search

Captain-P-Goldfish / scim-for-keycloak

a third party module that extends keycloak by SCIM functionality
BSD 3-Clause "New" or "Revised" License
186 stars 48 forks source link

kc-24-2.2.1 Groups Update ERROR #122

Closed belerovon closed 1 month ago

belerovon commented 1 month ago

With kc-24-2.2.1 I got following Error when updating the Groups:

keycloak_server | 2024-08-07 07:33:42,186 ERROR [de.captaingoldfish.scim.sdk.common.response.ErrorResponse] (executor-thread-11) Exception invoking method [setUsername] on object [de.captaingoldfish.scim.sdk.keycloak.entities.decorators.ScimUserModelDelegate@cfa82721], using arguments [Christian@xxxx.link]: de.captaingoldfish.scim.sdk.common.exceptions.InternalServerException: Exception invoking method [setUsername] on object [de.captaingoldfish.scim.sdk.keycloak.entities.decorators.ScimUserModelDelegate@cfa82721], using arguments [Christian@xxxxx.link] keycloak_server | at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpointHandler.updateResource(ResourceEndpointHandler.java:912) keycloak_server | at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpoint.resolveRequest(ResourceEndpoint.java:287) keycloak_server | at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpoint.handleRequest(ResourceEndpoint.java:195) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.scim.AbstractEndpoint.lambda$handleScimRequest$2(AbstractEndpoint.java:75) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.scim.RetryStrategy.doWithRetries(RetryStrategy.java:58) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.scim.AbstractEndpoint.handleScimRequest(AbstractEndpoint.java:72) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.administration.AdministrationBackendEndpoint.handleScimRequest(AdministrationBackendEndpoint.java:143) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.administration.AdministrationBackendEndpoint.handleScimPutRequest(AdministrationBackendEndpoint.java:106) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.administration.AdministrationBackendEndpoint$quarkusrestinvoker$handleScimPutRequest_cda7c65f9fa7405086da170e6d4a180bcac670b4.invoke(Unknown Source) keycloak_server | at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) keycloak_server | at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) keycloak_server | at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147) keycloak_server | at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582) keycloak_server | at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) keycloak_server | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) keycloak_server | at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) keycloak_server | at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) keycloak_server | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) keycloak_server | at java.base/java.lang.Thread.run(Thread.java:840) keycloak_server | Caused by: java.lang.RuntimeException: Exception invoking method [setUsername] on object [de.captaingoldfish.scim.sdk.keycloak.entities.decorators.ScimUserModelDelegate@cfa82721], using arguments [Christian@xxxxx.link] keycloak_server | at org.keycloak.common.util.reflections.Reflections.invokeMethod(Reflections.java:386) keycloak_server | at org.keycloak.common.util.reflections.Reflections.invokeMethod(Reflections.java:315) keycloak_server | at org.keycloak.models.utils.reflection.MethodPropertyImpl.setValue(MethodPropertyImpl.java:147) keycloak_server | at org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.setPropertyOnUserModel(UserAttributeLDAPStorageMapper.java:502) keycloak_server | at org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.onImportUserFromLDAP(UserAttributeLDAPStorageMapper.java:91) keycloak_server | at org.keycloak.storage.ldap.LDAPStorageProvider.lambda$importUserFromLDAP$17(LDAPStorageProvider.java:688) keycloak_server | at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183) keycloak_server | at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) keycloak_server | at java.base/java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:395) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:510) keycloak_server | at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) keycloak_server | at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150) keycloak_server | at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173) keycloak_server | at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) keycloak_server | at java.base/java.util.stream.ReferencePipeline.forEachOrdered(ReferencePipeline.java:601) keycloak_server | at org.keycloak.storage.ldap.LDAPStorageProvider.importUserFromLDAP(LDAPStorageProvider.java:683) keycloak_server | at org.keycloak.storage.ldap.LDAPStorageProvider.importUserFromLDAP(LDAPStorageProvider.java:647) keycloak_server | at org.keycloak.storage.ldap.LDAPStorageProvider.lambda$loadUsersByUniqueAttribute$15(LDAPStorageProvider.java:475) keycloak_server | at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) keycloak_server | at java.base/java.util.stream.SliceOps$1$1.accept(SliceOps.java:200) keycloak_server | at java.base/java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1602) keycloak_server | at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:280) keycloak_server | at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) keycloak_server | at org.keycloak.utils.StreamsUtil$1.tryAdvance(StreamsUtil.java:115) keycloak_server | at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129) keycloak_server | at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527) keycloak_server | at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513) keycloak_server | at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) keycloak_server | at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921) keycloak_server | at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) keycloak_server | at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682) keycloak_server | at org.keycloak.storage.ldap.mappers.membership.MembershipType$2.getGroupMembers(MembershipType.java:111) keycloak_server | at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.getGroupMembers(GroupLDAPStorageMapper.java:577) keycloak_server | at org.keycloak.storage.ldap.LDAPStorageProvider.lambda$getGroupMembersStream$4(LDAPStorageProvider.java:397) keycloak_server | at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) keycloak_server | at java.base/java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:400) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:528) keycloak_server | at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513) keycloak_server | at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) keycloak_server | at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150) keycloak_server | at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) keycloak_server | at java.base/java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:647) keycloak_server | at org.keycloak.storage.ldap.LDAPStorageProvider.getGroupMembersStream(LDAPStorageProvider.java:400) keycloak_server | at org.keycloak.storage.UserStorageManager.lambda$getGroupMembersStream$22(UserStorageManager.java:414) keycloak_server | at org.keycloak.storage.UserStorageManager.lambda$query$11(UserStorageManager.java:302) keycloak_server | at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) keycloak_server | at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) keycloak_server | at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) keycloak_server | at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) keycloak_server | at java.base/java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:395) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) keycloak_server | at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:510) keycloak_server | at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) keycloak_server | at java.base/java.util.stream.StreamSpliterators$WrappingSpliterator.forEachRemaining(StreamSpliterators.java:310) keycloak_server | at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:735) keycloak_server | at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:734) keycloak_server | at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) keycloak_server | at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) keycloak_server | at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575) keycloak_server | at java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260) keycloak_server | at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616) keycloak_server | at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622) keycloak_server | at java.base/java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.scim.groups.GroupConverterDatabaseToScim.addMembersToGroups(GroupConverterDatabaseToScim.java:148) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.scim_client.fullsynchronize.push.GroupPushSynchronizer$1.addMembersToGroup(GroupPushSynchronizer.java:173) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.scim.groups.GroupHandler.listResources(GroupHandler.java:345) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.scim_client.fullsynchronize.push.AbstractPushRealmSynchronizer.getNextLocalResources(AbstractPushRealmSynchronizer.java:336) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.administration.backend.scim.synchronization.PushSynchroHandler.handleGroupSynchronization(PushSynchroHandler.java:234) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.administration.backend.scim.synchronization.PushSynchroHandler.synchronize(PushSynchroHandler.java:75) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.administration.backend.scim.synchronization.RemoteSynchroResourceHandler.updateResource(RemoteSynchroResourceHandler.java:71) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.administration.backend.scim.synchronization.RemoteSynchroResourceHandler.updateResource(RemoteSynchroResourceHandler.java:23) keycloak_server | at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpointHandler.lambda$updateResource$16(ResourceEndpointHandler.java:861) keycloak_server | at de.captaingoldfish.scim.sdk.server.interceptor.NoopInterceptor.doAround(NoopInterceptor.java:21) keycloak_server | at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpointHandler.updateResource(ResourceEndpointHandler.java:857) keycloak_server | ... 18 more keycloak_server | Caused by: java.lang.NullPointerException: Cannot invoke "org.keycloak.models.RoleModel.getId()" because "role" is null keycloak_server | at org.keycloak.models.cache.infinispan.GroupAdapter.hasRole(GroupAdapter.java:175) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.entities.decorators.ScimGroupModelDelegate.hasRole(ScimGroupModelDelegate.java:45) keycloak_server | at org.keycloak.models.utils.RoleUtils.hasRoleFromGroup(RoleUtils.java:104) keycloak_server | at org.keycloak.models.utils.RoleUtils.lambda$hasRoleFromGroup$3(RoleUtils.java:128) keycloak_server | at java.base/java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90) keycloak_server | at java.base/java.util.HashMap$KeySpliterator.tryAdvance(HashMap.java:1728) keycloak_server | at java.base/java.util.stream.Streams$ConcatSpliterator.tryAdvance(Streams.java:720) keycloak_server | at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129) keycloak_server | at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527) keycloak_server | at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513) keycloak_server | at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) keycloak_server | at java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230) keycloak_server | at java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196) keycloak_server | at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) keycloak_server | at java.base/java.util.stream.ReferencePipeline.anyMatch(ReferencePipeline.java:632) keycloak_server | at org.keycloak.models.utils.RoleUtils.hasRoleFromGroup(RoleUtils.java:128) keycloak_server | at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper$LDAPGroupMappingsUserDelegate.hasRole(GroupLDAPStorageMapper.java:698) keycloak_server | at org.keycloak.models.utils.UserModelDelegate.hasRole(UserModelDelegate.java:175) keycloak_server | at org.keycloak.models.utils.UserModelDelegate.hasRole(UserModelDelegate.java:175) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.scim_client.ScimClientSynchronizer.hasUserExcludeRole(ScimClientSynchronizer.java:173) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.scim_client.ScimClientSynchronizer.lambda$addUpdateOperation$2(ScimClientSynchronizer.java:304) keycloak_server | at org.keycloak.models.utils.KeycloakModelUtils.lambda$runJobInTransaction$1(KeycloakModelUtils.java:257) keycloak_server | at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransactionWithResult(KeycloakModelUtils.java:379) keycloak_server | at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:256) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.scim_client.ScimClientSynchronizer.addUpdateOperation(ScimClientSynchronizer.java:277) keycloak_server | at de.captaingoldfish.scim.sdk.keycloak.entities.decorators.ScimUserModelDelegate.setUsername(ScimUserModelDelegate.java:337) keycloak_server | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) keycloak_server | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) keycloak_server | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) keycloak_server | at java.base/java.lang.reflect.Method.invoke(Method.java:568) keycloak_server | at org.keycloak.common.util.reflections.Reflections.invokeMethod(Reflections.java:380) keycloak_server | ... 101 more

User working well. Are you aware of that?

Captain-P-Goldfish commented 1 month ago

Please start keycloak once with the environment variable KC_SPI_REALM_RESTAPI_EXTENSION_SCIM_REPAIR_DATABASE or the configuration property spi-realm-restapi-extension-scim-repair-database. This happens because the SCIM-exclude-roles were not properly added into the realm. Starting the keycloak with the property will fix the issue.

belerovon commented 1 month ago

you are awesome - that fixed it :)