Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13815

UnsupportedOperationException when having role LDAP mapper and no-import mode

    Details

    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Make sure that there is at least one realm default role. Create some "dummy role" if none of the "default" default roles (offline_access, uma_authorization etc) is supposed to work.

      Show
      Make sure that there is at least one realm default role. Create some "dummy role" if none of the "default" default roles (offline_access, uma_authorization etc) is supposed to work.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Possible steps to reproduce:

      • Create realm like "ldap1"
      • Go to the "Roles" tab of the realm and delete all realm default roles. Delete also all default roles for "account" client (Not 100% sure this is needed, but probably yes).
      • Create LDAP provider and set "Import Mode" to OFF
      • Create Role LDAP mapper to map some roles from LDAP. Configure "LDAP Roles DN" to some roles from your LDAP and keep all other options default. After creating mapper, sync roles from LDAP to Keycloak
      • Open URL "http://localhost:8081/auth/realms/ldap1/account" and try to login as some user from LDAP. There is internal server error and the exception with stacktrace like this:
        15:40:43,985 ERROR XNIO-1 task-12 [org.keycloak.services.error.KeycloakErrorHandler] Uncaught server error
        java.lang.UnsupportedOperationException
        	at java.util.AbstractCollection.add(AbstractCollection.java:262)
        	at java.util.AbstractCollection.addAll(AbstractCollection.java:344)
        	at org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper$LDAPRoleMappingsUserDelegate.getRoleMappings(RoleLDAPStorageMapper.java:408)
        	at org.keycloak.models.cache.infinispan.entities.CachedUser.lambda$new$1(CachedUser.java:71)
        	at org.keycloak.models.cache.infinispan.DefaultLazyLoader.get(DefaultLazyLoader.java:43)
        	at org.keycloak.models.cache.infinispan.entities.CachedUser.getRoleMappings(CachedUser.java:116)
        	at org.keycloak.models.cache.infinispan.UserAdapter.hasRole(UserAdapter.java:313)
        	at org.keycloak.services.managers.Auth.hasClientRole(Auth.java:115)
        	at org.keycloak.services.managers.Auth.require(Auth.java:84)
        	at org.keycloak.services.resources.account.AccountFormService.forwardToPage(AccountFormService.java:202)
        	at org.keycloak.services.resources.account.AccountFormService.accountPage(AccountFormService.java:256)
        	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        	at java.lang.reflect.Method.invoke(Method.java:498)
        	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
        	at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:517)
        

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  mposolda Marek Posolda
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated: