IdentityBrokerException->NullPointerException in RH-SSO on SAML IdP Response

Solution Verified - Updated -

Issue

  • Authentication fails
  • Log has this exception:

    ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-8) Uncaught server error: org.keycloak.broker.provider.IdentityBrokerException: Could not process response from SAML identity provider.
        at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpoint.java:469)
        at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoint.java:504)
        at org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:244)
        at org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:160)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
        ...
    Caused by: java.lang.NullPointerException
        at java.util.regex.Matcher.getTextLength(Unknown Source)
        at java.util.regex.Matcher.reset(Unknown Source)
        at java.util.regex.Matcher.<init>(Unknown Source)
        at java.util.regex.Pattern.matcher(Unknown Source)
        at java.util.regex.Pattern.split(Unknown Source)
        at org.keycloak.broker.provider.util.IdentityBrokerState.encoded(IdentityBrokerState.java:41)
        at org.keycloak.services.resources.IdentityBrokerService.parseEncodedSessionCode(IdentityBrokerService.java:987)
        at org.keycloak.services.resources.IdentityBrokerService.authenticated(IdentityBrokerService.java:497)
        at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpoint.java:465)
        ... 74 more
    

Environment

  • Red Hat Single Sign-On (RH-SSO) 7
  • SAML
  • Brokered Identity/User Federation with SAML Identity Provider
  • SAML Post Binding on the Identity Provider

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In