We have recently migrated our users from LDAP to AD groups. But few of our users are not able to authenticate with AD. Getting below error in IAM server.log.
WARN [org.keycloak.events] (default task-64) type=LOGIN_ERROR, realmId=service_virtualization, clientId=virtual-service-catalog, userId=null, ipAddress=xx.xx.xx.xx, error=invalid_user_credentials, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, username=XXXXXX
INFO [org.keycloak.services] (default task-105) KC-SERVICES0087: Syncing data for mapper 'groupMapper' of type 'group-ldap-mapper'. Direction: fedToKeycloak
ERROR [org.keycloak.events.EventBuilder] (default task-125) Failed to save event: java.lang.NullPointerException: Null keys are not supported!
Release : 10.6 and up
Component : CA Service Virtualization
The groups that were created are universal groups across multiple domains that was causing this issue. The users from the domain to which binding DN belonged were only able to login.
Issue got resolved by adding another provider for other domain with higher priority and mapping the users accordingly.