-dev at lists.jboss.org> 
 Sent: Friday, October 16, 2015 4:47 AM
 Subject: Re: [keycloak-dev] NPE while getting token through Direct Access Grant
   
 In stacktrace there is:
     
 atorg.keycloak.models.UserFederationManager.deleteInvalidUser(UserFederationManager.java:113)
 atorg.keycloak.models.UserFederationManager.validateAndProxyUser(UserFederationManager.java:135)
 
 which means that your LDAP user is no longer valid - in other words he wasn't found by Keycloak in LDAP. So this looks like LDAP problem rather than issue related to refresh tokens.
 
 Is your user still available in LDAP? If yes, then what are you using for "UUID LDAP attribute" in LDAP federation provider settings page? Does your LDAP users have this attribute available in LDAP? For example if you use "entryUUID" in the admin console configuration, is this attribute really available in LDAP for your LDAP users?
 
 Marek
 
 
 On 16/10/15 10:08, Stian Thorgersen wrote:
  
 Does it work if you disable "Revoke Refresh Token" in token settings? When that is off (default setting) there's no changes to the code. 
 On 15 October 2015 at 21:20, Kamal Jagadevan <j.kamal at ymail.com> wrote:
 
   Hi Guys!! 
  I took latest master to verify the fix that Stian delivered to prevent usage of same refresh token. My test code tries getting the access token + Refresh token through direct access grant but fails due to NullPointer exception. Meanwhile I can continue to debug further, but wanted to share the observation to you guys... Will post further if I get any more details...
  
  Environment details - I have user federation configured to LDAP and tried to login with a user in ldap.
  
  
  Caused by: java.lang.NullPointerException
         atorg.keycloak.models.cache.infinispan.DefaultCacheUserProvider.removeUser(DefaultCacheUserProvider.java:272)
         atorg.keycloak.models.UserFederationManager.deleteInvalidUser(UserFederationManager.java:113)
         atorg.keycloak.models.UserFederationManager.validateAndProxyUser(UserFederationManager.java:135)
         atorg.keycloak.models.UserFederationManager.getUserById(UserFederationManager.java:163)
         atorg.keycloak.models.sessions.infinispan.ClientSessionAdapter.getAuthenticatedUser(ClientSessionAdapter.java:265)
         atorg.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:116)
         atorg.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:724)
         atorg.keycloak.protocol.oidc.endpoints.TokenEndpoint.buildResourceOwnerPasswordCredentialsGrant(TokenEndpoint.java:357)
         atorg.keycloak.protocol.oidc.endpoints.TokenEndpoint.build(TokenEndpoint.java:110)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         atsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
         atsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
         at java.lang.reflect.Method.invoke(Method.java:606)
         atorg.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
         atorg.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
         atorg.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
         atorg.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
         atorg.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
         atorg.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
         atorg.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
         atorg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
  
    
 _______________________________________________
 keycloak-dev mailing list
 keycloak-dev at lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-dev


 
  
  
  
 _______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev 
 
 

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151016/ab6c9ed5/attachment-0001.html

More information about the keycloak-dev mailing list