<html><head></head><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:13px"><div id="yui_3_16_0_1_1445007585557_4216">Marek,</div><div id="yui_3_16_0_1_1445007585557_4217"> You are right...it was an LDAP issue, after I added(deleting the older one) new profile I no longer see this issue.</div><div><br></div><div>Thanks for your inputs.</div><div id="yui_3_16_0_1_1445007585557_4314"><br></div><div id="yui_3_16_0_1_1445007585557_4313">Thanks</div><div id="yui_3_16_0_1_1445007585557_4312">Kamal<br></div><div><br></div><div id="yui_3_16_0_1_1445007585557_4220" style="font-family: times new roman, new york, times, serif; font-size: 13px;"><div id="yui_3_16_0_1_1445007585557_4219" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"><div id="yui_3_16_0_1_1445007585557_4218" dir="ltr"><hr size="1"> <font face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b> Marek Posolda <mposolda@redhat.com><br> <b><span style="font-weight: bold;">To:</span></b> stian@redhat.com; Kamal Jagadevan <j.kamal@ymail.com> <br><b><span style="font-weight: bold;">Cc:</span></b> Keycloak-dev <keycloak-dev@lists.jboss.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Friday, October 16, 2015 4:47 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [keycloak-dev] NPE while getting token through Direct Access Grant<br> </font> </div> <div id="yui_3_16_0_1_1445007585557_4289" class="y_msg_container"><br><div id="yiv2818826482"><div id="yui_3_16_0_1_1445007585557_4316">
<div id="yui_3_16_0_1_1445007585557_4315" class="yiv2818826482moz-cite-prefix">In stacktrace there is:<br clear="none">
<br clear="none">
at
org.keycloak.models.UserFederationManager.deleteInvalidUser(UserFederationManager.java:113)<br clear="none">
at
org.keycloak.models.UserFederationManager.validateAndProxyUser(UserFederationManager.java:135)<br clear="none">
<br clear="none">
which means that your LDAP user is no longer valid - in other
words he wasn't found by Keycloak in LDAP. So this looks like LDAP
problem rather than issue related to refresh tokens.<br clear="none">
<br clear="none">
Is your user still available in LDAP? If yes, then what are you
using for "UUID LDAP attribute" in LDAP federation provider
settings page? Does your LDAP users have this attribute available
in LDAP? For example if you use "entryUUID" in the admin console
configuration, is this attribute really available in LDAP for your
LDAP users?<br clear="none">
<br clear="none">
Marek<br clear="none">
<br clear="none">
<br clear="none">
On 16/10/15 10:08, Stian Thorgersen wrote:<br clear="none">
</div>
<blockquote type="cite">
<div dir="ltr">Does it work if you disable "Revoke Refresh Token"
in token settings? When that is off (default setting) there's no
changes to the code.</div>
<div class="yiv2818826482gmail_extra"><br clear="none">
<div class="yiv2818826482gmail_quote">On 15 October 2015 at 21:20, Kamal
Jagadevan <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:j.kamal@ymail.com" target="_blank" href="mailto:j.kamal@ymail.com">j.kamal@ymail.com</a>></span>
wrote:<br clear="none">
<blockquote class="yiv2818826482gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div>
<div style="color:#000;background-color:#fff;font-family:times new roman, new york, times, serif;font-size:13px;">
<div>Hi Guys!!</div>
<div><br clear="none">
</div>
<div>I took latest master to verify the fix that Stian
delivered to prevent usage of same refresh token.</div>
<div>My test code tries getting the access token +
Refresh token through direct access grant but fails
due to NullPointer exception.</div>
<div>Meanwhile I can continue to debug further, but
wanted to share the observation to you guys... Will
post further if I get any more details...<br clear="none">
</div>
<div><br clear="none">
</div>
<div>Environment details - I have user federation
configured to LDAP and tried to login with a user in
ldap.<br clear="none">
</div>
<div><br clear="none">
</div>
<div><br clear="none">
</div>
<div dir="ltr">Caused by: java.lang.NullPointerException<br clear="none">
at
org.keycloak.models.cache.infinispan.DefaultCacheUserProvider.removeUser(DefaultCacheUserProvider.java:272)<br clear="none">
at
org.keycloak.models.UserFederationManager.deleteInvalidUser(UserFederationManager.java:113)<br clear="none">
at
org.keycloak.models.UserFederationManager.validateAndProxyUser(UserFederationManager.java:135)<br clear="none">
at
org.keycloak.models.UserFederationManager.getUserById(UserFederationManager.java:163)<br clear="none">
at
org.keycloak.models.sessions.infinispan.ClientSessionAdapter.getAuthenticatedUser(ClientSessionAdapter.java:265)<br clear="none">
at
org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:116)<br clear="none">
at
org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:724)<br clear="none">
at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.buildResourceOwnerPasswordCredentialsGrant(TokenEndpoint.java:357)<br clear="none">
at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.build(TokenEndpoint.java:110)<br clear="none">
at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)<br clear="none">
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)<br clear="none">
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)<br clear="none">
at
java.lang.reflect.Method.invoke(Method.java:606)<br clear="none">
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)<br clear="none">
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)<br clear="none">
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)<br clear="none">
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)<br clear="none">
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)<br clear="none">
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)<br clear="none">
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)<br clear="none">
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)<br clear="none">
</div>
<div><br clear="none">
</div>
</div>
</div>
<br clear="none">
_______________________________________________<br clear="none">
keycloak-dev mailing list<br clear="none">
<a rel="nofollow" shape="rect" ymailto="mailto:keycloak-dev@lists.jboss.org" target="_blank" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><div class="qtdSeparateBR"><br><br></div><div class="yiv2818826482yqt7804527066" id="yiv2818826482yqtfd72839"><br clear="none">
</div></blockquote><div class="yiv2818826482yqt7804527066" id="yiv2818826482yqtfd64976">
</div></div><div class="yiv2818826482yqt7804527066" id="yiv2818826482yqtfd36652">
<br clear="none">
</div></div><div class="yiv2818826482yqt7804527066" id="yiv2818826482yqtfd25580">
<br clear="none">
<fieldset class="yiv2818826482mimeAttachmentHeader"></fieldset>
<br clear="none">
<pre>_______________________________________________
keycloak-dev mailing list
<a rel="nofollow" shape="rect" class="yiv2818826482moz-txt-link-abbreviated" ymailto="mailto:keycloak-dev@lists.jboss.org" target="_blank" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a rel="nofollow" shape="rect" class="yiv2818826482moz-txt-link-freetext" target="_blank" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</div></blockquote><div class="yiv2818826482yqt7804527066" id="yiv2818826482yqtfd78672">
<br clear="none">
</div></div></div><br><br></div> </div> </div> </div></body></html>