Hi,
I’m seeing Keycloak throw a NullPointerException whenever an access token is being
generated for a user with an empty attribute value. Here’s a snippet of the stack trace:
Caused By: java.lang.NullPointerException
at
org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper.convertToType(OIDCAttributeMapperHelper.java:103)
at
org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper.mapAttributeValue(OIDCAttributeMapperHelper.java:77)
at
org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper.mapClaim(OIDCAttributeMapperHelper.java:147)
at
org.keycloak.protocol.oidc.mappers.UserAttributeMapper.setClaim(UserAttributeMapper.java:98)
at
org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformAccessToken(AbstractOIDCProtocolMapper.java:81)
at org.keycloak.protocol.oidc.TokenManager.transformAccessToken(TokenManager.java:520)
at
org.keycloak.protocol.oidc.TokenManager.createClientAccessToken(TokenManager.java:324)
at
org.keycloak.protocol.oidc.TokenManager$AccessTokenResponseBuilder.generateAccessToken(TokenManager.java:674)
Looking at OIDCAttributeMapperHelper.java, this seems to be happening because no null
check is being performed on attributeValue in convertToType. Therefore, I think we would
just need to add a null check at the beginning of convertToType:
if (attributeValue == null) return null;
Would this be a reasonable solution?
Thanks!
- Chris Rains