I'm working on:
https://issues.jboss.org/browse/KEYCLOAK-5350
This can be fixed by having a try/catch block when loading a user
within JpaUserSessionPersisterProvider.loadUserSessions() and skipping
that particular offline token.
My question is, Why are offline tokens "imported" into the user
session cache at boot? Why aren't they just pulled on demand (i.e. a
refresh token request)? Imagine booting keycloak when LDAP is down (as
per the JIRA above). The fix will allow Keycloak to boot, but all
offline tokens originating from this LDAP will no longer work.
Keycloak would need to be restarted after LDAP is back up in order for
any offline tokens to work again.
--
Bill Burke
Red Hat