I could delete groups in a newly setup realm, so issue created:
https://issues.jboss.org/browse/KEYCLOAK-5271
On 9 August 2017 at 21:44, Marek Posolda <mposolda(a)redhat.com> wrote:
Could you try if you can delete group in your environment with the
fresh
realm without LDAP? If it doesn't work for you just with LDAP, it's likely
a bug. Feel free to create JIRA with steps to reproduce.
Thanks,
Marek
On 09/08/17 16:04, Tiemen Ruiten wrote:
> Hello,
>
> Does anyone have an idea? Is there any extra info I can provide?
>
> On 4 August 2017 at 17:44, Tiemen Ruiten <t.ruiten(a)rdmedia.com> wrote:
>
> Hello,
>>
>> I'm getting the following error when I attempt to delete a group that has
>> been imported from a FreeIPA LDAP User Federation through a
>> group-ldap-mapper:
>>
>> 2017-08-04 16:46:21,636 ERROR [io.undertow.request] (default task-16)
>> UT005023: Exception handling request to /auth/admin/realms/authentid/
>> groups/e2a3cd4a-c4f4-4b9e-bb51-d9782d40aae0:
>> org.jboss.resteasy.spi.UnhandledException:
>> java.lang.NullPointerException
>> at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(
>> ExceptionHandler.java:76)
>> at org.jboss.resteasy.core.ExceptionHandler.handleException(
>> ExceptionHandler.java:212)
>> at org.jboss.resteasy.core.SynchronousDispatcher.writeException(
>> SynchronousDispatcher.java:168)
>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>> SynchronousDispatcher.java:411)
>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>> SynchronousDispatcher.java:202)
>> at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.
>> service(ServletContainerDispatcher.java:221)
>> at org.jboss.resteasy.plugins.server.servlet.
>> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>> at org.jboss.resteasy.plugins.server.servlet.
>> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>> at io.undertow.servlet.handlers.ServletHandler.handleRequest(
>> ServletHandler.java:85)
>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>> doFilter(FilterHandler.java:129)
>> at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(
>> KeycloakSessionServletFilter.java:90)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilte
>> r.java:60)
>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>> doFilter(FilterHandler.java:131)
>> at io.undertow.servlet.handlers.FilterHandler.handleRequest(
>> FilterHandler.java:84)
>> at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
>> handleRequest(ServletSecurityRoleHandler.java:62)
>> at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(
>> ServletDispatchingHandler.java:36)
>> at org.wildfly.extension.undertow.security.SecurityContextAssoc
>> iationHand
>> ler.handleRequest(SecurityContextAssociationHandler.java:78)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>> PredicateHandler.java:43)
>> at io.undertow.servlet.handlers.security.SSLInformationAssociationHandl
>> er.handleRequest(SSLInformationAssociationHandler.java:131)
>> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandl
>> er.handleRequest(ServletAuthenticationCallHandler.java:57)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>> PredicateHandler.java:43)
>> at io.undertow.security.handlers.AbstractConfidentialityHandler
>> .handleRequest(AbstractConfidentialityHandler.java:46)
>> at io.undertow.servlet.handlers.security.ServletConfidentialityConstrai
>> ntHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>> at io.undertow.security.handlers.AuthenticationMechanismsHandle
>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHand
>> ler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> at io.undertow.security.handlers.NotificationReceiverHandler.
>> handleRequest(NotificationReceiverHandler.java:50)
>> at io.undertow.security.handlers.AbstractSecurityContextAssocia
>> tionHandler.handleRequest(AbstractSecurityContextAssocia
>> tionHandler.java:43)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>> PredicateHandler.java:43)
>> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.
>> handleRequest(JACCContextIdHandler.java:61)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>> PredicateHandler.java:43)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>> PredicateHandler.java:43)
>> at io.undertow.servlet.handlers.ServletInitialHandler.handleFir
>> stRequest(
>> ServletInitialHandler.java:284)
>> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(
>> ServletInitialHandler.java:263)
>> at io.undertow.servlet.handlers.ServletInitialHandler.access$
>> 000(ServletInitialHandler.java:81)
>> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(
>> ServletInitialHandler.java:174)
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> at io.undertow.server.HttpServerExchange$1.run(
>> HttpServerExchange.java:793)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>> ThreadPoolExecutor.java:1149)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>> ThreadPoolExecutor.java:624)
>> at java.lang.Thread.run(Thread.java:748)
>> Caused by: java.lang.NullPointerException
>> at org.keycloak.services.resources.admin.permissions.GroupPermissions.
>> deletePermissions(GroupPermissions.java:188)
>> at org.keycloak.services.resources.admin.permissions.GroupPermissions.
>> setPermissionsEnabled(GroupPermissions.java:167)
>> at org.keycloak.services.resources.admin.permissions.
>> AdminPermissions$1.onEvent(AdminPermissions.java:77)
>> at org.keycloak.services.DefaultKeycloakSessionFactory.publish(
>> DefaultKeycloakSessionFactory.java:68)
>> at org.keycloak.models.jpa.JpaRealmProvider.removeGroup(
>> JpaRealmProvider.java:379)
>> at org.keycloak.models.cache.infinispan.RealmCacheSession.
>> removeGroup(RealmCacheSession.java:926)
>> at org.keycloak.models.cache.infinispan.RealmAdapter.
>> removeGroup(RealmAdapter.java:1242)
>> at org.keycloak.services.resources.admin.GroupResource.
>> deleteGroup(GroupResource.java:118)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(
>> NativeMethodAccessorImpl.java:62)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>> DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>> MethodInjectorImpl.java:139)
>> at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
>> ResourceMethodInvoker.java:295)
>> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>> ResourceMethodInvoker.java:249)
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
>> ResourceLocatorInvoker.java:138)
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>> ResourceLocatorInvoker.java:107)
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
>> ResourceLocatorInvoker.java:133)
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>> ResourceLocatorInvoker.java:107)
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
>> ResourceLocatorInvoker.java:133)
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>> ResourceLocatorInvoker.java:107)
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
>> ResourceLocatorInvoker.java:133)
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>> ResourceLocatorInvoker.java:101)
>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>> SynchronousDispatcher.java:395)
>> ... 37 more
>>
>> In fact, I can not delete any groups anymore. There are two LDAP User
>> Federations setup, one to an Active Directory, one to the aforementioned
>> FreeIPA instance. Both have group mappers setup and some of the group
>> names clash unfortunately, that's why I wanted to delete some groups and
>> redo the import. What can I do?
>>
>> --
>> Tiemen Ruiten
>> Systems Engineer
>> R&D Media
>>
>>
>
>
--
Tiemen Ruiten
Systems Engineer
R&D Media