Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11822

NPE after invalid value of "The SAML2 issuer Id" in STS Instance configuration

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 13.5.2
    • Fix Version/s: None
    • Component/s: STS
    • Labels:
    • Environment:
       CentOS 6
      Java version "1.8.0_25"
      Apache Tomcat 7.0.65
      OpenAM 13.5.2

      Description

      Bug description

      There is NPE (see debug.txt) after invalid value of "The SAML2 issuer Id" in STS Instance configuration. There should be proper error message. Nonverified input can be cause of security problems.

      How to reproduce the issue

      1. Configure IDP and SP in standard scenario
      2. Configure STS on server with SP (https://backstage.forgerock.com/knowledge/kb/book/b93241706/a33982583)
      3. Configure OAUTH2 on server with SP
      4. get access_token using saml2-bearer grant_type - see attached 4448.sh
        a) get IPlanetDirectoryPro for oauth user
        b) request SAML assertion from STS
        c) get OAUTH access token using grant-type=saml2-bearer
      Expected behaviour
      Invalid SAML2 issuer Id in OpenAM configuration error should be displayed. Maybe STS configuration form should allow to enter only valid values.
      
      Current behaviour
      Internal Server Error (500) - The server encountered an unexpected condition which prevented it from fulfilling the request
      
      and there is Null pointer exception in debug (see attached debug.txt)
      

        Attachments

        1. 4448.sh
          2 kB
        2. debug.txt
          45 kB

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lubomir.mlich Ľubomír Mlích
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: