-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.5.0, 13.5.1, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0
-
Component/s: SAML
-
Labels:
-
Environment:Using AM 5.0.0 as session upgrade is broken in 5.5.1 and amMaster, see
OPENAM-12512
JVM: Oracle JDK 1.8.0_151-b12
Apache Tomcat/8.0.48
AM 5.0.0
-
Target Version/s:
-
Rank:1|hzkkpb:
-
Sprint:AM Sustaining Sprint 51, AM Sustaining Sprint 52
-
Story Points:2
-
Support Ticket IDs:
-
Needs QA verification:No
Bug description
Federation debug log shows java.lang.NumberFormatException: For input string: "/:10"
How to reproduce the issue
- Configure AM as hosted IdP
- Configure some remote SAML SP (e.g. samle app from Spring SAML security extension)
- configure auth-chain 'dataStoreService' with DataStore auth module instance as required module
- set auth level of DataStore auth module instance to '5'
- set auth level of LDAP auth module instance to '10'
- re-configure auth-chain 'ldapService' to use LDAP auth module (yeah that would make sense by default as a data store could be any implementation)
- set admin-authenticator of root realm to 'dataStoreService'
- perform service based auth for 'dataStoreService' (.../am/XUI/#login?realm=/&authIndexType=service&authIndexValue=dataStoreService)
- authenticate as 'demo' user
- perform session upgrade using 'ldapService' (.../am/XUI/#login?realm=/&authIndexType=service&authIndexValue=ldapService)
- authenticate as 'demo' user
- set debug level to 'message'
- perform IdP-initated SSO
Expected behaviour
No NumberFormatException should be raised
Current behaviour
Federation debug log shows java.lang.NumberFormatException: For input string: "/:10"
Although IdP initiated SSO seems to works in general the message is quite irritating.
Potentially there are some side effects as well.
excerpt from Federation debug log
libSAML2:02/27/2018 09:32:05:259 PM CET: Thread[http-nio-8080-exec-2,5,main]: TransactionId[9064b79a-8bc6-4485-9a4a-2ae1f733623f-1882] DefaultIDPAuthnContextMapper.getAuthnContextFromLevel: input authLevel is not valid. java.lang.NumberFormatException: For input string: "/:10" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:569) at java.lang.Integer.parseInt(Integer.java:615) at com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper.getAuthnContextFromAuthLevel(DefaultIDPAuthnContextMapper.java:206) at com.sun.identity.saml2.profile.IDPSSOUtil.getAuthnStatement(IDPSSOUtil.java:1203) at com.sun.identity.saml2.profile.IDPSSOUtil.getAssertion(IDPSSOUtil.java:913) at com.sun.identity.saml2.profile.IDPSSOUtil.getResponse(IDPSSOUtil.java:821) at com.sun.identity.saml2.profile.IDPSSOUtil.sendResponseToACS(IDPSSOUtil.java:473) at com.sun.identity.saml2.profile.IDPSSOUtil.doSSOFederate(IDPSSOUtil.java:370) at com.sun.identity.saml2.profile.IDPSSOUtil.doSSOFederate(IDPSSOUtil.java:199) at org.apache.jsp.saml2.jsp.idpSSOInit_jsp._jspService(idpSSOInit_jsp.java:192) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:43) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1539) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1495) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)
- relates to
-
OPENAM-6776 SAML authentication can fail with NumberFormatException
-
- Resolved
-
-
OPENAM-15368 SAML2 federation fails when doing Session upgrade with NumberFormatException
-
- Resolved
-