2019-06-04 16:05:51,467 ERROR [org.keycloak.events.EventBuilder] (default task-30) Failed to save event: java.lang.NullPointerException: Null keys are not supported!
2019-06-04 16:05:51,467 WARN [org.keycloak.events] (default task-30) type=LOGIN_ERROR, realmId=service_virtualization, clientId=virtual-service-catalog, userId=null, ipAddress=a.b.c.d, error=invalid_user_credentials, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, username=abc
The instructions from the documentation were followed:
https://docops.ca.com/devtest-solutions/10-5/en/administering/security/identity-and-access-manager/configure-user-federation-ldap
Imported an existing working LDAP configuration into IAM (authentication-providers.xml)
The 'Test connection' and 'Test authentication' worked without error.
Release : 10.x
Component : CA Application Test
1) In IAM the User Federation settings were changed.
ou in Users DN was changed from:
ou=XYZ Accounts,DC=au,DC=example,DC=com
to:
ou=ABC Accounts,DC=au,DC=example,DC=com
Note: AD explorer can be used to identify the group or ou that should be used for the Users DN.
2) In IAM the User Federation group settings were changed:
LDAP Groups DN from:
OU=groups,DC=au,DC=example,DC=com
to:
DC=au,DC=example,DC=com
Note: LDAP filter can be used to limit the number of groups that will need to be synced.
Or a specific LDAP group can be specified to sync.
If LDAP is only used for authentication and not to assign Roles to LDAP groups, then there is no need to sync groups.
Note that when setting up an additional User Federation for a different group of users, that these users have at least one default role.