SSSD user federation not working after upgrade from 17.0.1

gnot · January 4, 2023, 8:23am

After upgrading from keycloak 17.0.1 to 20.0.2 login is not possible for users stored in FreeIPA.
I also tried upgrading to 18.0.2 and 19.0.3 with the same result.

I always get the following error when I try to login
org.keycloak.federation.sssd.impl.PAMAuthenticator.authenticate NullPointerException

Login to the admin console with the local keycloak admin user is possible.

For each update I did

cd /opt
wget https://github.com/keycloak/keycloak/releases/download/19.0.3/keycloak-19.0.3.zip
unzip keycloak-19.0.3.zip
rm keycloak
ln -s keycloak-19.0.3 keycloak
chown -R keycloak: /opt/keycloak/
chmod o+x /opt/keycloak/bin/
cp /opt/keycloak-17.0.1/conf/keycloak.conf /opt/keycloak/conf/
systemctl restart keycloak

When I go back to version 17.0.1 with
rm keycloak
ln -s keycloak-17.0.1 keycloak
systemctl restart keycloak

Login is working without issues again.

It seems that SSSD federation is broken for keycloak > 17.0.1

Did anybody get sssd user federation to work on version > 17.0.1 ?

pmcpherson · December 1, 2023, 4:32pm

did you figure out SSSD? I’ve never used it before but I’m using Keycloak 23 in a docker container and cannot get the SSSD option to show up in the Keycloak admin console.

Topic		Replies	Views
SSSD federation support in 20.0.2 Configuring the server user-federation	1	371	December 23, 2022
Keycloak 17 : no SSSD user federation provider Configuring the server	1	639	December 1, 2023
Keycloak 17 - No SSSD Federation Provider option Configuring the server	2	633	March 23, 2022
SSSD Federation Unavailable? Getting advice identity-brokering	0	480	May 26, 2022
Keycloak SSSD Federation with Idm Configuring the server authentication	0	437	March 22, 2024

SSSD user federation not working after upgrade from 17.0.1

Related topics