Integrating RH-SSO with PingFederate resulting in error "No content to map due to end-of-input"

Solution Verified - Updated -

Issue

  • When a new user account is created in the RH-SSO realm, authentication fails. The error stack trace looks like this:

    WARN  [org.keycloak.events] (default task-50) type=LOGIN_ERROR, realmId=test, clientId=null, userId=null, ipAddress=xx.xx.xx.xx, error=identity_provider_login_failure
WARN [org.keycloak.models.sessions.infinispan.changes.InfinispanChangelogBasedTransaction] (default task-38) Not present cache item for key LoginFailureKey [ realmId=pingfederate. userId=72f1a052-c11d-45bf-8227-6eb0e6de54ee ]
ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-40) Failed to make identity provider oauth callback: java.lang.RuntimeException: Error when loading public keys
at org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider.getPublicKey(InfinispanPublicKeyStorageProvider.java:166)
at org.keycloak.keys.loader.PublicKeyStorageManager.getIdentityProviderPublicKey(PublicKeyStorageManager.java:75)
at org.keycloak.broker.oidc.OIDCIdentityProvider.verify(OIDCIdentityProvider.java:452)
at org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdentityProvider.java:471)
at org.keycloak.broker.oidc.OIDCIdentityProvider.validateToken(OIDCIdentityProvider.java:460)
at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:350)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:399)
at sun.reflect.GeneratedMethodAccessor843.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
...
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
...
Caused by: java.util.concurrent.ExecutionException: com.fasterxml.jackson.databind.JsonMappingException: No content to map due to end-of-input
at [Source: ; line: 1, column: 0]
at java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.util.concurrent.FutureTask.get(FutureTask.java:192)
at org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider.getPublicKey(InfinispanPublicKeyStorageProvider.java:157)
... 66 more
Caused by: com.fasterxml.jackson.databind.JsonMappingException: No content to map due to end-of-input at [Source: ; line: 1, column: 0]
at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270)
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3854)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3799)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2858)
at org.keycloak.util.JsonSerialization.readValue(JsonSerialization.java:73)
at org.keycloak.protocol.oidc.utils.JWKSHttpUtils.sendJwksRequest(JWKSHttpUtils.java:41)
at org.keycloak.keys.loader.OIDCIdentityProviderPublicKeyLoader.loadKeys(OIDCIdentityProviderPublicKeyLoader.java:54)
at org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider$WrapperCallable.call(InfinispanPublicKeyStorageProvider.java:221)
at org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider$WrapperCallable.call(InfinispanPublicKeyStorageProvider.java:201)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProvider.getPublicKey(InfinispanPublicKeyStorageProvider.java:151)
... 66 more

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7.2.2
  • JSON Web Key Set (JWKS)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content