Re: [keycloak-user] NullPointerException with empty attribute

Hi, I’m seeing Keycloak throw a NullPointerException whenever an access token is being generated for a user with an empty attribute value. Here’s a snippet of the stack trace: Caused By: java.lang.NullPointerException at org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper.convertToType(OIDCAttributeMapperHelper.java:103) at org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper.mapAttributeValue(OIDCAttributeMapperHelper.java:77) at org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper.mapClaim(OIDCAttributeMapperHelper.java:147) at org.keycloak.protocol.oidc.mappers.UserAttributeMapper.setClaim(UserAttributeMapper.java:98) at org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformAccessToken(AbstractOIDCProtocolMapper.java:81) at org.keycloak.protocol.oidc.TokenManager.transformAccessToken(TokenManager.java:520) at org.keycloak.protocol.oidc.TokenManager.createClientAccessToken(TokenManager.java:324) at org.keycloak.protocol.oidc.TokenManager$AccessTokenResponseBuilder.generateAccessToken(TokenManager.java:674) Looking at OIDCAttributeMapperHelper.java, this seems to be happening because no null check is being performed on attributeValue in convertToType. Therefore, I think we would just need to add a null check at the beginning of convertToType: if (attributeValue == null) return null; Would this be a reasonable solution? Thanks! - Chris Rains _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user