Open jacquemard opened 8 months ago
Thanks for the report. We are currently testing 24, and we will incorporate this before a release that supports that version.
@jacquemard It looks like there is a regression in Keycloak where KeycloakContext
is not set in session when executing DefaultBruteForceProtector.sendEvent
. I filed this in the Keycloak issues https://github.com/keycloak/keycloak/issues/27740
We'll probably stop the NPE from being thrown, but since there is no way to get the realm, the listener will just fail silently until Keycloak fixes the upstream bug.
Oh ok I see, thanks for the details and clarifying the issue, in that case we'll probably wait for the fix from keycloak side to be pushed before upgrading to v24.
@jacquemard this isn't going to be changed by the Keycloak team, so this event type won't be received by this event listener type for the time being. I'll leave this open until we have the time to figure out a workaround or someone wants to suggest and PR a fix.
Thanks a lot @xgp for the update and your involvement on this. I'll see what we will do concerning this issue.
@xgp Has this been resolved? Still seeing this error on webhook. (Using V.30)
2024-07-24 20:53:50,561 WARN [io.phasetwo.keycloak.events.WebhookSenderEventListenerProvider] (executor-thread-39) Error converting and scheduling event: org.keycloak.events.admin.AdminEvent@529cfc54: java.lang.NullPointerException: Cannot invoke "org.keycloak.models.UserModel.getUsername()" because "user" is null
at io.phasetwo.keycloak.events.WebhookSenderEventListenerProvider.completeAdminEventAttributes(WebhookSenderEventListenerProvider.java:166)
at io.phasetwo.keycloak.events.WebhookSenderEventListenerProvider.onEvent(WebhookSenderEventListenerProvider.java:69)
at org.keycloak.services.resources.admin.AdminEventBuilder.send(AdminEventBuilder.java:290)
at org.keycloak.services.resources.admin.AdminEventBuilder.success(AdminEventBuilder.java:272)
at org.keycloak.services.resources.admin.GroupResource.deleteGroup(GroupResource.java:159)
@spinanicky That's a different error. It looks like there are cases where there is a userId
in the event, but the lookup of that user returns null
. Can you file a separate issue for this?
Where it's failing: https://github.com/p2-inc/keycloak-events/blob/main/src/main/java/io/phasetwo/keycloak/events/WebhookSenderEventListenerProvider.java#L166
With Keycloak 24.0.1, under some conditions, the following error occurs. Seems to be when we activate brute force detection with
ext-event-http
. On Keycloak 23.0.7, everything seems to work fine. I have also tested to build from the branchxgp/24-testcontainers
, and the same error occurs :I am not sure what the current status regarding the support of KC 24 is, but I thought I might as well report this issue.
Steps to reproduce
docker compose up
with a keycloak-events build within aproviders
folder:In the created realm:
Let me know if you need additional information.