You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm having some troubles setting up Keycloak + Privacyidea + Yubikeys.
Both Keycloak and PI Servers are running and individually doing what they are supposed to do.
I have enrolled the Yubikeys in PI in AES mode with PI handling the private key of the yubikey.
When I try to login on the Keycloak server however I get an error:
2022-05-25 11:52:30,572 WARN [org.keycloak.services] (executor-thread-0) KC-SERVICES0013: Failed authentication: java.lang.ClassCastException: class com.google.gson.JsonNull cannot be cast to class com.google.gson.JsonPrimitive (com.google.gson.JsonNull and com.google.gson.JsonPrimitive are in unnamed module of loader io.quarkus.bootstrap.runner.RunnerClassLoader @368239c8)
at com.google.gson.JsonObject.getAsJsonPrimitive(JsonObject.java:172)
at org.privacyidea.JSONParser.getString(JSONParser.java:508)
at org.privacyidea.JSONParser.parsePIResponse(JSONParser.java:149)
at org.privacyidea.PrivacyIDEA.validateCheck(PrivacyIDEA.java:129)
at org.privacyidea.authenticator.PrivacyIDEAAuthenticator.action(PrivacyIDEAAuthenticator.java:402)
at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:169)
at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:990)
at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:321)
at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:292)
at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:276)
at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:349)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:380)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:358)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:71)
at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
2022-05-25 11:52:30,597 WARN [org.keycloak.events] (executor-thread-0) type=LOGIN_ERROR, realmId=MY_REALM, clientId=account-console, userId=null, ipAddress=213.240.178.59, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=https://OUR.DOMAIN.com/realms/MY_REALM/account/#/, code_id=8fbf381f-3136-4f0d-93d9-5cc60ce281c7, authSessionParentId=8fbf381f-3136-4f0d-93d9-5cc60ce281c7, authSessionTabId=fuRGK8eT7NQ
It Looks like something in the JSON is Null that's not supposed to be Null.
The PI server logs show, that the authentication went through successfully.
Also the response just before this log entry looks quite promising (Log also from Keycloak):
Hi, i don't think you did something wrong - the provider should not crash because of something this trivial.
The problem is the version number. If you look at the response it says "version": "privacyIDEA None". There should also be a field "versionNumber" which seems to be missing if the version number can not be found in the server. I remember we had the same problem some time ago, but i referred to the server because i do not know much of it. I think it had to do with the python virtual env. However, for this provider, the problem will be fixed in the next version which should be released soon.
If you need it fixed quick, you can just comment the line https://github.com/privacyidea/java-client/blob/8153196d38cb8b810627e6ff6c08f0d38f304ad2/src/main/java/org/privacyidea/JSONParser.java#L155 (its 155 in the version in the main branch) and compile it according to the readme of this repo.
thank you for your quick response.
I'll see if I can get a maven build environment setup to compile it myself, but in any case I'm looking forward to the next version release :)
Hello,
I'm having some troubles setting up Keycloak + Privacyidea + Yubikeys.
Both Keycloak and PI Servers are running and individually doing what they are supposed to do.
I have enrolled the Yubikeys in PI in AES mode with PI handling the private key of the yubikey.
When I try to login on the Keycloak server however I get an error:
It Looks like something in the JSON is Null that's not supposed to be Null.
The PI server logs show, that the authentication went through successfully.
Also the response just before this log entry looks quite promising (Log also from Keycloak):
In case it matters:
The two omitted signatures are not identical.
Any idea if I did something wrong to cause this?
The text was updated successfully, but these errors were encountered: