This looks like bad LDAP mapping for username and UUID. Which LDAP are
you using btv?
Marek
On 09/03/17 16:03, Celso Agra wrote:
Hi,
I solved this error, just removing the MSAD account controls, but now
I'm getting a new error, when I finished my registration:
here is the log:
2017-03-09 11:58:00,375 ERROR [io.undertow.request] (default
task-1) UT005023: Exception handling request to
/auth/realms/myrealm/login-actions/required-action:
org.jboss.resteasy.spi.UnhandledException:
java.lang.NullPointerException
at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
at
org.keycloak.events.EventBuilder.user(EventBuilder.java:103)
at
org.keycloak.services.resources.LoginActionsService.initEvent(LoginActionsService.java:815)
at
org.keycloak.services.resources.LoginActionsService.access$500(LoginActionsService.java:88)
at
org.keycloak.services.resources.LoginActionsService$Checks.verifyRequiredAction(LoginActionsService.java:297)
at
org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:853)
at
org.keycloak.services.resources.LoginActionsService.requiredActionGET(LoginActionsService.java:846)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
... 37 more
2017-03-09 9:47 GMT-03:00 Celso Agra <celso.agra(a)gmail.com
<mailto:celso.agra@gmail.com>>:
Got it!
But I haven't seen the pwdLastSet here in my LDAP`mappers. I'm
using the "Edit Mode" as WRITABLE, but I'm not setting this attribute.
Here is my attributes:
cn
MSAD account controls
cpf
creation date
email
first name
last name
modify date
phpgwAccountStatus
username
Thanks!!
Best Regards,
Celso Agra
2017-03-09 5:46 GMT-03:00 Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>>:
Hi,
The error may indicate that you configured "pwdLastSet"
attribute mapper in Keycloak to write into the LDAP, but it
looks that writing this attribute is unsupported. Maybe switch
this mapper to read-only will help?
Marek
On 08/03/17 15:29, Celso Agra wrote:
Hi all,
I'm trying to configure KC with LDAP, but some errors are
occurring.
First, I configured my LDAP to write in the LDAP server,
but for some
reasons I got this error when I try to register an user:
2017-03-08 11:05:28,862 WARN [org.keycloak.services]
(default task-6)
KC-SERVICES0013: Failed authentication:
org.keycloak.models.ModelException:
Could not modify attribute for DN
[uid=11111111111,dc=zz,dc=dd,dc=aa]
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
modifyAttributes(LDAPOperationManager.java:410)
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
modifyAttributes(LDAPOperationManager.java:104)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPIdentityStore.update(LDAPIdentityStore.java:105)
at org.keycloak.federation.ldap.mappers.msad.
MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
MSADUserAccountControlMapper.java:235)
at org.keycloak.federation.ldap.mappers.msad.
MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
MSADUserAccountControlMapper.java:220)
at
org.keycloak.models.utils.UserModelDelegate.addRequiredAction(
UserModelDelegate.java:112)
at org.keycloak.authentication.fo
<
http://org.keycloak.authentication.fo>rms.RegistrationPassword.
success(RegistrationPassword.java:101)
at org.keycloak.authentication.Fo
<
http://org.keycloak.authentication.Fo>rmAuthenticationFlow.processAction(
FormAuthenticationFlow.java:234)
at org.keycloak.authentication.De
<
http://org.keycloak.authentication.De>faultAuthenticationFlow.
processAction(DefaultAuthenticationFlow.java:76)
at org.keycloak.authentication.Au
<
http://org.keycloak.authentication.Au>thenticationProcessor.
authenticationAction(AuthenticationProcessor.java:759)
at
org.keycloak.services.resources.LoginActionsService.processFlow(
LoginActionsService.java:356)
at
org.keycloak.services.resources.LoginActionsService.
processRegistration(LoginActionsService.java:477)
at
org.keycloak.services.resources.LoginActionsService.
processRegister(LoginActionsService.java:535)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
MethodInjectorImpl.java:139)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceLocatorInvoker.
invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:395)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.
ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(
ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.
doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(
ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(
FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.
handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.
SecurityContextAssociationHandler.handleRequest(
SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.Pr
<
http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.
SSLInformationAssociationHandler.handleRequest(
SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.
ServletAuthenticationCallHandler.handleRequest(
ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.Pr
<
http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler
.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.
ServletConfidentialityConstraintHandler.handleRequest(
ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandle
r.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.
CachedAuthenticatedSessionHandler.handleRequest(
CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.
handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssocia
tionHandler.handleRequest(AbstractSecurityContextAssocia
tionHandler.java:43)
at io.undertow.server.handlers.Pr
<
http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.
JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.Pr
<
http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.server.handlers.Pr
<
http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.
handleFirstRequest(ServletInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.
dispatchRequest(ServletInitialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$
000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.
handleRequest(ServletInitialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.
java:202)
at io.undertow.server.HttpServerExchange$1.run(
HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by:
javax.naming.directory.InvalidAttributeIdentifierException:
[LDAP: error code 17 - pwdLastSet: attribute type
undefined]; remaining
name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
at
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at
com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(
ComponentDirContext.java:277)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
modifyAttributes(PartialCompositeDirContext.java:192)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
modifyAttributes(PartialCompositeDirContext.java:181)
at
javax.naming.directory.InitialDirContext.modifyAttributes(
InitialDirContext.java:167)
at
javax.naming.directory.InitialDirContext.modifyAttributes(
InitialDirContext.java:167)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPOperationManager.execute(LDAPOperationManager.java:535)
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
modifyAttributes(LDAPOperationManager.java:402)
... 59 more
2017-03-08 11:05:28,865 WARN [org.keycloak.events]
(default task-6)
type=LOGIN_ERROR, realmId=myrealm,
clientId=teste-portal, userId=null,
ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
auth_method=openid-connect, auth_type=code,
redirect_uri=http://127.0.0.1:
8080/teste-portal/
and then, I got this result in my ldap:
dn: uid=11111111111,dc=zz,dc=dd,dc=aa
givenName:: IA==
uid: 11111111111
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: phpgwAccount
objectClass: shadowAccount
sn:: IA==
cn:: IA==
structuralObjectClass: inetOrgPerson
entryUUID: 07f0e7caxxxxxxxxxxx
creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
createTimestamp: 20170308140529Z
entryCSN: 20170308140529.527857Z#000000#000#000000
modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
modifyTimestamp: 20170308140529Z
So, I wrote the uid as 11111111111, but I didn't set the
sn, cn and
givenName as 'IA=='. It looks like some problem occurs in
my configuration.
please, need help!!
Best Regards,
--
---
*Celso Agra*
--
---
*Celso Agra*