-
Bug
-
Resolution: Done
-
Undefined
-
None
-
False
-
-
False
-
-
Before reporting an issue
[X] I have searched existing issues
[X] I have reproduced the issue with the latest nightly release
Area
import-export
Describe the bug
kc export fails to export users when file-based Vault is enabled, even when it’s not actually used for the bind credentials.
A similar issue was reported on Discourse three years ago: Export/Import fails while using a vault. It still persists and I didn’t find any issue here.
Version
22.0.1
Expected behavior
kc export with users should work when LDAP federation and file-based vault is used.
Actual behavior
```
Caused by: java.lang.NullPointerException: Cannot invoke "org.keycloak.models.RealmModel.getName()" because the return value of "org.keycloak.models.KeycloakContext.getRealm()" is null
at org.keycloak.vault.AbstractVaultProviderFactory.getRealmName(AbstractVaultProviderFactory.java:112)
at org.keycloak.vault.FilesPlainTextVaultProviderFactory.create(FilesPlainTextVaultProviderFactory.java:33)
at org.keycloak.vault.FilesPlainTextVaultProviderFactory.create(FilesPlainTextVaultProviderFactory.java:18)
```
Full stack trace:
```
$ kc --verbose export --optimized --realm xxx --dir export
2023-08-22 15:53:35,320 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: xxxxxxxxxxxx, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: true
2023-08-22 15:53:36,703 WARN [io.quarkus.runtime.configuration.DeprecatedRuntimePropertiesRecorder] (main) The 'quarkus.http.ssl.certificate.file' config property is deprecated and should not be used anymore
2023-08-22 15:53:36,703 WARN [io.quarkus.runtime.configuration.DeprecatedRuntimePropertiesRecorder] (main) The 'quarkus.http.ssl.certificate.key-file' config property is deprecated and should not be used anymore
2023-08-22 15:53:36,928 WARN [io.quarkus.agroal.runtime.DataSources] (main) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly
2023-08-22 15:53:37,580 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2023-08-22 15:53:37,776 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2023-08-22 15:53:38,607 WARN [io.quarkus.vertx.http.runtime.VertxHttpRecorder] (main) The X-Forwarded-* and Forwarded headers will be considered when determining the proxy address. This configuration can cause a security issue as clients can forge requests and send a forwarded header that is not overwritten by the proxy. Please consider use one of these headers just to forward the proxy address in requests.
2023-08-22 15:53:39,052 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_571654, Site name: null
2023-08-22 15:53:39,059 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2023-08-22 15:53:39,696 INFO [org.keycloak.services] (main) KC-SERVICES0034: Export of realm 'xxx' requested.
2023-08-22 15:53:40,445 INFO [org.keycloak.exportimport.dir.DirExportProvider] (main) Exporting into directory /var/lib/keycloak/export
2023-08-22 15:53:40,520 INFO [org.keycloak.exportimport.dir.DirExportProvider] (main) Realm 'xxx' - data exported
2023-08-22 15:53:40,614 INFO [org.keycloak.storage.ldap.LDAPIdentityStoreRegistry] (main) Creating new LDAP Store for the LDAP storage provider: 'LDAP', LDAP Configuration:
, binaryAttributes: []
2023-08-22 15:53:40,781 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (import_export) mode
2023-08-22 15:53:40,782 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) Error details:: org.keycloak.models.ModelException: LDAP Queryfailed
at org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:171)
at org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getFirstResult(LDAPQuery.java:178)
at org.keycloak.storage.ldap.LDAPStorageProvider.loadLDAPUserByUuid(LDAPStorageProvider.java:839)
at org.keycloak.storage.ldap.LDAPStorageProvider.loadAndValidateUser(LDAPStorageProvider.java:498)
at org.keycloak.storage.ldap.LDAPStorageProvider.validate(LDAPStorageProvider.java:173)
at org.keycloak.storage.UserStorageManager.importValidation(UserStorageManager.java:127)
at org.keycloak.storage.UserStorageManager.getUserById(UserStorageManager.java:352)
at org.keycloak.models.cache.infinispan.UserCacheSession.getUserById(UserCacheSession.java:217)
at org.keycloak.models.jpa.JpaUserProvider.lambda$searchForUserStream$5(JpaUserProvider.java:753)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.Iterator.forEachRemaining(Iterator.java:133)
at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1845)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
at org.keycloak.utils.ClosingStream.forEach(ClosingStream.java:128)
at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:276)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
at java.base/java.util.stream.Streams$StreamBuilderImpl.forEachRemaining(Streams.java:411)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:734)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:734)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
at org.keycloak.exportimport.util.MultipleStepsExportProvider$2.runExportImportTask(MultipleStepsExportProvider.java:136)
at org.keycloak.exportimport.util.ExportImportSessionTask.run(ExportImportSessionTask.java:35)
at org.keycloak.models.utils.KeycloakModelUtils.lambda$runJobInTransaction$1(KeycloakModelUtils.java:261)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransactionWithResult(KeycloakModelUtils.java:383)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:260)
at org.keycloak.exportimport.util.MultipleStepsExportProvider.exportRealmImpl(MultipleStepsExportProvider.java:129)
at org.keycloak.exportimport.util.MultipleStepsExportProvider.exportRealm(MultipleStepsExportProvider.java:85)
at org.keycloak.exportimport.util.MultipleStepsExportProvider.exportModel(MultipleStepsExportProvider.java:58)
at org.keycloak.exportimport.ExportImportManager.runExport(ExportImportManager.java:163)
at org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:151)
at org.keycloak.quarkus.runtime.integration.QuarkusLifecycleObserver.onStartupEvent(QuarkusLifecycleObserver.java:37)
at org.keycloak.quarkus.runtime.integration.QuarkusLifecycleObserver_Observer_onStartupEvent_c9888fa6c2aa9208d4625ee9d83de6fd77e22c83.notify(Unknown Source)
at io.quarkus.arc.impl.EventImpl$Notifier.notifyObservers(EventImpl.java:346)
at io.quarkus.arc.impl.EventImpl$Notifier.notify(EventImpl.java:328)
at io.quarkus.arc.impl.EventImpl.fire(EventImpl.java:82)
at io.quarkus.arc.runtime.ArcRecorder.fireLifecycleEvent(ArcRecorder.java:155)
at io.quarkus.arc.runtime.ArcRecorder.handleLifecycleEvents(ArcRecorder.java:106)
at io.quarkus.deployment.steps.LifecycleEventsBuildStep$startupEvent1144526294.deploy_0(Unknown Source)
at io.quarkus.deployment.steps.LifecycleEventsBuildStep$startupEvent1144526294.deploy(Unknown Source)
at io.quarkus.runner.ApplicationImpl.doStart(Unknown Source)
at io.quarkus.runtime.Application.start(Application.java:101)
at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:111)
at io.quarkus.runtime.Quarkus.run(Quarkus.java:71)
at org.keycloak.quarkus.runtime.KeycloakMain.start(KeycloakMain.java:98)
at org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.run(AbstractStartCommand.java:37)
at org.keycloak.quarkus.runtime.cli.command.AbstractExportImportCommand.run(AbstractExportImportCommand.java:47)
at picocli.CommandLine.executeUserObject(CommandLine.java:2026)
at picocli.CommandLine.access$1500(CommandLine.java:148)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2461)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2453)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2415)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2273)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2417)
at picocli.CommandLine.execute(CommandLine.java:2170)
at org.keycloak.quarkus.runtime.cli.Picocli.parseAndRun(Picocli.java:100)
at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:88)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at io.quarkus.bootstrap.runner.QuarkusEntryPoint.doRun(QuarkusEntryPoint.java:61)
at io.quarkus.bootstrap.runner.QuarkusEntryPoint.main(QuarkusEntryPoint.java:32)
Caused by: org.keycloak.models.ModelException: Querying of LDAP failed org.keycloak.storage.ldap.idm.query.internal.LDAPQuery@4b02dc4e
at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:289)
at org.keycloak.storage.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:167)
... 70 more
Caused by: java.lang.NullPointerException: Cannot invoke "org.keycloak.models.RealmModel.getName()" because the return value of "org.keycloak.models.KeycloakContext.getRealm()" is null
at org.keycloak.vault.AbstractVaultProviderFactory.getRealmName(AbstractVaultProviderFactory.java:112)
at org.keycloak.vault.FilesPlainTextVaultProviderFactory.create(FilesPlainTextVaultProviderFactory.java:33)
at org.keycloak.vault.FilesPlainTextVaultProviderFactory.create(FilesPlainTextVaultProviderFactory.java:18)
at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:177)
at org.keycloak.services.DefaultKeycloakSession.vault(DefaultKeycloakSession.java:345)
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.getVaultSecret(LDAPContextManager.java:108)
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.createLdapContext(LDAPContextManager.java:72)
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.getLdapContext(LDAPContextManager.java:100)
at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:709)
at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:704)
at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.lookupById(LDAPOperationManager.java:410)
at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:261)
... 71 more
```
How to Reproduce?
Set up User Federation LDAP and file-based vault, run kc.sh export --dir export.
Anything else?
No response
- links to