search

Azure-Samples / ms-identity-java-desktop

A desktop application in Java calling Microsoft Graph API
MIT License
22 stars 24 forks source link

Cannot invoke "String.getBytes(java.nio.charset.Charset)" because "response" is null #15

Closed snnn closed 3 years ago

snnn commented 3 years ago

Hi, I'm trying the integrated-windows-authentication sample with my xxx@microsoft.com account. I got the following error: (it is because the WSTrustRequest returned 401)

C:\src\ms-identity-java-desktop\Integrated-Windows-Auth-Flow>java -Dsun.security.jgss.native=true -jar target\public-client-integrated-windows-authentication-sample-1.0.0.jar
==No accounts in cache
[ForkJoinPool.commonPool-worker-3] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: 52b9b2b4-6f2c-499f-abe4-254410f42a63] Execution of class com.microsoft.aad.msal4j.AcquireTokenSilentSupplier failed.
com.microsoft.aad.msal4j.MsalClientException: Token not found it the cache
        at com.microsoft.aad.msal4j.AcquireTokenSilentSupplier.execute(AcquireTokenSilentSupplier.java:58)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1764)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1756)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1016)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1665)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1598)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
==acquireTokenSilently call failed: com.microsoft.aad.msal4j.MsalClientException: Token not found it the cache
[ForkJoinPool.commonPool-worker-3] INFO com.microsoft.aad.msal4j.HttpHelper - [Correlation ID: null] Sent (null) Correlation Id is not same as received (null).
[ForkJoinPool.commonPool-worker-3] INFO com.microsoft.aad.msal4j.HttpHelper - [Correlation ID: null] Sent (null) Correlation Id is not same as received (null).
[ForkJoinPool.commonPool-worker-3] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: 5579c2ad-165b-4fb2-8471-bd6506d8bab6] Execution of class com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier failed.
java.lang.NullPointerException: Cannot invoke "String.getBytes(java.nio.charset.Charset)" because "response" is null
        at com.microsoft.aad.msal4j.WSTrustResponse.parse(WSTrustResponse.java:74)
        at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:48)
        at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:89)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.getAuthorizationGrantIntegrated(AcquireTokenByAuthorizationGrantSupplier.java:126)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:40)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1764)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1756)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1016)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1665)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1598)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
Exception in thread "main" java.util.concurrent.CompletionException: java.lang.NullPointerException: Cannot invoke "String.getBytes(java.nio.charset.Charset)" because "response" is null
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:93)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1764)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1756)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1016)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1665)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1598)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
Caused by: java.lang.NullPointerException: Cannot invoke "String.getBytes(java.nio.charset.Charset)" because "response" is null
        at com.microsoft.aad.msal4j.WSTrustResponse.parse(WSTrustResponse.java:74)
        at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:48)
        at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:89)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.getAuthorizationGrantIntegrated(AcquireTokenByAuthorizationGrantSupplier.java:126)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:40)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
        ... 8 more

What should I do? How can I debug this error?

And should I set AUTHORITY to https://login.microsoftonline.com/organizations/ or https://login.microsoftonline.com/{tenantid}/ ? I only want to support the accounts end with "@microsoft.com" only.

Thank you!

Avery-Dunn commented 3 years ago

Hello @snnn : I haven't seen this exact error message before, but usually errors about missing responses have to do with network security blocking something.

Are you running this sample on a corporate network, behind a firewall/proxy? If so, you may need to configure your own version of the HTTP client with any needed proxy info, certificates, etc. (see here for info on where in the library to do that), or work with whoever manages your network security to let the traffic from your app through.

As for the authority, leaving it as https://login.microsoftonline.com/organizations/ should be fine for this sample. I believe the authority you need to use depends on what you chose for 'supported account types' when making the app, as described here. I haven't tried it myself so I don't know the exact behavior, but maybe the https://login.microsoftonline.com/consumers/ authority described in that link is limited to just '@microsoft.com' accounts?

snnn commented 3 years ago

Are you running this sample on a corporate network, behind a firewall/proxy?

No. It is directly connected to the internet.

And I'm trying it with a "work and school account", not "personal Microsoft accounts".

sangonzal commented 3 years ago

@snnn are you running the sample on a domain joined machine and using your Microsoft corp credentials?

IWA is actually running the kerberos protocol under the hood. MSAL expects that you already have a kerberos ticket on your machine before running IWA flow. The JDK contains a kerberos utility called kinit stored in the bin folder of where your JDK is installed. You should be able to run kinit on your domain joined machine and input your username and password to get a ticket. Once you have successfully done, can you can try running the sample again?

snnn commented 3 years ago

No, it's not domain joined. This device is joined to Azure AD. I was confused by those two.

snnn commented 3 years ago

Hi @sangonzal , I changed to a domain joined machine, it still doesn't work. I have run kinit. Then I run klist it can successfully list the tokens.

like:

#0>     Client: joe @ DOMAIN1.CORP.MICROSOFT.COM
        Server: krbtgt/DOMAIN2.CORP.MICROSOFT.COM @ DOMAIN1.CORP.MICROSOFT.COM
        Start Time: 3/21/2021 17:46:28 (local)
        End Time:   3/22/2021 3:46:28 (local)
        Renew Time: 3/28/2021 17:46:28 (local)

However, the demo still says "No accounts in cache".

==No accounts in cache
[ForkJoinPool.commonPool-worker-3] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: e2f1e5f1-2d38-4f09-8c54-8075ee6db576] Execution of class com.microsoft.aad.msal4j.AcquireTokenSilentSupplier failed.
com.microsoft.aad.msal4j.MsalClientException: Token not found it the cache
        at com.microsoft.aad.msal4j.AcquireTokenSilentSupplier.execute(AcquireTokenSilentSupplier.java:58)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1764)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1756)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1016)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1665)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1598)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
==acquireTokenSilently call failed: com.microsoft.aad.msal4j.MsalClientException: Token not found it the cache
[ForkJoinPool.commonPool-worker-3] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: 5b75f305-8d88-404d-8006-4b32b3a0cc8d] Execution of class com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier failed.
com.microsoft.aad.msal4j.MsalClientException: User Realm request failed
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.getAuthorizationGrantIntegrated(AcquireTokenByAuthorizationGrantSupplier.java:141)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:40)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1764)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1756)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1016)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1665)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1598)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
Exception in thread "main" java.util.concurrent.CompletionException: com.microsoft.aad.msal4j.MsalClientException: User Realm request failed
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:93)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1764)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1756)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1016)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1665)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1598)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
Caused by: com.microsoft.aad.msal4j.MsalClientException: User Realm request failed
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.getAuthorizationGrantIntegrated(AcquireTokenByAuthorizationGrantSupplier.java:141)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:40)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
        ... 8 more

Probably the format of the username is wrong? If my username is joe and domain is DOMAIN1.CORP.MICROSOFT.COM. What should I put in the 'application.properties' config file?

sangonzal commented 3 years ago

@snnn I'm able to use my Microsoft account to acquire a token by using USER_NAME=<alias>@microsoft.com. Do you get the the same error if you try this format? Are you on you VPN?

No accounts in the cache is expected, the actual error here: Caused by: com.microsoft.aad.msal4j.MsalClientException: User Realm request failed.

snnn commented 3 years ago

A different error:

==No accounts in cache
[ForkJoinPool.commonPool-worker-3] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: de50c442-70b9-4afa-8d99-6dd5d04b4fcf] Execution of class com.microsoft.aad.msal4j.AcquireTokenSilentSupplier failed.
com.microsoft.aad.msal4j.MsalClientException: Token not found it the cache
        at com.microsoft.aad.msal4j.AcquireTokenSilentSupplier.execute(AcquireTokenSilentSupplier.java:58)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1764)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1756)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1016)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1665)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1598)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
==acquireTokenSilently call failed: com.microsoft.aad.msal4j.MsalClientException: Token not found it the cache
[ForkJoinPool.commonPool-worker-3] INFO com.microsoft.aad.msal4j.HttpHelper - [Correlation ID: null] Sent (null) Correlation Id is not same as received (null).
[ForkJoinPool.commonPool-worker-3] INFO com.microsoft.aad.msal4j.HttpHelper - [Correlation ID: null] Sent (null) Correlation Id is not same as received (null).
[ForkJoinPool.commonPool-worker-3] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: 670745d9-3468-4a9e-8494-a2342bf8ca36] Execution of class com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier failed.
java.lang.NullPointerException: Cannot invoke "String.getBytes(java.nio.charset.Charset)" because "response" is null
        at com.microsoft.aad.msal4j.WSTrustResponse.parse(WSTrustResponse.java:74)
        at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:48)
        at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:89)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.getAuthorizationGrantIntegrated(AcquireTokenByAuthorizationGrantSupplier.java:126)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:40)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1764)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1756)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1016)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1665)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1598)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
Exception in thread "main" java.util.concurrent.CompletionException: java.lang.NullPointerException: Cannot invoke "String.getBytes(java.nio.charset.Charset)" because "response" is null
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:93)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1764)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1756)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1016)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1665)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1598)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
Caused by: java.lang.NullPointerException: Cannot invoke "String.getBytes(java.nio.charset.Charset)" because "response" is null
        at com.microsoft.aad.msal4j.WSTrustResponse.parse(WSTrustResponse.java:74)
        at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:48)
        at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:89)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.getAuthorizationGrantIntegrated(AcquireTokenByAuthorizationGrantSupplier.java:126)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:40)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
        ... 8 more

Yes. I'm on VPN. I can run kinit and get the ticket.

Bolopenet commented 3 years ago

@snnn Did you manage to resolve this issue ? I'm asking because I encounter the same problem

snnn commented 3 years ago

No. It's complicated.

lightwaver commented 2 years ago

could you solve it in the end - i have a similar error and no clue whats wrong...