[keycloak-user] NPE - logout

java_os java at neposoft.com
Tue Nov 15 11:21:27 EST 2016


we're talking npe on KC brokering idp.
To get this working I had to turn ON the the "Backchannel Logout " for the
 Idp provider settings.
It does not matter if "Single Logout Service URL" has a value or not it
still works.
I think backchannel stuff kills the browser's sso session.
Does this mean that user is still logged into Idp?
How do we force KC tell Idp to logout when we logout from KC?
The setting on ""Single Logout Service URL" does not trigger that as I was
expecting it should.
But surely this is a bug and KC should not get into NPE if that feature is
OFF - will openup a jira.
thx

> Please create JIRA for this issue.
>
> --Hynek
>
> On Wed, Nov 9, 2016 at 5:43 PM, java_os <java at neposoft.com> wrote:
>
>> Hi - nullppointer on logout call
>> 2.2.1.Final and 2.3.0.Final - Nullpointer when logging out using
>> keycloak.js (setup: Ng(keycloak.js) -> Rest. Idp login through KC
>> identity
>> brokering to saml).
>> Below is the stacktrace - how do I logout from the SAML bridge? login
>> works.
>> ------------read NPE at the bottom ---
>> Anyone experienced this? It's happening on logout:
>>
>> 11:32:55,052 ERROR [io.undertow.request] (default task-9) UT005023:
>> Exception handling request to
>> /auth/realms/EDITED/protocol/openid-connect/logout:
>> org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException:
>> java.lang.NullPointerException
>>         at
>> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(
>> ExceptionHandler.java:76)
>>         at
>> org.jboss.resteasy.core.ExceptionHandler.handleException(
>> ExceptionHandler.java:212)
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.writeException(
>> SynchronousDispatcher.java:168)
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>> SynchronousDispatcher.java:411)
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>> SynchronousDispatcher.java:202)
>>         at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.
>> service(ServletContainerDispatcher.java:221)
>>         at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(
>> HttpServletDispatcher.java:56)
>>         at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(
>> HttpServletDispatcher.java:51)
>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>         at
>> io.undertow.servlet.handlers.ServletHandler.handleRequest(
>> ServletHandler.java:85)
>>         at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>> doFilter(FilterHandler.java:129)
>>         at
>> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(
>> KeycloakSessionServletFilter.java:90)
>>         at
>> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>>         at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>> doFilter(FilterHandler.java:131)
>>         at
>> io.undertow.servlet.handlers.FilterHandler.handleRequest(
>> FilterHandler.java:84)
>>         at
>> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
>> handleRequest(ServletSecurityRoleHandler.java:62)
>>         at
>> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(
>> ServletDispatchingHandler.java:36)
>>         at
>> org.wildfly.extension.undertow.security.SecurityContextAssociationHand
>> ler.handleRequest(SecurityContextAssociationHandler.java:78)
>>         at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(
>> PredicateHandler.java:43)
>>         at
>> io.undertow.servlet.handlers.security.SSLInformationAssociationHandl
>> er.handleRequest(SSLInformationAssociationHandler.java:131)
>>         at
>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandl
>> er.handleRequest(ServletAuthenticationCallHandler.java:57)
>>         at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(
>> PredicateHandler.java:43)
>>         at
>> io.undertow.security.handlers.AbstractConfidentialityHandler
>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>         at
>> io.undertow.servlet.handlers.security.ServletConfidentialityConstrai
>> ntHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>         at
>> io.undertow.security.handlers.AuthenticationMechanismsHandle
>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>         at
>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHand
>> ler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>         at
>> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(
>> NotificationReceiverHandler.java:50)
>>         at
>> io.undertow.security.handlers.AbstractSecurityContextAssocia
>> tionHandler.handleRequest(AbstractSecurityContextAssocia
>> tionHandler.java:43)
>>         at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(
>> PredicateHandler.java:43)
>>         at
>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.
>> handleRequest(JACCContextIdHandler.java:61)
>>         at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(
>> PredicateHandler.java:43)
>>         at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(
>> PredicateHandler.java:43)
>>         at
>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(
>> ServletInitialHandler.java:284)
>>         at
>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(
>> ServletInitialHandler.java:263)
>>         at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$
>> 000(ServletInitialHandler.java:81)
>>         at
>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(
>> ServletInitialHandler.java:174)
>>         at
>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>         at
>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>         at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(
>> ThreadPoolExecutor.java:1142)
>>         at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
>> ThreadPoolExecutor.java:617)
>>         at java.lang.Thread.run(Thread.java:745)
>> Caused by: java.lang.RuntimeException: java.lang.NullPointerException
>>         at
>> org.keycloak.broker.saml.SAMLIdentityProvider.
>> keycloakInitiatedBrowserLogout(SAMLIdentityProvider.java:180)
>>         at
>> org.keycloak.services.managers.AuthenticationManager.browserLogout(
>> AuthenticationManager.java:254)
>>         at
>> org.keycloak.protocol.oidc.endpoints.LogoutEndpoint.
>> logout(LogoutEndpoint.java:142)
>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>         at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>> 62)
>>         at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(
>> DelegatingMethodAccessorImpl.java:43)
>>         at java.lang.reflect.Method.invoke(Method.java:498)
>>         at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>> MethodInjectorImpl.java:139)
>>         at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
>> ResourceMethodInvoker.java:295)
>>         at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>> ResourceMethodInvoker.java:249)
>>         at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
>> ResourceLocatorInvoker.java:138)
>>         at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>> ResourceLocatorInvoker.java:107)
>>         at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
>> ResourceLocatorInvoker.java:133)
>>         at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>> ResourceLocatorInvoker.java:101)
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>> SynchronousDispatcher.java:395)
>>         ... 37 more
>> Caused by: java.lang.NullPointerException
>>         at java.net.URI$Parser.parse(URI.java:3042)
>>         at java.net.URI.<init>(URI.java:588)
>>         at java.net.URI.create(URI.java:850)
>>         at
>> org.keycloak.saml.SAML2LogoutRequestBuilder.createLogoutRequest(
>> SAML2LogoutRequestBuilder.java:89)
>>         at
>> org.keycloak.saml.SAML2LogoutRequestBuilder.buildDocument(
>> SAML2LogoutRequestBuilder.java:78)
>>         at
>> org.keycloak.broker.saml.SAMLIdentityProvider.
>> keycloakInitiatedBrowserLogout(SAMLIdentityProvider.java:178)
>>         ... 51 more
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> --
>
> --Hynek
>




More information about the keycloak-user mailing list