Failed to add user when realm initializing realm(ver 10.0.1)

[Send Help]

Hello all, 

I'm getting a NullPointer exception on Keycloak version 10.0.1, when adding a user account when using docker.

Docker image: quay.io/keycloak/keycloak:10.0.1

Docker run command used: docker run -e KEYCLOAK_USER=keycloak -e KEYCLOAK_PASSWORD=Password1 -p 8080:8080 -p 9100:9100 --name Keycloak quay.io/keycloak/keycloak:10.0.1 --debug *:9100

Some logs on start up:

...

Added 'keycloak' to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user

--debug *:9100

...

Even after restarting the server, the user is still not added. Inspecting the container I can see that the keycloak-add-user.json is present

Full stack trace:

11:19:59,701 INFO [org.keycloak.services] (ServerService Thread Pool -- 72) KC-SERVICES0050: Initializing master realm

11:20:02,729 INFO [org.keycloak.services] (ServerService Thread Pool -- 72) KC-SERVICES0006: Importing users from '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'

11:20:03,337 ERROR [org.keycloak.services] (ServerService Thread Pool -- 72) KC-SERVICES0011: Failed to add user 'keycloak' to realm 'master': java.lang.NullPointerException

at org.keycloak.ke...@10.0.1//org.keycloak.credential.UserCredentialStoreManager.lambda$createCredentialThroughProvider$1(UserCredentialStoreManager.java:121)

at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:176)

at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)

at java.base/java.util.LinkedList$LLSpliterator.forEachRemaining(LinkedList.java:1239)

at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)

at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)

at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)

at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)

at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)

at org.keycloak.ke...@10.0.1//org.keycloak.credential.UserCredentialStoreManager.createCredentialThroughProvider(UserCredentialStoreManager.java:122)

at org.keycloak.keycloa...@10.0.1//org.keycloak.models.utils.RepresentationToModel.createCredentials(RepresentationToModel.java:1827)

at org.keycloak.ke...@10.0.1//org.keycloak.services.resources.KeycloakApplication.importAddUser(KeycloakApplication.java:389)

at org.keycloak.ke...@10.0.1//org.keycloak.services.resources.KeycloakApplication.migrateAndBootstrap(KeycloakApplication.java:234)

at org.keycloak.ke...@10.0.1//org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:147)

at org.keycloak.keycloa...@10.0.1//org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)

at org.keycloak.ke...@10.0.1//org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:138)

at org.keycloak.keycloa...@10.0.1//org.keycloak.provider.wildfly.WildflyPlatform.onStartup(WildflyPlatform.java:29)

at org.keycloak.ke...@10.0.1//org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:125)

at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)

at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)

at org.jboss.restea...@3.11.2.Final//org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:152)

at org.jboss.restea...@3.11.2.Final//org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2805)

at org.jboss.restea...@3.11.2.Final//org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:369)

at org.jboss.restea...@3.11.2.Final//org.jboss.resteasy.spi.ResteasyDeployment.startInternal(ResteasyDeployment.java:281)

at org.jboss.restea...@3.11.2.Final//org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:92)

at org.jboss.restea...@3.11.2.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:119)

at org.jboss.restea...@3.11.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)

at io.undert...@2.1.0.Final//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)

at org.wildfly.ext...@19.1.0.Final//org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)

at io.undert...@2.1.0.Final//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)

at io.undert...@2.1.0.Final//io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:305)

at io.undert...@2.1.0.Final//io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)

at io.undert...@2.1.0.Final//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:585)

at io.undert...@2.1.0.Final//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:556)

at io.undert...@2.1.0.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)

at io.undert...@2.1.0.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

at org.wildfly.ext...@19.1.0.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

at org.wildfly.ext...@19.1.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)

at org.wildfly.ext...@19.1.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)

at org.wildfly.ext...@19.1.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)

at org.wildfly.ext...@19.1.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)

at io.undert...@2.1.0.Final//io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:598)

at org.wildfly.ext...@19.1.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)

at org.wildfly.ext...@19.1.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)

at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)

at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)

at org.jbos...@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

at org.jbos...@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)

at org.jbos...@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)

at org.jbos...@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)

at java.base/java.lang.Thread.run(Thread.java:834)

at org.jbos...@2.3.3.Final//org.jboss.threads.JBossThread.run(JBossThread.java:485)

Any help troubleshooting / debugging is appreciated.

Regards, Nonkly. 

[Send Help]

Unable to edit my post above, but I have run the add-user-keycloak.sh in the container (sh add-user-keycloak.sh -u keycloak -p Password1 and can see in the standalone/configuration/ that the .json file has been created. But still unable to import the user.

Not sure if something else is causing this issue. I have tried with ver 10.0.2 and still the same result.

[Send Help]

I have managed to find a work around for now. I have to add the provider/ directory after the container has started up. By copying my local provider/ into the container. This allows it to create the keycloak user fine.

I am also able to select my provider from the authentication flow.

[Send Help]

I would like to be able to include the 

And did some debugging on initial start-up to better understand what was going wrong.
https://www.keycloak.org/docs-api/10.0/javadocs/org/keycloak/credential/UserCredentialStoreManager.html#createCredentialThroughProvider-org.keycloak.models.RealmModel-org.keycloak.models.UserModel-org.keycloak.credential.CredentialModel-

In the keycloak-service-10.0.1 -> UserCedentialStoreManager.class -> Line 89.

There is a total of 6 index returned, evaluating that line and change it slightly:

(String)this.session.getKeycloakSessionFactory().getProviderFactories(CredentialProvider.class).get(0).getId().toString();

I went through all the index and was able to get the Id for all of them, include two of the custom CredentialProviderFactory being used by the provider.

After removing evaluate expression and stepping over to line 93, I was not able to step over and get a null point exception.

This is from the KeycloakApplication.class on L365.

Any help would be appreciated. 

[Send Help]

Still have not been able to find out what is wrong. 

Is there a another way to create the initial admin account in Keycloak, without the script (add-keycloak-user.sh)? Or to create the account without going through the "createCredentialThroughProvider" and not use the custom provider?

Stepping through the code. Everything seems fine, in keycloak-services-10.0.1 -> DefayltKeycloakSession.class, the provider is created. At first I thought it was unable to getId, but all debugging suggests otherwise. It seems after making the call to create a new session for CustomCredentialProvider it is unable to continue.

    @Override

    public CredentialProvider create(KeycloakSession session) {

        logger.infof("create called .... for CustomCredentialProvider");

        return new CustomCredentialProvider(session);

    }

Comparing the CustomCredentialProvider with the example given in the keycloak-examples-10.0.1 for the authenticator. I am unable to identify what is going wrong? It seems the same to me. But will dig further to see if I can identify the problem.

If there any bits of information that you would like me to provided, happy to do so.

[Send Help]

Correction the session is actually created. I am able to see this in the debug:



After the session is created, it goes on to create and return the provider and id.

    public CredentialModel createCredentialThroughProvider(RealmModel realm, UserModel user, CredentialModel model) {

        this.throwExceptionIfInvalidUser(user);

        List<CredentialProvider> credentialProviders = (List)this.session.getKeycloakSessionFactory().getProviderFactories(CredentialProvider.class).stream().map((f) -> {

            return (CredentialProvider)this.session.getProvider(CredentialProvider.class, f.getId());

        }).filter((provider) -> {

            return provider.getType().equals(model.getType());

        }).collect(Collectors.toList());

        return credentialProviders.isEmpty() ? null : ((CredentialProvider)credentialProviders.get(0)).createCredential(realm, user, ((CredentialProvider)credentialProviders.get(0)).getCredentialFromModel(model));

    }

However when it returns back to this line:

        List<CredentialProvider> credentialProviders = (List)this.session.getKeycloakSessionFactory().getProviderFactories(CredentialProvider.class).stream().map((f) -> {

I am unable to step over and get java.lang.NullPointerException 🐱‍💻

On Thursday, June 18, 2020 at 3:35:44 PM UTC+1, Send Help wrote:

̶I̶t̶ ̶s̶e̶e̶m̶s̶ ̶a̶f̶t̶e̶r̶ ̶m̶a̶k̶i̶n̶g̶ ̶t̶h̶e̶ ̶c̶a̶l̶l̶ ̶t̶o̶ ̶c̶r̶e̶a̶t̶e̶ ̶a̶ ̶n̶e̶w̶ ̶s̶e̶s̶s̶i̶o̶n̶ ̶f̶o̶r̶ ̶C̶u̶s̶t̶o̶m̶C̶r̶e̶d̶e̶n̶t̶i̶a̶l̶P̶r̶o̶v̶i̶d̶e̶r̶ ̶i̶t̶ ̶i̶s̶ ̶u̶n̶a̶b̶l̶e̶ ̶t̶o̶ ̶c̶o̶n̶t̶i̶n̶u̶e̶.̶