Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OIDC > NullPointerException with RH SSO 7.4 and using Quarkus Keycloak authorization extension running

See original GitHub issue

Describe the bug I’ve configured a Quarkus app using the extension “quarkus-keycloak-authorization” with the following properties:

quarkus.oidc.auth-server-url=http://localhost:8180/auth/realms/test-realm
quarkus.oidc.client-id=test-application-client
quarkus.oidc.credentials.secret=test-application-client-secret
quarkus.oidc.token.lifespan-grace=60

quarkus.keycloak.policy-enforcer.enable=true

Code:

@Path("/user")
public class UserResource {
    @Inject
    SecurityIdentity identity;

    @Inject
    JsonWebToken jwt;

    @GET
    @Produces(MediaType.TEXT_PLAIN)
    public String get() {
        return "Hello, user " + identity.getPrincipal().getName();
    }

    @GET
    @Path("/issuer")
    @Produces(MediaType.TEXT_PLAIN)
    public String issuer() {
        return "user token issued by " + jwt.getIssuer();
    }
}

This setup is NOT working either on jvm and native using the latest RH SSO 7.4 (I could not test with the latest Keycloak image).

Expected behavior This setup should work the same as using a previous version of RH SSO 7.4 and/or Keycloak.

Actual behavior This setup is failing with the following error:

__  ____  __  _____   ___  __ ____  ______
 --/ __ \/ / / / _ | / _ \/ //_/ / / / __/
 -/ /_/ / /_/ / __ |/ , _/ ,< / /_/ /\ \
--\___\_\____/_/ |_/_/|_/_/|_|\____/___/
2021-01-14 16:57:40,466 INFO  [org.key.ada.aut.PolicyEnforcer] (main) Paths provided in configuration.
2021-01-14 16:57:40,670 WARN  [org.apa.htt.cli.pro.ResponseProcessCookies] (main) Invalid cookie header: "Set-Cookie: KC_RESTART=; Version=1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/auth/realms/test-realm/; HttpOnly". Invalid 'expires' attribute: Thu, 01-Jan-1970 00:00:10 GMT
2021-01-14 16:57:40,871 ERROR [io.qua.run.Application] (main) Failed to start application (with profile native): java.lang.NullPointerException
    at org.keycloak.jose.jws.JWSInput.<init>(JWSInput.java:44)
    at org.keycloak.authorization.client.util.TokenCallable.call(TokenCallable.java:64)
    at org.keycloak.authorization.client.resource.ProtectedResource.createFindRequest(ProtectedResource.java:296)
    at org.keycloak.authorization.client.resource.ProtectedResource.access$300(ProtectedResource.java:38)
    at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:225)
    at org.keycloak.authorization.client.resource.ProtectedResource$5.call(ProtectedResource.java:222)
    at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:230)
    at org.keycloak.authorization.client.resource.ProtectedResource.findByMatchingUri(ProtectedResource.java:291)
    at org.keycloak.adapters.authorization.PolicyEnforcer.configureDefinedPaths(PolicyEnforcer.java:180)
    at org.keycloak.adapters.authorization.PolicyEnforcer.configurePaths(PolicyEnforcer.java:160)
    at org.keycloak.adapters.authorization.PolicyEnforcer.<init>(PolicyEnforcer.java:76)

To Reproduce Reproducer in:

git clone https://github.com/Sgitario/quarkus-examples
cd quarkus-examples/quarkus-keycloak-authz
mvn clean verify

You can try with other SSO images by editing the AuthProviderQuarkusTestResource class:

// container = new KeycloakContainer(); // works
container = new RedHatSso74Container(); // does not work
// container = new RedHatSso73Container(); // works

Environment (please complete the following information):

Quarkus version: 1.10.5.Final

Issue Analytics

State:
Created 3 years ago
Comments:13 (11 by maintainers)

Top GitHub Comments

1reaction

sberyozkincommented, Mar 3, 2021

Hi @Sgitario @pedroigor I suppose we can close this particular issue as there is really nothing that will be done in Quarkus itself and it is under control elsewehere, do you agree ?

0reactions

sberyozkincommented, Mar 11, 2021

@pedroigor @Sgitario thanks, closing it

Top Results From Across the Web

Using OpenID Connect (OIDC) and Keycloak to Centralize ...

This command generates a project, importing the keycloak-authorization extension which is an implementation of a Keycloak Adapter for Quarkus applications ...

Add security to a Quarkus application using Red Hat's SSO

Learn how to configure a Quarkus Java application to authenticate with Red Hat's SSO on Red Hat Openshift or Red Hat Enterprise Linux....

Quarkus and Keycloak/OIDC - NullPointerException

I've got Keycloak up and running in a Docker container and have configured a realm and corresponding client for my microservices. Now I'm...

NullPointerException in DefaultHostnameProvider when ...

Hi, I have a Docker-infrastructure where I have a backend in a container and keycloak running in another container. When my Backend tries...

Using OpenID Connect and Keycloak to Centralize ... - Quarkus

The quarkus-keycloak-authorization extension is based on quarkus-oidc and provides a policy enforcer that enforces access to protected resources based on ...