Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-12038

Null UserPrincipal when elytron application-security-domain is set

    Details

    • Steps to Reproduce:
      Hide
      • Install keycloak server and start it (create user admin, password admin).
      • Add a new role: "user", make the admin user to be in the role.
      • Create a SAML client named "app-profile-saml-jee-jsp"
      • Click on Installation, select Format Option Keycloak SAML WildFly/JBoss Subsystem
      • Copy the XML content, will be used to configure the subsystem
      • Download the SAML adapter
      • Unzip it on top of a clean wildfly: unzip ~/Downloads/keycloak-saml-wildfly-adapter-dist-7.0.1.zip -d wildfly
      • Install the adapter cd wildfly/bin; sh ./jboss-cli.sh --file=adapter-elytron-install-saml-offline.cli
      • In standalone.xml, add the XML snippet in keycloak-saml subsystem, update the war name with app-and logout page .
      • Copy generated war file to deployments dir.
      • Start wildfly
      • Click on login ==> NPE
      • Stop wildfly server. Remove the application-security-domain "other".
      • Start wildfly
      • Reload the page
      • Click login again.
      • You will be redirected to log with keycloak.
      Show
      Install keycloak server and start it (create user admin, password admin). Add a new role: "user", make the admin user to be in the role. Create a SAML client named "app-profile-saml-jee-jsp" Click on Installation, select Format Option Keycloak SAML WildFly/JBoss Subsystem Copy the XML content, will be used to configure the subsystem Download the SAML adapter Unzip it on top of a clean wildfly: unzip ~/Downloads/keycloak-saml-wildfly-adapter-dist-7.0.1.zip -d wildfly Install the adapter cd wildfly/bin; sh ./jboss-cli.sh --file=adapter-elytron-install-saml-offline.cli In standalone.xml, add the XML snippet in keycloak-saml subsystem, update the war name with app-and logout page . Build https://github.com/redhat-developer/redhat-sso-quickstarts/tree/7.0.x-ose/app-profile-saml-jee-jsp Copy generated war file to deployments dir. Start wildfly access to http://127.0.0.1:8080/app-profile-saml Click on login ==> NPE Stop wildfly server. Remove the application-security-domain "other". Start wildfly Reload the page Click login again. You will be redirected to log with keycloak.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      When deploying project app-profile-saml in WildFly 18 with elytron security, we got an NPE when retrieving Principal.
      The steps to reproduce are attached. Just unzip the adapter and configure the elytron-saml-adaptor with CLI script.

      When the application-security-domain "other" is removed, the application seems to work properly and no NPE is observed. So the deployment seems to operate properly without legacy security nor elytron adapter, Is the elytron or legacy security-domain configuration required?

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor Silva
                Reporter:
                jdenise Jean Francois Denise
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: