Skip to main content

Keycloak empty User-Attribute causes NPE


Fixing NPE in Keycloak due to non-existent user attribute

In Keycloak, an error might be encountered as below:

ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-1) Uncaught server error: java.lang.NullPointerException
 at org.keycloak.models.utils.KeycloakModelUtils.resolveAttribute(KeycloakModelUtils.java:414)
 at org.keycloak.models.utils.KeycloakModelUtils.resolveAttribute(KeycloakModelUtils.java:415)
 at org.keycloak.protocol.oidc.mappers.UserAttributeMapper.setClaim(UserAttributeMapper.java:93)
 at org.keycloak.protocol.oidc.mappers.UserAttributeMapper.setClaim(UserAttributeMapper.java:101)
 at org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim(AbstractOIDCProtocolMapper.java:117)
 at org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim(AbstractOIDCProtocolMapper.java:119)
 at org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformAccessToken(AbstractOIDCProtocolMapper.java:81)
 at org.keycloak.protocol.oidc.TokenManager.transformAccessToken(TokenManager.java:606)
 at org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.transformAccessToken(AbstractOIDCProtocolMapper.java:81)
 at org.keycloak.protocol.oidc.TokenManager.createClientAccessToken(TokenManager.java:422)
 at org.keycloak.protocol.oidc.TokenManager$AccessTokenResponseBuilder.generateAccessToken(TokenManager.java:795)
 at org.keycloak.protocol.oidc.TokenManager.transformAccessToken(TokenManager.java:544)
 at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.resourceOwnerPasswordCredentialsGrant(TokenEndpoint.java:569)
 at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:186)
 at org.keycloak.protocol.oidc.TokenManager.createClientAccessToken(TokenManager.java:402)

This is the case when a client has been configured on keycloak and has certain scopes set on 'Assigned Default Client Scopes' field.
This will result in Keycloak throwing a NullPointerException whenever an access token is generated.


Removing the additional scope not required in the config will help fix NPE.


Do try it out, and let me know if it works.
Do drop some comments is any issues are faced.

=============== Happy Coding ===============

Labels:

Comments

Post a Comment

Popular posts from this blog

Add/Modify Header Values in Java HttpServletRequest using Servlet Filters

Add/Modify Header Values in Java HttpServletRequest using Servlet Filters Steps to Modify Request Headers in a Servlet Request. This example will demonstrate how to modify 'Content-Type' header in Java Servlet Filter. In order to achieve this, use a custom wrapper Class, that extends HttpServletRequestWrapper. Thereafter, we need to override certain methods inside this custom Class. getHeader(String name) getHeaders(String name) getHeaderNames() getParameter(final String name) Code snippet for overriding above methods.     @Override     public String getHeader(String name) {     String header = super.getHeader(name); if ("content-type".equalsIgnoreCase(name)){ System.out.println("Adds Header Content-Type as application/json"); return "application/json"; }         return header;     }          @Override     public Enumeration getHeaders(String name) {         List values = Collection
Post a Comment
Read more

Extracting Data from Twitter using Twitter API (in Python/Pycharm)

Pre-Requisites for this task: User should have a Twitter Account. Phone number should be linked with Twitter Account. ( Ways to Add Phone number in twitter ) Pycharm should be installed. Add Plugin named Tweepy in Pycharm. Obtain Twitter API Key from Twitter. How To Obtain Twitter API key: Go to apps.twitter.com and log in with your Twitter account. Click 'Create a new app' and fill the details. Callback URL is not mandatory. The system will generate an API key and an API secret. Generate an access token on 'Keys and Access Tokens' tab. Four keys will be generated. What exactly to write in Pycharm: import tweepy consumer_key = 'CONSUMER-KEY-FROM-TWITTER' consumer_secret = 'CONSUMER-SECRET-FROM-TWITTER' access_token = 'ACCESS-TOKEN-FROM-TWITTER' access_secret = 'ACCESS-SECRET-FROM-TWITTER' authentication = tweepy.OAuthHandler(consumer_key,consumer_secret) authentication.set_access_token(access_token, access_sec
11 comments
Read more

Fixing Keycloak Error : MediaType not set on path , with response status 200

Using a custom endpoint with Media Type set as 'Application/Json'. When this endpoint is accessed, below error is returned. ERROR [org.keycloak.headers.DefaultSecurityHeadersProvider] (default task-16) MediaType not set on path /auth/realms/my-realm/broker/keycloak-oidc/token, with response status 200 06:31:08,489 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-16) Uncaught server error: javax.ws.rs.InternalServerErrorException: HTTP 500 Internal Server Error at org.keycloak.keycloak-services@10.0.2//org.keycloak.headers.DefaultSecurityHeadersProvider.addHeaders(DefaultSecurityHeadersProvider.java:71) at org.keycloak.keycloak-services@10.0.2//org.keycloak.services.filters.KeycloakSecurityHeadersFilter.filter(KeycloakSecurityHeadersFilter.java:36) The fix for this is to bind the blank response to Application/Json as follows: return Response.ok(json, MediaType.APPLICATION_JSON).build(); Do try it out, and let me know if it works. Do drop some comments is an
Post a Comment
Read more