Access Token is not being passed from Keycloak to OpenOlat
15 views
Skip to first unread message
Emilian Adick
Aug 6, 2024, 10:53:34 AM8/6/24
to OpenOlat
Hello everyone,
Im currently running into some problems while setting up SSO for OpenOlat using OpenID Connect and Keycloak.
I have set up a working client and entered the information needed in OpenOlat. When I click on 'Login with Keycloak' on the login page of OpenOlat I am redirected to a Keycloak login form. When I enter the user credentials I am presented with an 'Authentication unsuccessful' error. The Keycloak logs dont show any errors but the olat.log does:
Unexpected error java.lang.NullPointerException: Cannot invoke "com.github.scribejava.core.model.OAuth2AccessToken.getAccessToken()" because "accessToken" is null\n at org.olat.login.oauth.spi.OpenIdConnectFullConfigurableProvider.getUser(OpenIdConnectFullConfigurableProvider.java:136)\n at org.olat.login.oauth.OAuthDispatcher.execute(OAuthDispatcher.java:163)\n at org.olat.core.servlets.OpenOLATServlet.executeUserRequest(OpenOLATServlet.java:307)\n at org.olat.core.servlets.OpenOLATServlet.doGet(OpenOLATServlet.java:216)\n at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564)\n at org.olat.core.servlets.OpenOLATServlet.service(OpenOLATServlet.java:167)\n at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)\n at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195)\n at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)\n at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)\n at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)\n at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)\n at org.olat.core.servlets.HeadersFilter.doFilter(HeadersFilter.java:38)\n at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)\n at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)\n at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)\n at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)\n at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:483)\n at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)\n at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)\n at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:663)\n at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)\n at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)\n at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389)\n at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)\n at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:904)\n at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741)\n at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)\n at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)\n at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)\n at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)\n at java.base/java.lang.Thread.run(Thread.java:840)
From my understanding the log is saying that Keycloak doesnt pass the Access Token over to OpenOlat, but when Im looking at the network analysis I can see the full token being sent.
Anyone got an idea on how to fix this?
Thanks
Unexpected error java.lang.NullPointerException: Cannot invoke "com.github.scribejava.core.model.OAuth2AccessToken.getAccessToken()" because "accessToken" is null\n at org.olat.login.oauth.spi.OpenIdConnectFullConfigurableProvider.getUser(OpenIdConnectFullConfigurableProvider.java:136)\n at org.olat.login.oauth.OAuthDispatcher.execute(OAuthDispatcher.java:163)\n at org.olat.core.servlets.OpenOLATServlet.executeUserRequest(OpenOLATServlet.java:307)\n at org.olat.core.servlets.OpenOLATServlet.doGet(OpenOLATServlet.java:216)\n at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564)\n at org.olat.core.servlets.OpenOLATServlet.service(OpenOLATServlet.java:167)\n at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)\n at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195)\n at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)\n at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)\n at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)\n at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)\n at org.olat.core.servlets.HeadersFilter.doFilter(HeadersFilter.java:38)\n at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)\n at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)\n at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)\n at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)\n at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:483)\n at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)\n at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)\n at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:663)\n at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)\n at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)\n at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389)\n at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)\n at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:904)\n at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741)\n at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)\n at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)\n at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)\n at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)\n at java.base/java.lang.Thread.run(Thread.java:840)
From my understanding the log is saying that Keycloak doesnt pass the Access Token over to OpenOlat, but when Im looking at the network analysis I can see the full token being sent.
Anyone got an idea on how to fix this?
Thanks
Emilian
Reply all
Reply to author
Forward
0 new messages