Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11822

NPE after invalid value of "The SAML2 issuer Id" in STS Instance configuration


    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 13.5.2
    • Fix Version/s: None
    • Component/s: STS
    • Labels:
    • Environment:
       CentOS 6
      Java version "1.8.0_25"
      Apache Tomcat 7.0.65
      OpenAM 13.5.2


      Bug description

      There is NPE (see debug.txt) after invalid value of "The SAML2 issuer Id" in STS Instance configuration. There should be proper error message. Nonverified input can be cause of security problems.

      How to reproduce the issue

      1. Configure IDP and SP in standard scenario
      2. Configure STS on server with SP (https://backstage.forgerock.com/knowledge/kb/book/b93241706/a33982583)
      3. Configure OAUTH2 on server with SP
      4. get access_token using saml2-bearer grant_type - see attached 4448.sh
        a) get IPlanetDirectoryPro for oauth user
        b) request SAML assertion from STS
        c) get OAUTH access token using grant-type=saml2-bearer
      Expected behaviour
      Invalid SAML2 issuer Id in OpenAM configuration error should be displayed. Maybe STS configuration form should allow to enter only valid values.
      Current behaviour
      Internal Server Error (500) - The server encountered an unexpected condition which prevented it from fulfilling the request
      and there is Null pointer exception in debug (see attached debug.txt)


        1. 4448.sh
          2 kB
        2. debug.txt
          45 kB



            • Assignee:
              lubomir.mlich Ľubomír Mlích
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: