Integrating RH-SSO with PingFederate resulting in error "No content to map due to end-of-input"

Solution Verified - Updated -

Issue

  • When a new user account is created in the RH-SSO realm, authentication fails. The error stack trace looks like this:

    WARN  [org.keycloak.events] (default task-50) type=LOGIN_ERROR, realmId=test, clientId=null, userId=null, ipAddress=xx.xx.xx.xx, error=identity_provider_login_failure
    WARN [org.keycloak.models.sessions.infinispan.changes.InfinispanChangelogBasedTransaction] (default task-38) Not present cache item for key LoginFailureKey [ realmId=pingfederate. userId=72f1a052-c11d-45bf-8227-6eb0e6de54ee ]
    ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-40) Failed to make identity provider oauth callback: java.lang.RuntimeException: Error when loading public keys
    at org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider.getPublicKey(InfinispanPublicKeyStorageProvider.java:166)
    at org.keycloak.keys.loader.PublicKeyStorageManager.getIdentityProviderPublicKey(PublicKeyStorageManager.java:75)
    at org.keycloak.broker.oidc.OIDCIdentityProvider.verify(OIDCIdentityProvider.java:452)
    at org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdentityProvider.java:471)
    at org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdentityProvider.java:460)
    at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:350)
    at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:399)
    at sun.reflect.GeneratedMethodAccessor843.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
    at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
    ...
    at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    ...
    Caused by: java.util.concurrent.ExecutionException: com.fasterxml.jackson.databind.JsonMappingException: No content to map due to end-of-input
    at [Source: ; line: 1, column: 0]
    at java.util.concurrent.FutureTask.report(FutureTask.java:122)
    at java.util.concurrent.FutureTask.get(FutureTask.java:192)
    at org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider.getPublicKey(InfinispanPublicKeyStorageProvider.java:157)
    ... 66 more
    Caused by: com.fasterxml.jackson.databind.JsonMappingException: No content to map due to end-of-input at [Source: ; line: 1, column: 0]
    at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270)
    at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3854)
    at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3799)
    at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2858)
    at org.keycloak.util.JsonSerialization.readValue(JsonSerialization.java:73)
    at org.keycloak.protocol.oidc.utils.JWKSHttpUtils.sendJwksRequest(JWKSHttpUtils.java:41)
    at org.keycloak.keys.loader.OIDCIdentityProviderPublicKeyLoader.loadKeys(OIDCIdentityProviderPublicKeyLoader.java:54)
    at org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider$WrapperCallable.call(InfinispanPublicKeyStorageProvider.java:221)
    at org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider$WrapperCallable.call(InfinispanPublicKeyStorageProvider.java:201)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider.getPublicKey(InfinispanPublicKeyStorageProvider.java:151)
    ... 66 more
    

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7.2.2
  • JSON Web Key Set (JWKS)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In