context.getUser() in authenticate flow returns null

mkg20001 · August 2, 2021, 1:48am

I’m trying to get this extension running

After deploying the extension to my server and following the tutorial in the linked repo, I get this error, regardless of whether the user is signed in:

Aug 02 01:40:52 xstage standalone.sh[313756]: 01:40:52,487 WARN  [org.keycloak.services] (default task-2) KC-SERVICES0013: Failed authentication: java.lang.NullPointerException: Cannot invoke "org.keycloak.models.UserModel.isMemberOf(org.keycloak.models.GroupModel)" because "user" is null
Aug 02 01:40:52 xstage standalone.sh[313756]:         at deployment.isdqxd0xfz1x7jmxq1pccbnnw40abqj9-auth-require-group-extension-1.0.0.0-SNAPSHOT.jar//com.github.thomasdarimont.keycloak.auth.requiregroup.RequireGroupAuthenticator.isMemberOfGroup(RequireGroupAuthenticator.java:47)
Aug 02 01:40:52 xstage standalone.sh[313756]:         at deployment.isdqxd0xfz1x7jmxq1pccbnnw40abqj9-auth-require-group-extension-1.0.0.0-SNAPSHOT.jar//com.github.thomasdarimont.keycloak.auth.requiregroup.RequireGroupAuthenticator.authenticate(RequireGroupAuthenticator.java:29)
Aug 02 01:40:52 xstage standalone.sh[313756]:         at org.keycloak.keycloak-services@15.0.0//org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:446)
Aug 02 01:40:52 xstage standalone.sh[313756]:         at org.keycloak.keycloak-services@15.0.0//org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:253)
Aug 02 01:40:52 xstage standalone.sh[313756]:         at org.keycloak.keycloak-services@15.0.0//org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:990)

I’ve tried a bunch of things, but none seems to have any effect.

Does anyone have pointers any for me?

ben.overcash · August 3, 2021, 3:52pm

I checked RequireGroupAuthenticator.java in the github project and they have the following set

@Override
    public boolean requiresUser() {
        return false;
    }

Returning false means that the authenticator code is gonna run even if the user hasn’t been set by another authenticator yet.

Your null value could mean that the “Required Group” execution isn’t at the bottom of the flow, or that the “Username Password Form” execution isn’t set to Required. Are you getting the username/password form when you try to run the example?

mkg20001 · August 4, 2021, 5:28pm

I’ve recompiled it with requiresUser true

If I add the “Require group” at the bottom, like the README says, it gives me an “Invalid username or password error” but no password form is ever shown. It might be because I’m already signed in

If I move the “Require Group” below, then I’m getting signed-in, even though the user does not have the staff group

Edit: I’m using Keycloak 15

Topic		Replies	Views
Extension to org.keycloak.forms.login.LoginFormsProviderFactory breaking Keycloak 17 Extending the server	1	870	March 3, 2022
What is the reason for the null error	0	705	August 11, 2021
Unexpected error when handling authentication request to identity provider after upgrade 21.0.1 Securing applications authentication	2	6070	April 17, 2023
NullPointerException in DefaultHostnameProvider when authenticating authentication	1	1019	May 31, 2022
Error while obtaining Keycloak instance Securing applications	2	3079	May 26, 2021

context.getUser() in authenticate flow returns null

Related Topics