we're talking npe on KC brokering idp.
To get this working I had to turn ON the the "Backchannel Logout " for the
Idp provider settings.
It does not matter if "Single Logout Service URL" has a value or not it
still works.
I think backchannel stuff kills the browser's sso session.
Does this mean that user is still logged into Idp?
How do we force KC tell Idp to logout when we logout from KC?
The setting on ""Single Logout Service URL" does not trigger that as I was
expecting it should.
But surely this is a bug and KC should not get into NPE if that feature is
OFF - will openup a jira.
thx
Please create JIRA for this issue.
--Hynek
On Wed, Nov 9, 2016 at 5:43 PM, java_os <java(a)neposoft.com> wrote:
> Hi - nullppointer on logout call
> 2.2.1.Final and 2.3.0.Final - Nullpointer when logging out using
> keycloak.js (setup: Ng(keycloak.js) -> Rest. Idp login through KC
> identity
> brokering to saml).
> Below is the stacktrace - how do I logout from the SAML bridge? login
> works.
> ------------read NPE at the bottom ---
> Anyone experienced this? It's happening on logout:
>
> 11:32:55,052 ERROR [io.undertow.request] (default task-9) UT005023:
> Exception handling request to
> /auth/realms/EDITED/protocol/openid-connect/logout:
> org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException:
> java.lang.NullPointerException
> at
> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(
> ExceptionHandler.java:76)
> at
> org.jboss.resteasy.core.ExceptionHandler.handleException(
> ExceptionHandler.java:212)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.writeException(
> SynchronousDispatcher.java:168)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:411)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:202)
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.
> service(ServletContainerDispatcher.java:221)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(
> HttpServletDispatcher.java:56)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(
> HttpServletDispatcher.java:51)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(
> ServletHandler.java:85)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:129)
> at
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(
> KeycloakSessionServletFilter.java:90)
> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(
> FilterHandler.java:84)
> at
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
> handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(
> ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow.security.SecurityContextAssociationHand
> ler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> at
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandl
> er.handleRequest(SSLInformationAssociationHandler.java:131)
> at
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandl
> er.handleRequest(ServletAuthenticationCallHandler.java:57)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> at
> io.undertow.security.handlers.AbstractConfidentialityHandler
> .handleRequest(AbstractConfidentialityHandler.java:46)
> at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstrai
> ntHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at
> io.undertow.security.handlers.AuthenticationMechanismsHandle
> r.handleRequest(AuthenticationMechanismsHandler.java:60)
> at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHand
> ler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(
> NotificationReceiverHandler.java:50)
> at
> io.undertow.security.handlers.AbstractSecurityContextAssocia
> tionHandler.handleRequest(AbstractSecurityContextAssocia
> tionHandler.java:43)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> at
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.
> handleRequest(JACCContextIdHandler.java:61)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(
> ServletInitialHandler.java:284)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(
> ServletInitialHandler.java:263)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$
> 000(ServletInitialHandler.java:81)
> at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(
> ServletInitialHandler.java:174)
> at
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> at
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.RuntimeException: java.lang.NullPointerException
> at
> org.keycloak.broker.saml.SAMLIdentityProvider.
> keycloakInitiatedBrowserLogout(SAMLIdentityProvider.java:180)
> at
> org.keycloak.services.managers.AuthenticationManager.browserLogout(
> AuthenticationManager.java:254)
> at
> org.keycloak.protocol.oidc.endpoints.LogoutEndpoint.
> logout(LogoutEndpoint.java:142)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(
> MethodInjectorImpl.java:139)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
> ResourceMethodInvoker.java:295)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
> ResourceMethodInvoker.java:249)
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
> ResourceLocatorInvoker.java:138)
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
> ResourceLocatorInvoker.java:107)
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
> ResourceLocatorInvoker.java:133)
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
> ResourceLocatorInvoker.java:101)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:395)
> ... 37 more
> Caused by: java.lang.NullPointerException
> at java.net.URI$Parser.parse(URI.java:3042)
> at java.net.URI.<init>(URI.java:588)
> at java.net.URI.create(URI.java:850)
> at
> org.keycloak.saml.SAML2LogoutRequestBuilder.createLogoutRequest(
> SAML2LogoutRequestBuilder.java:89)
> at
> org.keycloak.saml.SAML2LogoutRequestBuilder.buildDocument(
> SAML2LogoutRequestBuilder.java:78)
> at
> org.keycloak.broker.saml.SAMLIdentityProvider.
> keycloakInitiatedBrowserLogout(SAMLIdentityProvider.java:178)
> ... 51 more
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
--Hynek