Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10933

DeviceIdSave auth module fails with NullPointerException if the storage attribute is not already present

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.2
    • Fix Version/s: 13.5.2
    • Component/s: authentication
    • Labels:
    • Environment:
      Mac OS X 10.11.6

      java version "1.7.0_76"
      Java(TM) SE Runtime Environment (build 1.7.0_76-b13)
      Java HotSpot(TM) 64-Bit Server VM (build 24.76-b04, mixed mode)

      Apache Tomcat/8.0.24

      OpenAM 12.0.2
    • Sprint:
      AM Sustaining Sprint 39, AM Sustaining Sprint 40, AM Sustaining Sprint 41, AM Sustaining Sprint 42, AM Sustaining Sprint 43, AM Sustaining Sprint 44
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      Configure two-factor auth chain with DeviceIdPrint modules

      Authentication Configuration's entries:
      [name=LDAP] [flag=REQUISITE] [options=]
      [name=DeviceIdMatch] [flag=SUFFICIENT] [options=]
      [name=HOTP] [flag=REQUISITE] [options=]
      [name=DeviceIdSave] [flag=REQUIRED] [options=]
      
      DeviceIdSave config
      Authentication Instance profile:
      iplanet-am-auth-device-id-save-max-profiles-allowed=5
      iplanet-am-auth-device-id-save-auth-level=0
      iplanet-am-auth-device-id-save-auto-store-profile=false
      

      User entry in user data store does not have attribute ** set ...

      excerpt from identity data
      ldapsearch -p 50389 -D 'cn=directory Manager' -j PATH_TO_PWDFILE -b 'dc=openam,dc=forgerock,dc=org' uid=demo objectclass devicePrintProfiles
      dn: uid=demo,ou=people,dc=openam,dc=forgerock,dc=org
      objectclass: inetuser
      objectclass: iplanet-am-managed-person
      objectclass: iplanet-am-auth-configuration-service
      objectclass: devicePrintProfilesContainer
      objectclass: sunFederationManagerDataStore
      objectclass: inetorgperson
      objectclass: forgerock-am-dashboard-service
      objectclass: sunFMSAML2NameIdentifier
      objectclass: sunIdentityServerLibertyPPService
      objectclass: top
      objectclass: iPlanetPreferences
      objectclass: sunAMAuthAccountLockout
      objectclass: organizationalperson
      objectclass: person
      objectclass: planet-am-user-service
      
      

      When DeviceIDSave module tries to save the data it bails out with

      excerpt from Authentication debug log
      amAuthDeviceIdSave:03/21/2017 12:02:58:425 PM CET: Thread[http-nio-8080-exec-1,5,main]
      ERROR: Cannot get User's Device Print Profiles attribute. java.lang.NullPointerException
      

      The whole stacktrace is not available.

      However the related IdRepo debug log shows

      excerpt from IdRepo debug log
      DJLDAPv3Repo:03/21/2017 12:01:40:989 PM CET: Thread[http-nio-8080-exec-1,5,main]
      getAttributes returning attrMap: {}
      

      Attaching a debugger to get the stacktrace of the NPE reveals

      java.lang.NullPointerException
              at org.forgerock.openam.authentication.modules.deviceprint.DevicePrintDao.getProfiles(DevicePrintDao.java:60)
              at org.forgerock.openam.authentication.modules.deviceprint.ProfilePersister.saveDevicePrint(ProfilePersister.java:73)
              at org.forgerock.openam.authentication.modules.deviceprint.PersistModuleProcessor.process(PersistModuleProcessor.java:96)
              at org.forgerock.openam.authentication.modules.deviceprint.DeviceIdSave.process(DeviceIdSave.java:86)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sfraser Sam Fraser
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: