[keycloak-user] Help getting External token to Internal Token Exchange right
Leandro Del Sole
leandrodelsole at gmail.com
Fri Aug 16 16:25:54 EDT 2019
Hello,
Have anyone an idea what to do in this case?
Probably, the next step should be open an issue in Keycloak GitHub ?
Regards,
Leandro Del Sole
Em seg, 12 de ago de 2019 às 20:00, Leandro Del Sole <
leandrodelsole at gmail.com> escreveu:
> Hello,
>
> I've been struggling to get the
> https://www.keycloak.org/docs/latest/securing_apps/index.html#external-token-to-internal-token-exchange
> working.
> First, I tried on version 3.4, the first version to have this feature. In
> my company, we're slowly updating our version of Keycloak, it is a bit old.
>
> After some tries, I changed Keycloak version to 6.0.1 because I think it
> will be easier for me get support from you.
>
> I got same error in both versions. Below is described the scenario in
> 6.0.1:
>
> Well, I want to get an external token, minted by another realm of my own
> keycloak "connect", and exchange it to an internal token, of another realm
> of my keycloak "emm".
>
> To enable this feature and others as test, I included in standalone.conf:
> JAVA_OPTS="$JAVA_OPTS -Dkeycloak.profile.feature.token_exchange=enabled
> -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled
> -Dkeycloak.profile=preview -Dkeycloak.profile.feature.scripts=enabled"
>
> This enabled the Permission tab as expected. However, after opening it,
> when I click in "Permissions Enabled" to change the switch from off to on,
> the message pops up "*Error!* An unexpected server error has occurred"
> This happens in both Permissions tab, in client edit and IDP edit.
>
> In the server log:
>
>> 17:07:48,338 ERROR [org.keycloak.services.error.KeycloakErrorHandler]
>> (default task-5) Uncaught server error: java.lang.NullPointerException
>> at
>> org.keycloak.services.resources.admin.permissions.MgmtPermissions.initializeRealmResourceServer(MgmtPermissions.java:263)
>> at
>> org.keycloak.services.resources.admin.permissions.MgmtPermissions.findOrCreateResourceServer(MgmtPermissions.java:242)
>> at
>> org.keycloak.services.resources.admin.permissions.ClientPermissions.initialize(ClientPermissions.java:95)
>> at
>> org.keycloak.services.resources.admin.permissions.ClientPermissions.setPermissionsEnabled(ClientPermissions.java:198)
>> at
>> org.keycloak.services.resources.admin.ClientResource.setManagementPermissionsEnabled(ClientResource.java:658)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:510)
>
> ....
> it continues, but has no other cause or information on the stack.
>
>
> In version 3.4.2, the stack is:
>
>> 16:43:34,740 ERROR [org.keycloak.services.error.KeycloakErrorHandler]
>> (default task-28) Uncaught server error: java.lang.NullPointerException
>> at
>> org.keycloak.services.resources.admin.permissions.MgmtPermissions.initializeRealmResourceServer(MgmtPermissions.java:262)
>
> ...
>
> I tried to run a curl to make the exchange and the error is the same as
> above.
>
> Additionally, I tried is to make the exchange with a Google IDP as in
> https://www.mathieupassenaud.fr/token-exchange-keycloak/, using the
> Google OAuth Playground. Same error again.
>
> I hope someone can help me or point a resource, like a tutorial that
> covers all steps and they work properly.
>
> Best Regards and thank you in advance,
> Leandro Del Sole
>
>
More information about the keycloak-user
mailing list