This issue has been created
 
 
OpenId Connect / cid:jira-generated-image-avatar-e6f6f3a5-75ab-4e3c-8564-d2183dc8cdb9 OIDC-256 Open

Authenticator Callback - Cannot invoke "javax.servlet.http.HttpSession.getId()" because "httpSession" is null
 
View issue   ·   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-823a675e-972e-475d-b564-464090944bd4 Michael Schröder created this issue on 26/Aug/25 10:19
 
Summary: Authenticator Callback - Cannot invoke "javax.servlet.http.HttpSession.getId()" because "httpSession" is null
Issue Type: cid:jira-generated-image-avatar-e6f6f3a5-75ab-4e3c-8564-d2183dc8cdb9 Bug
Affects Versions: 2.19.2
Assignee: Unassigned
Attachments: Screenshot 2025-08-26 093936.png
Components: Authenticator
Created: 26/Aug/25 10:19
Environment: - Fresh install via xwiki-helm (7.4.4-postgres-tomcat⁠; 7.6.0-postgres-tomcat⁠).
- OpenID Connect Authenticator installed via UI.
Priority: cid:jira-generated-image-static-major-d38aa455-208d-4e80-95b5-514a37e80a43 Major
Reporter: Michael Schröder
Description:

Used OpenID Connect Authenticator with Keycloak as OpenId Connect Provider.

In the Login process, there is an Internal Server Error (Root Cause: "Cannot invoke "javax.servlet.http.HttpSession.getId()" because "httpSession" is null"), when the user is first redirected to the /oidc/authenticator/callback endpoint coming from Keycloak. See screenshot.

If the user opens the same URL (https://xwiki/oidc/authenticator/callback?state=llfn0OSHhkmF...&session_state=1a8fcdc3...&iss=https%3A%2F%2Fsso%2Frealms%2Ftest&code=d1e5e24e..) manually via Browser again, the login is successful.

Tested with xWiki 7.44 and 7.6.0.
 
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.