NullPointerException when trying to login with Google SSO
mayankag24 opened this issue ยท 23 comments
What happened?
We have recently deployed the klaw v2.9 release in our dev environment and enabled SSO login via Google SSO.
In the core->application.properties, we configured the below property for a superadmin user.
klaw.superadmin.default.username=mayank.redacted@company.com
And when I tried doing user login using the above account via Google SSO, it throws the below error in the logs:
java.lang.NullPointerException: Cannot invoke "io.aiven.klaw.dao.UserInfo.getRole()" because the return value of "io.aiven.klaw.helpers.db.rdbms.HandleDbRequestsJdbc.getUsersInfo(String)" is null
I have also checked the Issue #2484 and deployed the latest code after the PR #2492 was merged to main. I am still facing the issue.
Here is the screen to which the user is redirected when clicking on "Continue" for SSO login.
What did you expect to happen?
It was expected that on first login of the superadmin user via SSO, it will create user in postgres table kwusers and redirect to the superadmin screen. Instead got the above error. However the user entry in the kwusers table was created on login.
What else do we need to know?
As per the documentation provided for the Google SSO here, configured below properties in the core->application.properties as well
klaw.login.authentication.type=ad
klaw.enable.authorization.ad=true
klaw.enable.sso=true
spring.security.oauth2.client.registration.google.imageURI=assets/images/clients/google.svg
spring.security.oauth2.client.registration.google.client-id=redacted
spring.security.oauth2.client.registration.google.client-secret=redacted
spring.security.oauth2.client.registration.google.redirect-uri=https://redacted.com/login/oauth2/code/google
spring.security.oauth2.client.registration.google.scope=profile, email
Also the new coral React UI is enabled and database is postgres.
@mayankag24 can you try disabling the coral ui and login
@mayankag24 can you try disabling the coral ui and login
@muralibasani Got this error with new UI disabled and trying to login via SSO superadmin
[nio-9097-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed: java.lang.NullPointerException: Cannot invoke "java.util.List.isEmpty()" because "activityCountList" is null] with root cause
java.lang.NullPointerException: Cannot invoke "java.util.List.isEmpty()" because "activityCountList" is null
@muralibasani the activityCountList is being fetched from kwactivitylog table as far as I understand. But on intial login there would be no activity therefore it will return null?
Please let me know if we can connect over a call and go through this.
Hi @muralibasani could you please guide here on how to debug further?
Hi @aindriu-aiven can you please look into this?
Hey @mayankag24 apologies, I thought Murali was looking at it, I will spend some time this evening and tomorrow morning looking at setting up Klaw with Google SSO and see if I can replicate and figure out the issue.
Hey @mayankag24 apologies, I thought Murali was looking at it, I will spend some time this evening and tomorrow morning looking at setting up Klaw with Google SSO and see if I can replicate and figure out the issue.
Although I can see how the activity count list is throwing a null pointer.
I will create a branch to resolve that if you would like to test it and I will work off that branch for testing the google sso login.
@mayankag24 I have a branch debug-google-sso-login-issue open now in which I am starting the debug process, but also the null pointer exception for activityCountList should be resolved.
I will be using this branch to test the google sso.
If you want to see if it resolves your issue you can checkout the branch and build it, or you can wait for me to finish the investigation and setup.
Thanks for your patience.
Thanks a lot @aindriu-aiven
Will pick up the branch and test out and update the bug status.
Hi @aindriu-aiven tested the branch, now I am getting below error for both coral enabled true and false.
java.lang.NullPointerException: Cannot invoke "io.aiven.klaw.dao.UserInfo.getRole()" because the return value of "io.aiven.klaw.helpers.db.rdbms.HandleDbRequestsJdbc.getUsersInfo(String)" is null
The tables kwusers and kwregisterusers have both one entry each. kwusers has entry for superadmin user and kwregisterusers has one user request entry.
Hi @aindriu-aiven tested the branch, now I am getting below error for both coral enabled true and false.
java.lang.NullPointerException: Cannot invoke "io.aiven.klaw.dao.UserInfo.getRole()" because the return value of "io.aiven.klaw.helpers.db.rdbms.HandleDbRequestsJdbc.getUsersInfo(String)" is nullThe tables kwusers and kwregisterusers have both one entry each. kwusers has entry for superadmin user and kwregisterusers has one user request entry.
Hey,
Thanks for this, I will focus on trying to figure that out.
I'll get back to you as quickly as I can.
Hi @aindriu-aiven
Do let me know if you were able to replicate/debug the Null exceptions. Can we setup a connect if required?
Hi @aindriu-aiven Do let me know if you were able to replicate/debug the Null exceptions. Can we setup a connect if required?
I am just starting this proccess this morning, BUt I will let you know if/when I replicate the issue. And if there are any issues I will follow back up with you thanks!
@aindriu-aiven Please do inform if you figure out something
@mayankag24 with which user are you trying to login ? pls try logging in with mayank.redacted@company.com
@mayankag24 with which user are you trying to login ? pls try logging in with mayank.redacted@company.com
Using that user for login. Have also set the same user for superadmin email in application.properties.
@mayankag24 with which user are you trying to login ? pls try logging in with mayank.redacted@company.com
Using that user for login. Have also set the same user for superadmin email in application.properties.
Hey @mayankag24 thanks for getting back to us, I have managed to recreate the issue.
I think that I have figured out why it is occurring and am just trying to test my theory now.
But i think the issue is that the superadmin entry in the database is already set to superadmin, when klaw was initially started up.
Resetting the user after that takes a bit more work, but I am just working through it now and will hopefully have a way forward for you shortly
Ok hey @mayankag24
So after a good bit of debugging it turned out to be simpler then I expected.
in my application.properties I had
klaw.ad.username.attribute=preferred_username
With the google SSO however i needed to change that to
klaw.ad.username.attribute=email
Then restart Klaw and it was able to login correctly.
Let me know if this works, its definitely missing in the docs so if this works correctly for you I will update the docs.
The other update on the branch I asked you to test will take care of the second issue. So I will get that merged shortly as well.
Ok hey @mayankag24
So after a good bit of debugging it turned out to be simpler then I expected.
in my application.properties I had
klaw.ad.username.attribute=preferred_usernameWith the google SSO however i needed to change that toklaw.ad.username.attribute=emailThen restart Klaw and it was able to login correctly.Let me know if this works, its definitely missing in the docs so if this works correctly for you I will update the docs.
The other update on the branch I asked you to test will take care of the second issue. So I will get that merged shortly as well.
This worked for superadmin user login! Thanks a lot @aindriu-aiven
However, not able to view/approve user requests on the UI. There are entries in kwregisterusers table.
Ok hey @mayankag24
So after a good bit of debugging it turned out to be simpler then I expected.
in my application.properties I hadklaw.ad.username.attribute=preferred_usernameWith the google SSO however i needed to change that toklaw.ad.username.attribute=emailThen restart Klaw and it was able to login correctly.
Let me know if this works, its definitely missing in the docs so if this works correctly for you I will update the docs.
The other update on the branch I asked you to test will take care of the second issue. So I will get that merged shortly as well.This worked for superadmin user login! Thanks a lot @aindriu-aiven
However, not able to view/approve user requests on the UI. There are entries in kwregisterusers table.
Okay so the user approval is working for coral disabled UI. It was failing for coral.enabled = true
Ok hey @mayankag24
So after a good bit of debugging it turned out to be simpler then I expected.
in my application.properties I hadklaw.ad.username.attribute=preferred_usernameWith the google SSO however i needed to change that toklaw.ad.username.attribute=emailThen restart Klaw and it was able to login correctly.
Let me know if this works, its definitely missing in the docs so if this works correctly for you I will update the docs.
The other update on the branch I asked you to test will take care of the second issue. So I will get that merged shortly as well.This worked for superadmin user login! Thanks a lot @aindriu-aiven
However, not able to view/approve user requests on the UI. There are entries in kwregisterusers table.Okay so the user approval is working for coral disabled UI. It was failing for
coral.enabled = true
Ah Ok I am glad you were able to figure that out, I have been using a local build so trying to get sign ups into that table was hard when I only have one SSO user.
I'm glad that has been resolved.
I will open a ticket for coral on this, but it makes sense to me It is something I have been working on enabling for Klaw 2.10 but its taking longer then I hoped to get that done ๐
I should also mention you should be able to switch between coral and the old UI using the banners at the moment as well!
Thank you for your patience and time! We can close this issue it seems. @aindriu-aiven
Thank you for your patience and time! We can close this issue it seems. @aindriu-aiven
Thats great! I hope Klaw is really useful for you :)