Account console: "Set up security key" returns internal server error

Configuring the server
#1

Hi community.

I tried to follow the W3C Web Authentication (WebAuthn) using the server administration guide.

The issue is when a user now wants to register a security key, either via Account Console or as required action during the login, keycloak returns an internal server error (500).

The stack trace at server side is this one:

2021-09-23 13:45:22,502 ERROR [org.key.ser.err.KeycloakErrorHandler] (vert.x-worker-thread-6) Uncaught server error: java.lang.NullPointerException
at org.jboss.resteasy.plugins.server.BaseHttpRequest.getFormParameters(BaseHttpRequest.java:53)
at org.jboss.resteasy.plugins.server.BaseHttpRequest.getDecodedFormParameters(BaseHttpRequest.java:74)
at jdk.internal.reflect.GeneratedMethodAccessor570.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.core.ContextParameterInjector$GenericDelegatingProxy.invoke(ContextParameterInjector.java:126)
at com.sun.proxy.$Proxy43.getDecodedFormParameters(Unknown Source)
at org.keycloak.authentication.requiredactions.WebAuthnRegister.requiredActionChallenge(WebAuthnRegister.java:135)
at org.keycloak.services.managers.AuthenticationManager.executeAction(AuthenticationManager.java:1255)
at org.keycloak.services.managers.AuthenticationManager.executionActions(AuthenticationManager.java:1214)
at org.keycloak.services.managers.AuthenticationManager.actionRequired(AuthenticationManager.java:1102)
at org.keycloak.services.managers.AuthenticationManager.nextActionAfterAuthentication(AuthenticationManager.java:949)
at org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:995)
at org.keycloak.services.resources.LoginActionsService.requiredActionGET(LoginActionsService.java:977)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:643) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:507) at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:457) at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:459) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:419) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:138)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:84)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:41)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1038)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:137)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:132)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder.lambda$start$1(StaticResourcesRecorder.java:65)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1038) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:137) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:132) at io.quarkus.vertx.http.runtime.VertxHttpRecorder$4.handle(VertxHttpRecorder.java:338) at io.quarkus.vertx.http.runtime.VertxHttpRecorder$4.handle(VertxHttpRecorder.java:316) at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1038) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:137) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:132) at org.keycloak.provider.quarkus.QuarkusRequestFilter.lambda$null$1(QuarkusRequestFilter.java:57) at org.keycloak.services.filters.AbstractRequestFilter.filter(AbstractRequestFilter.java:43) at org.keycloak.provider.quarkus.QuarkusRequestFilter.lambda$handle$2(QuarkusRequestFilter.java:49) at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$2(ContextImpl.java:313) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:829)`

Any ideas what I might forgot to configure to get WebAuthn up and running with keycloak?

Thanks,
Norman.

#2

Hi community,

Further investigations indicate that this might be an issue with Keycloak-X. Using Keycloak Wildfly based docker image just works as expected.

I will open a ticket if I don’t find one for this.

Regards,
Norman.

#3

Hi @Norman,
did you find a solution for this one?
I confirm that I have the same issue with Keycloak.X and WebAuthn Required Action.

Nov 18 08:11:57 auth kc.sh[16506]: 2021-11-18 08:11:57,601 ERROR [org.key.ser.err.KeycloakErrorHandler] (vert.x-worker-thread-1) Uncaught server error: java.lang.NullPointerException
Nov 18 08:11:57 auth kc.sh[16506]:         at org.jboss.resteasy.plugins.server.BaseHttpRequest.getFormParameters(BaseHttpRequest.java:53)
Nov 18 08:11:57 auth kc.sh[16506]:         at org.jboss.resteasy.plugins.server.BaseHttpRequest.getDecodedFormParameters(BaseHttpRequest.java:74)
Nov 18 08:11:57 auth kc.sh[16506]:         at jdk.internal.reflect.GeneratedMethodAccessor451.invoke(Unknown Source)
Nov 18 08:11:57 auth kc.sh[16506]:         at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Nov 18 08:11:57 auth kc.sh[16506]:         at java.base/java.lang.reflect.Method.invoke(Method.java:566)
Nov 18 08:11:57 auth kc.sh[16506]:         at org.jboss.resteasy.core.ContextParameterInjector$GenericDelegatingProxy.invoke(ContextParameterInjector.java:126)
Nov 18 08:11:57 auth kc.sh[16506]:         at com.sun.proxy.$Proxy47.getDecodedFormParameters(Unknown Source)
Nov 18 08:11:57 auth kc.sh[16506]:         at org.keycloak.authentication.requiredactions.WebAuthnRegister.requiredActionChallenge(WebAuthnRegister.java:135)
....
....
#4

Hi @infl00p,

Unfortunately I haven’t found a solution as of now.
I opened a ticket in Jira: https://issues.redhat.com/projects/KEYCLOAK/issues/KEYCLOAK-19456

Maybe you could add you comments there and/or upvote the issue.

Thanks,
Norman.