multiple ldap servers (failover)
by mj
Hi all,
We've just found keycloak, and are evaluating it. It's looking great so
far! We have two questions.
Question one:
We are running three AD DCs, and would like to configure all three in
keycloak, to get failover & redundancy.
To do this, I have simply configured three comma-seperated DCs in the
ldap URL field. Keycloak accepted this input, but I'm not sure that all
three will be used...
Is the above the way to provide multiple ldap servers to keycloak?
Question two:
How about backing up keycloak? We are running from an extracted tar.gz.
If we keep backups of this keycloak-directory, is that enough? Does
keycloak need to be shutdown at backup time?
Best regards,
MJ
7 years, 5 months
How to set account management as welcome page
by Byte Flinger
It seems one is expected to put in place some sort of welcome page in
keycloak, the one that is under /auth (Which by default has an admin page
link and few others to the keycloak website).
I'd be pretty happy to just setting the account management page as the
default landing welcome page and letting admins go to the admin page
directly if they want to. Is there any way of doing that, making the app
redirect to the account management page if you go to the keycloak app root
address without having a 2 step process where the user first goes to a
welcome page and then clicks a link from there to the account management
page?
7 years, 5 months
Custom UserStorage module issue
by Nikolay Petrovski
Hi,
I have the following problem - trying to create a custom *UserStorageProvider
*over my new installation of *Keycloak 2.4.0.Final.* The Kc instance is
configured to work with MongoDB local storage, and I want to attach another
external user storage.
Everything in my custom module seems to work fine, until it gets to :
...
@Override
public UserModel addUser(final RealmModel realm, String username) {
// Add local storage user
UserModel user = session.userLocalStorage().addUser(realm,
username);
user.setFederationLink(model.getId());
return proxy(realm, user, remoteUser);
}
...
That *proxy *method extends with several UserModelDelegate(s), one of them
is a KeycloakTransaction-driven model delegate, which should does external
storage user creation on commit() action.
Pretty much the same code as the LDAP UserStoreProvider.
The problem comes when I try to register new user and a *commit()* is
called (KeycloakTransaction is closed) only "email" and "custom attribute"
properties are filled (setEmail() and setAttribute() are called) within my
delegated object. The user I am trying to create in my external source has
only "Email" and "Phone (as a custom attribute)" values populated after
registration process.
Any idea if I miss something? Or, any other way I can get the whole
UserModel populated while register new user in Keycloak, so then I can send
it over to my external user storage?
7 years, 5 months
Wildfly adapter: failed to turn code into token: java.net.SocketException
by Jesse Chahal
We very recently started working on moving our web/app servers to AWS ECS
(docker). We have been using docker locally for a very long time without
issues.
During this transition we started seeing intermittent login failures
through the normal confidential browser redirect flow (not using implicit).
It inconsistently fails during the process of turning an authorization code
into a bearer+refresh_token. The exception is always the same as well. I
have done
tcpdumps packet analysis for things such as RST packets but have not seen
anything that would result in this issue. I have confirmed that the adapter
does
have the authorization code (although I don't know how to validate it). I
have confirmed that the the date+times are synchronized in both the auth
server
and the app server (therefore no weird expiration issues).
I have posted a stacktrace from the adapter incase anyone else has seen
this issue before. I'm hoping at the very least that maybe we could add a
retry
mechanism to the adapter if a Connection reset issues occurs if no other
solutions present themselves.
Current network setup:
Keycloak.2.1.0.Final on Centos6 EC2/VM --> AWS ELB load balancer -->
internet -->
↓
<---------------------------------------------------------------------
-----------
↓
AWS NAT Gateway --> AWS ELB load balancer --> Amazon Linux ECS EC2/VM -->
Wildfly10 docker container + keycloak 2.1.0-wildfly-adapter
ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-13) [
] failed to turn code into token: java.net.SocketException: Connection
reset
at java.net.SocketInputStream.read(SocketInputStream.java:209)
[rt.jar:1.8.0_111]
at java.net.SocketInputStream.read(SocketInputStream.java:141)
[rt.jar:1.8.0_111]
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
[jsse.jar:1.8.0_111]
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
[jsse.jar:1.8.0_111]
at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
[jsse.jar:1.8.0_111]
at
sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:930)
[jsse.jar:1.8.0_111]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
[jsse.jar:1.8.0_111]
at
org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:160)
at
org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:84)
at
org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:273)
at
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
at
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
at
org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
at
org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:283)
at
org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:251)
at
org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:223)
at
org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
at
org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
at
org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:685)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:487)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)
at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:327)
at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:273)
at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:130)
at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_111]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]
2016-11-24 22:37:14,255 WARN
[com.indicee.service.authorization.EjbTimerInterceptor] (default task-13)
[ ] UserIdentityServiceImpl:findByEmail took 484 ms
2016-11-24 22:37:14,256 WARN
[com.indicee.service.authorization.EjbTimerInterceptor] (default task-13)
[ ] AccountSrvImpl:isCurrentAccountUnknown took 499 ms
2016-11-24 22:37:14,257 WARN
[com.indicee.service.authorization.EjbTimerInterceptor] (default task-13)
[ ] BrandedVariableLookupSrvImpl:cacheKey took 500 ms
2016-11-24 22:37:14,959 WARN
[com.indicee.service.authorization.EjbTimerInterceptor] (default task-13)
[ ] UserIdentityServiceImpl:findByEmail took 697 ms
2016-11-24 22:37:14,960 WARN
[com.indicee.service.authorization.EjbTimerInterceptor] (default task-13)
[ ] AccountSrvImpl:isCurrentAccountUnknown took 701 ms
2016-11-24 22:37:14,962 WARN
[com.indicee.service.authorization.EjbTimerInterceptor] (default task-13)
[ ] BrandedVariableLookupSrvImpl:getVariables took 703 ms
2016-11-24 22:37:15,095 INFO
[com.indicee.service.servlet.filter.ClientRequestIdFilter] (default
task-14) [ ] Setting clientId [gwt_43cpg2jpm5oklfjkuue204jsmh] for session
[qAYdgQ6PytsZ8kG5ah6mxEdmGeNPQpgT_2ExqU6A] created [1480026525644]
2016-11-24 22:37:15,096 INFO
[com.indicee.service.servlet.filter.ClientRequestIdFilter] (default
task-14) [ ] clientRequestId via atomic integer =
[gwt_43cpg2jpm5oklfjkuue204jsmh_0]
2016-11-24 22:37:15,138 INFO
[com.indicee.service.servlet.filter.ClientRequestIdFilter] (default
task-15) [ ] clientRequestId via atomic integer =
[gwt_43cpg2jpm5oklfjkuue204jsmh_1]
2016-11-24 22:37:15,224 INFO
[com.indicee.service.servlet.filter.ClientRequestIdFilter] (default
task-12) [ ] clientRequestId via atomic integer =
[gwt_43cpg2jpm5oklfjkuue204jsmh_2]
2016-11-24 22:37:15,635 WARN
[com.indicee.service.authorization.EjbTimerInterceptor]
(dInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletIni
tialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialH
andler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletIni
tialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:114
2) [rt.jar:1.8.0_111]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:61
7) [rt.jar:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]
7 years, 5 months
Re: [keycloak-user] Password policy when password is updated using admin API
by Haim Vana
I checked it again and the password policy is enforced :) I accidently set its value to 1 so it didn't do anything (maybe a UI warning should be added).
However when failing on the password reset from the admin API due to the policy I am getting - javax.ws.rs.BadRequestException: HTTP 400 Bad Request, while I was expecting something like - password history exception or something like that.
Any idea how I can notify the user that its password was already used ?
Thanks,
Haim.
From: Haim Vana
Sent: Tuesday, November 29, 2016 5:47 PM
To: keycloak-user(a)lists.jboss.org
Cc: Boaz Hamo <boazh(a)perfectomobile.com>; Moshe Ben-Shoham <mosheb(a)perfectomobile.com>
Subject: Password policy when password is updated using admin API
Hi,
Currently Keycloak is not exposed directly to our customers, hence all user operations are being done in our application background using the admin API.
We noticed that when changing user password from the admin API the password policy is not enforced, for example when setting password history policy.
Can you please advise if is it by design ?
If so do you have any suggestion how to handle the password policy in our case (using the admin API we can't get the user current or previous passwords) ?
Thanks,
Haim.
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
7 years, 5 months
Password policy when password is updated using admin API
by Haim Vana
Hi,
Currently Keycloak is not exposed directly to our customers, hence all user operations are being done in our application background using the admin API.
We noticed that when changing user password from the admin API the password policy is not enforced, for example when setting password history policy.
Can you please advise if is it by design ?
If so do you have any suggestion how to handle the password policy in our case (using the admin API we can't get the user current or previous passwords) ?
Thanks,
Haim.
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
7 years, 5 months
Hardcoded role mappers in user federation provider - roles not applied
by Edgar Vonk - Info.nl
Hi all,
We are struggling with the hardcoded role mapper in Keycloak 2.3.0.Final.
What we have is a User Federation provider that connects to MSAD/LDAP with:
- a hardcoded role mapper that adds role X
- a hardcoded role mapper that adds role Y
- a role mappings mapper that maps all LDAP groups in a certain DN to predefined roles in Keycloak; now the thing is: these LDAP groups map to the very same predefined roles X and Y
My first question: is this setup supposed to work? Do the hardcoded role mappers play nicely with a role mappings mapper when they use the same roles?
What we see is so far kind of unpredictable. Sometimes users end up with role X, sometimes with no role at all, etc.
What I think is happening is:
- the mappers are applied in random order in Keycloak (is this the case?)
- the role mappings mapper may remove roles X and/or Y if they are applied to a hardcoded role mapper if it happens to be applied last?
cheers
Edgar
7 years, 5 months
Expose JGroups ports in Docker keycloak-ha-postgres
by Staffan
Hi,
I've tried in different docker environments (compose, kubernetes,
standalone) to get a HA setup running using https://hub.docker.com/r/
jboss/keycloak-ha-postgres/.
Keycloak nodes start, but are unaware of each other. I fail to reach the
JGroups ports from any other container or host system. That is expected, as
https://keycloak.gitbooks.io/server-installation-and-configuration/conten...
advises you to configure jboss.bind.address.private.
But when I try -Djboss.bind.address.private=0.0.0.0 there's an error during
startup:
MSC000001: Failed to start service jboss.jgroups.channel.ee:
org.jboss.msc.service.StartException in service jboss.jgroups.channel.ee:
java.security.PrivilegedActionException: java.net.BindException: [UDP] /
0.0.0.0 is not a valid address on any local network interface
at org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(
ChannelBuilder.java:80)
Caused by: java.security.PrivilegedActionException: java.net.BindException:
[UDP] /0.0.0.0 is not a valid address on any local network interface
at org.wildfly.security.manager.WildFlySecurityManager.doChecked(
WildFlySecurityManager.java:640)
Caused by: java.net.BindException: [UDP] /0.0.0.0 is not a valid address on
any local network interface
at org.jgroups.util.Util.checkIfValidAddress(Util.java:3522)
... or if I switch to stack="tcp" in the jgroups subsystem:
MSC000001: Failed to start service jboss.jgroups.channel.ee:
org.jboss.msc.service.StartException in service jboss.jgroups.channel.ee:
java.security.PrivilegedActionException: java.net.BindException: [TCP] /
0.0.0.0 is not a valid address on any local network interface
I guess this is a generic Wildfly topic, but I'm curious how the official
Keycloak docker containers are tested. In a docker environment, what can we
bind to other than 0.0.0.0 or 127.0.0.1? Is there a way to allow a
"privileged action"?
regards
Staffan Olsson
7 years, 5 months
NameID formats
by lists
Hi,
I am using simplesamlphp's builtin "test authentication sources"
functionality against my keycloak server.
From what I understand it should be possible to obtain the regular
username as a NameID, if I ask for the format
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
However, simplesaml test auth source keeps telling me:
> NameId G-6445a8a1-c453-295b-3865-81dd5e4820f6
> Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
I am trying to use (mostly) clients that require access to the normal
username, and not some string like above.
- in keycloak client config I have set NameID format to "username".
- in simplesaml I (think I) request
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
So the question: how can I make keycloak return the regular (active
directory) username to a client?
As a workaround I now use "urn:oid:2.5.4.4" for a username, as for most
users this is identical to the username.
MJ
7 years, 5 months
User Federation Mapper :: LDAP :: group-ldap-mapper gives NullPointerException
by Jonas Weber
Hi,
I'm using the current jboss/keycloak-postgres:2.4.0.Final Docker image to spin up a KeyCloak instance (in connection with a dockerized Postgres and an external OpenLDAP). When I use a User Federation provider based on LDAP I can sync users perfectly fine.
But it fails when I try to use a group-ldap-mapper or a role-ldap-mapper with a NullPointerException on sync (<http://pastebin.com/raw/8X3cfh1i>):
13:07:26,114 ERROR [io.undertow.request] (default task-29) UT005023: Exception handling request to /auth/admin/realms/master/user-storage/eff22c64-a503-4f19-a5bc-80950c8f29f5/mappers/e66ce32c-a3e5-4f4c-a629-4ced9ab571dd/sync: org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76) at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212) at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NullPointerException at org.keycloak.services.resources.admin.UserStorageProviderResource.syncMapperData(UserStorageProviderResource.java:147) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395) ... 37 more
Am I doing something wrong? Or is this a bug?
Best regards,
Jonas Weber
7 years, 5 months