search

pac4j / play-pac4j

Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
http://www.pac4j.org
Apache License 2.0
404 stars 101 forks source link

KeycloakOidcClient not connecting due to missing OidcOpMetadataResolver.load #689

Open JulienSt opened 1 month ago

JulienSt commented 1 month ago

Hey me again,

after getting the scala demo for play working with the current master and scala3 and play3, I tried to connect to a local Keycloak with the KeycloakOidcClient. That does not seem to work. Connecting to the same keycloak instance with the normal OidcClient works though.

Here are the providing methods:

  @Provides
  def provideOidcClient: OidcClient = {
    val oidcConfiguration = new OidcConfiguration()
    oidcConfiguration.setClientId("id")
    oidcConfiguration.setSecret("secret")
    oidcConfiguration.setDiscoveryURI("working_url")
    oidcConfiguration.setPreferredJwsAlgorithm(JWSAlgorithm.RS256)
    oidcConfiguration.setPkceMethod(CodeChallengeMethod.S256)
    oidcConfiguration.setClientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
    val oidcClient = new OidcClient(oidcConfiguration)
    oidcClient.addAuthorizationGenerator(new RoleAdminAuthGenerator)
    oidcClient.addAuthorizationGenerator(new KeycloakRolesAuthorizationGenerator(oidcConfiguration.getClientId));
    oidcClient
  }

  @Provides
  def provideKeycloakClient: KeycloakOidcClient = {
    val config = new KeycloakOidcConfiguration("http://localhost:8088", "realm")
    config.setClientId("id")
    config.setSecret("secret")
    config.setDiscoveryURI("working_url")
    config.setPreferredJwsAlgorithm(JWSAlgorithm.RS256)
    config.setPkceMethod(CodeChallengeMethod.S256)
    config.setClientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
    val client = new KeycloakOidcClient(config)
    client.addAuthorizationGenerator(new RoleAdminAuthGenerator)
    client
  }

Using the keycloak version results in the following error:

[error] - controllers.CustomErrorHandler - Error occurrred
java.lang.NullPointerException: Cannot invoke "com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata.getAuthorizationEndpointURI()" because the return value of "org.pac4j.oidc.metadata.OidcOpMetadataResolver.load()" is null
    at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.buildAuthenticationRequestUrl(OidcRedirectionActionBuilder.java:135)
    at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.getRedirectionAction(OidcRedirectionActionBuilder.java:72)
    at org.pac4j.core.client.IndirectClient.getRedirectionAction(IndirectClient.java:136)
    at org.pac4j.core.engine.DefaultSecurityLogic.redirectToIdentityProvider(DefaultSecurityLogic.java:240)
    at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:160)
    at org.pac4j.play.java.SecureAction.internalCall(SecureAction.java:93)
    at org.pac4j.play.java.SecureAction.call(SecureAction.java:72)
    at org.pac4j.play.scala.SecureAction.invokeBlock(Security.scala:73)
    at org.pac4j.play.scala.SecureAction.invokeBlock(Security.scala:70)
    at play.api.mvc.ActionBuilder$$anon$10.apply(Action.scala:434)
    at play.api.mvc.Action.apply$$anonfun$5(Action.scala:83)
    at play.api.mvc.BodyParser$.runParserThenInvokeAction$$anonfun$1(Action.scala:260)
    at play.api.libs.streams.StrictAccumulator.mapFuture$$anonfun$2$$anonfun$1(Accumulator.scala:167)
    at scala.util.Try$.apply(Try.scala:210)
    at play.api.libs.streams.StrictAccumulator.mapFuture$$anonfun$2(Accumulator.scala:167)
    at scala.Function1.$anonfun$andThen$1(Function1.scala:87)
    at scala.Function1.$anonfun$andThen$1(Function1.scala:87)
    at scala.Function1.$anonfun$andThen$1(Function1.scala:87)
    at play.api.libs.streams.StrictAccumulator.run(Accumulator.scala:198)
    at play.api.libs.streams.FlattenedAccumulator.run$$anonfun$2(Accumulator.scala:215)
    at scala.concurrent.impl.Promise$Transformation.run(Promise.scala:470)
    at org.apache.pekko.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:73)
    at org.apache.pekko.dispatch.BatchingExecutor$BlockableBatch.run$$anonfun$1(BatchingExecutor.scala:110)
    at org.apache.pekko.dispatch.BatchingExecutor$BlockableBatch.run$$anonfun$adapted$1(BatchingExecutor.scala:119)
    at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:94)
    at org.apache.pekko.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:119)
    at org.apache.pekko.dispatch.TaskInvocation.run(AbstractDispatcher.scala:59)
    at org.apache.pekko.dispatch.ForkJoinExecutorConfigurator$PekkoForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:57)
    at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:387)
    at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1312)
    at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1843)
    at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1808)
    at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:188)

I am happy that the normal client works, so I am not planning to spend too much time with this issue. I just wanted to let you know, that this seems to be a problem

leleuj commented 1 month ago

Thanks for letting me known.