RH-SSO client throws exception "Failed to enforce policy decisions"
Issue
- Authenticated API calls fail with unclear error
-
Exception stack trace is application server has error
java.lang.RuntimeException: Failed to enforce policy decisions. at org.keycloak.adapters.AuthenticatedActionsHandler.isAuthorized(AuthenticatedActionsHandler.java:168)[321:org.keycloak.keycloak-adapter-core:4.8.3.Final-redhat-00001] at org.keycloak.adapters.AuthenticatedActionsHandler.handledRequest(AuthenticatedActionsHandler.java:60) ... Caused by: org.keycloak.authorization.client.util.HttpResponseException: Unexpected response from server: 500 / Internal Server Error / Response from server: {"error":"server_error","error_description":"Unexpected error while evaluating permissions"} at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:95)[323:org.keycloak.keycloak-authz-client:4.8.3.Final-redhat-00001] at org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50)[323:org.keycloak.keycloak-authz-client:4.8.3.Final-redhat-00001] at org.keycloak.authorization.client.resource.AuthorizationResource$1.call(AuthorizationResource.java:90)[323:org.keycloak.keycloak-authz-client:4.8.3.Final-redhat-00001] at org.keycloak.authorization.client.resource.AuthorizationResource$1.call(AuthorizationResource.java:74)[323:org.keycloak.keycloak-authz-client:4.8.3.Final-redhat-00001] at org.keycloak.authorization.client.resource.AuthorizationResource.authorize(AuthorizationResource.java:94)[323:org.keycloak.keycloak-authz-client:4.8.3.Final-redhat-00001] ... 24 more -
RH-SSO server has exception ending with:
Caused by: java.lang.NullPointerException at org.keycloak.authorization.common.KeycloakIdentity.<init>(KeycloakIdentity.java:128) ... 76 more
Environment
- Red Hat Single Sign-On (RH-SSO) 7.3 or earlier
- Open Auth / Open ID Connect (OIDC)
- Authorization Services
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
