Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11289

SP initiated SLO with SOAP binding fails with code 400

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.1, 13.5.2, 14.0.0, 14.1.1, 14.5.0, 6.0.0.2
    • Fix Version/s: 13.5.3, 6.5.0, 6.0.1, 5.5.2
    • Component/s: SAML
    • Labels:
    • Sprint:
      AM Sustaining Sprint 53
    • Story Points:
      1
    • Needs QA verification:
      No
    • Functional tests:
      Yes

      Description

      When using SP initiated SLO with SOAP binding the operation fails with HTTP code 400 and message "Error creating LogoutRequest".

      Federation debug log on SP:

      libSAML2:06/15/2017 03:44:02:709 PM BST: Thread[http-nio-8080-exec-4,5,main]: TransactionId[6e652cb5-e18d-4dc1-ab04-6ee53ab51b2d-501]
      ERROR: KeyUtil.getDecryptionKeys: alias was empty.
      libSAML2:06/15/2017 03:44:34:769 PM BST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6e652cb5-e18d-4dc1-ab04-6ee53ab51b2d-512]
      ERROR: Unable to send SOAPMessage to IDP
      com.sun.xml.messaging.saaj.SOAPExceptionImpl: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Invalid Content-Type:text/html. Is this an error message instead of a SOAP response?
              at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:163)
              at com.sun.identity.saml2.common.SOAPCommunicator.sendSOAPMessage(SOAPCommunicator.java:300)
              at com.sun.identity.saml2.profile.LogoutUtil.doSLOBySOAP(LogoutUtil.java:404)
              at com.sun.identity.saml2.profile.LogoutUtil.doLogout(LogoutUtil.java:299)
              at com.sun.identity.saml2.profile.LogoutUtil.doLogout(LogoutUtil.java:158)
              at com.sun.identity.saml2.profile.SPSingleLogout.prepareForLogout(SPSingleLogout.java:465)
              at com.sun.identity.saml2.profile.SPSingleLogout.initiateLogoutRequest(SPSingleLogout.java:344)
              at com.sun.identity.saml2.profile.SPSingleLogout.initiateLogoutRequest(SPSingleLogout.java:152)
              at org.apache.jsp.saml2.jsp.spSingleLogoutInit_jsp._jspService(spSingleLogoutInit_jsp.java:375)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
              at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:443)
              at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
              at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
              at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
              at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
              at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
              at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
              at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:745)
      Caused by: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Invalid Content-Type:text/html. Is this an error message instead of a SOAP response?
              at com.sun.xml.messaging.saaj.soap.MessageImpl.identifyContentType(MessageImpl.java:670)
              at com.sun.xml.messaging.saaj.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:100)
              at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:345)
              at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:159)
              ... 45 more
      CAUSE:
      com.sun.xml.messaging.saaj.SOAPExceptionImpl: Invalid Content-Type:text/html. Is this an error message instead of a SOAP response?
              at com.sun.xml.messaging.saaj.soap.MessageImpl.identifyContentType(MessageImpl.java:670)
              at com.sun.xml.messaging.saaj.soap.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:100)
              at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:345)
              at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:159)
              at com.sun.identity.saml2.common.SOAPCommunicator.sendSOAPMessage(SOAPCommunicator.java:300)
              at com.sun.identity.saml2.profile.LogoutUtil.doSLOBySOAP(LogoutUtil.java:404)
              at com.sun.identity.saml2.profile.LogoutUtil.doLogout(LogoutUtil.java:299)
              at com.sun.identity.saml2.profile.LogoutUtil.doLogout(LogoutUtil.java:158)
              at com.sun.identity.saml2.profile.SPSingleLogout.prepareForLogout(SPSingleLogout.java:465)
              at com.sun.identity.saml2.profile.SPSingleLogout.initiateLogoutRequest(SPSingleLogout.java:344)
              at com.sun.identity.saml2.profile.SPSingleLogout.initiateLogoutRequest(SPSingleLogout.java:152)
              at org.apache.jsp.saml2.jsp.spSingleLogoutInit_jsp._jspService(spSingleLogoutInit_jsp.java:375)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
              at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:443)
              at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
              at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
              at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
              at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
              at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
              at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
              at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:745)
      libSAML2:06/15/2017 03:44:34:772 PM BST: Thread[http-nio-8080-exec-9,5,main]: TransactionId[6e652cb5-e18d-4dc1-ab04-6ee53ab51b2d-512]
      ERROR: Error sending Logout Request
      com.sun.identity.saml2.common.SAML2Exception: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Invalid Content-Type:text/html. Is this an error message instead of a SOAP response?
              at com.sun.identity.saml2.profile.LogoutUtil.doSLOBySOAP(LogoutUtil.java:408)
              at com.sun.identity.saml2.profile.LogoutUtil.doLogout(LogoutUtil.java:299)
              at com.sun.identity.saml2.profile.LogoutUtil.doLogout(LogoutUtil.java:158)
              at com.sun.identity.saml2.profile.SPSingleLogout.prepareForLogout(SPSingleLogout.java:465)
              at com.sun.identity.saml2.profile.SPSingleLogout.initiateLogoutRequest(SPSingleLogout.java:344)
              at com.sun.identity.saml2.profile.SPSingleLogout.initiateLogoutRequest(SPSingleLogout.java:152)
              at org.apache.jsp.saml2.jsp.spSingleLogoutInit_jsp._jspService(spSingleLogoutInit_jsp.java:375)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
              at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:443)
              at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
              at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
              at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
              at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
              at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
              at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
              at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:745)

      IdP logs:

      libSAML2:06/15/2017 03:50:59:866 PM BST: Thread[http-nio-8080-exec-6,5,main]: TransactionId[de602d2b-d83c-4a30-b39f-bd837d54566c-1422]
      SAML2Util.putHeaders: Header name=Content-Length, value=[736]
      java.lang.IllegalStateException: getWriter() has already been called for this response
              at org.apache.catalina.connector.Response.getOutputStream(Response.java:575)
              at org.apache.catalina.connector.ResponseFacade.getOutputStream(ResponseFacade.java:194)
              at javax.servlet.ServletResponseWrapper.getOutputStream(ServletResponseWrapper.java:100)
              at com.sun.identity.saml2.servlet.IDPSingleLogoutServiceSOAP.doPost(IDPSingleLogoutServiceSOAP.java:129)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
              at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
              at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
              at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
              at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
              at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:745)
      libSAML2:06/15/2017 03:51:10:000 PM BST: Thread[SystemTimerPool,5,main]: TransactionId[de602d2b-d83c-4a30-b39f-bd837d54566c-826]
      CacheCleanUpRunnable.run:

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                adam.heath Adam Heath
                Reporter:
                n4al Nemanja Lukic
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: