2019-06-04 16:05:51,467 ERROR [org.keycloak.events.EventBuilder] (default task-30) Failed to save event: java.lang.NullPointerException: Null keys are not supported!

2019-06-04 16:05:51,467 WARN [org.keycloak.events] (default task-30) type=LOGIN_ERROR, realmId=service_virtualization, clientId=virtual-service-catalog, userId=null, ipAddress=a.b.c.d, error=invalid_user_credentials, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, username=abc

The instructions from the documentation were followed:

https://docops.ca.com/devtest-solutions/10-5/en/administering/security/identity-and-access-manager/configure-user-federation-ldap

Imported an existing working LDAP configuration into IAM (authentication-providers.xml)

The 'Test connection' and 'Test authentication' worked without error.

Release : 10.x

Component : CA Application Test

1) In IAM the User Federation settings were changed.

ou in Users DN was changed from:

ou=XYZ Accounts,DC=au,DC=example,DC=com

to:

ou=ABC Accounts,DC=au,DC=example,DC=com

Note: AD explorer can be used to identify the group or ou that should be used for the Users DN.

2) In IAM the User Federation group settings were changed:

LDAP Groups DN from:

OU=groups,DC=au,DC=example,DC=com

to:

DC=au,DC=example,DC=com

Note: LDAP filter can be used to limit the number of groups that will need to be synced.

Or a specific LDAP group can be specified to sync.

If LDAP is only used for authentication and not to assign Roles to LDAP groups, then there is no need to sync groups.

Note that when setting up an additional User Federation for a different group of users, that these users have at least one default role.