search cancel

IAM LDAP Authentication fails with error: Null keys are not supported


Article ID: 134302


Updated On:


CA Application Test


Logging in with a userid defined in LDAP fails and shows the following error in the server.log from IAM: 

2019-06-04 16:05:51,467 ERROR [] (default task-30) Failed to save event: java.lang.NullPointerException: Null keys are not supported!

2019-06-04 16:05:51,467 WARN [] (default task-30) type=LOGIN_ERROR, realmId=service_virtualization, clientId=virtual-service-catalog, userId=null, ipAddress=a.b.c.d, error=invalid_user_credentials, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, username=abc

The instructions from the documentation were followed:

Imported an existing working LDAP configuration into IAM (authentication-providers.xml)

The 'Test connection' and 'Test authentication' worked without error.


Release : 10.x

Component : CA Application Test


1) In IAM the User Federation settings were changed.

ou in Users DN was changed from:

ou=XYZ Accounts,DC=au,DC=example,DC=com


ou=ABC Accounts,DC=au,DC=example,DC=com

Note: AD explorer can be used to identify the group or ou that should be used for the Users DN.

2) In IAM the User Federation group settings were changed:

LDAP Groups DN from:




Note: LDAP filter can be used to limit the number of groups that will need to be synced.

Or a specific LDAP group can be specified to sync.

If LDAP is only used for authentication and not to assign Roles to LDAP groups, then there is no need to sync groups.

Additional Information

Note that when setting up an additional User Federation for a different group of users, that these users have at least one default role.