NPE in AuthenticationManager backchannelLogout #23306
Comments
ghost
added
thomasdarimont
added a commit
to thomasdarimont/keycloak
that referenced
this issue
Sep 17, 2023
Previously, if the user was already removed from the userSession and the log level was set to DEBUG, then an NPE was triggered by the debug log statement during backchannelLogout. Fixes keycloak#23306
ahus1
pushed a commit
that referenced
this issue
Sep 18, 2023
Previously, if the user was already removed from the userSession and the log level was set to DEBUG, then an NPE was triggered by the debug log statement during backchannelLogout. Fixes #23306
|
Thank you for fixing this. If you'd create a backport for KC22, I'd be happy to merge that PR as well. |
thomasdarimont
added a commit
to thomasdarimont/keycloak
that referenced
this issue
Sep 18, 2023
Previously, if the user was already removed from the userSession and the log level was set to DEBUG, then an NPE was triggered by the debug log statement during backchannelLogout. Fixes keycloak#23306 (cherry picked from commit 04d16ed)
srose
pushed a commit
to srose/keycloak
that referenced
this issue
Dec 20, 2023
Previously, if the user was already removed from the userSession and the log level was set to DEBUG, then an NPE was triggered by the debug log statement during backchannelLogout. Fixes keycloak#23306
kamontat
pushed a commit
to kamontat/keycloak
that referenced
this issue
Jan 20, 2024
Previously, if the user was already removed from the userSession and the log level was set to DEBUG, then an NPE was triggered by the debug log statement during backchannelLogout. Fixes keycloak#23306 Signed-off-by: Kamontat Chantrachirathumrong <14089557+kamontat@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Before reporting an issue
Area
core
Describe the bug
In a customer project we observed UncaughtServerErrors which where caused by NPEs being thrown in AuthenticationManager#backchannelLogout. This is caused by accessing the user variable obtained from
userSession.getUser()without a proper null check.Version
22.0.1
Expected behavior
Should logout
nullfor the username instead of throwing a NPE.Actual behavior
BackchannelLogout sometimes yields an UncaughtServerError based on an NPE in AuthenticationManager#backchannelLogout.
How to Reproduce?
Hard to reproduce, as we need to create the sitation where the userSession is still present but the user object is gone.
Anything else?
No response
The text was updated successfully, but these errors were encountered: