Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13426

EncryptSAMLIDPSPBasicAuthPwdStep fails in upgrade

    Details

    • Sprint:
      AM Sustaining Sprint 53
    • Story Points:
      1
    • Support Ticket IDs:
    • Needs QA verification:
      No

      Description

      Bug description

      AM upgrade from 6.0.0 to 6.0.0.2 or 13.5.1 to 13.5.2 fails for EncryptSAMLIDPSPBasicAuthPwdStep

      How to reproduce the issue

      Am unable to reproduce at present.  Believe this relates to a SAML entity present from AM 10 which has been carried through at least one previous upgrade.

      Have ruled out an upgrade for an env that has no SAML entities, then a SAML entity created using the Applications tab (rather than dashboard and e.g. Create hosted IdP).

      Expected behaviour
      Upgrade step should process successfully
      Current behaviour
      Upgrade step fails with following logged output (taken from 13.5.2):
      ERROR: An error occurred while finding SAMLv2 IdP and SP entries that require update 
      java.lang.NullPointerException
      at org.forgerock.openam.upgrade.steps.EncryptSAMLIDPSPBasicAuthPwdStep.findEntitiesToUpdate(EncryptSAMLIDPSPBasicAuthPwdStep.java:164)
      at org.forgerock.openam.upgrade.steps.EncryptSAMLIDPSPBasicAuthPwdStep.initialize(EncryptSAMLIDPSPBasicAuthPwdStep.java:76)
      at org.forgerock.openam.upgrade.UpgradeServices.<init>(UpgradeServices.java:98)
      at org.forgerock.openam.upgrade.UpgradeServices.getInstance(UpgradeServices.java:125)
      at com.sun.identity.config.upgrade.Upgrade.<init>(Upgrade.java:60)

      Work around

      Upgrade from 13.5.x to 6.0.0.2 directly.  The upgrade step is only performed in 6.0.0.2 for original versions of 6.0.0 and later.

      Code analysis

      There needs to be a null check guard just before line 164 (code version from 13.5.2).  Its unclear as to why an entityConfig of null would result from the call at the second line below, but this is causing the issue.

      EncryptSAMLIDPSPBasicAuthPwdStep.findEntitiesToUpdate function
      for (String entityId : entityIdList) {
          EntityConfigElement entityConfig = saml2MetaManager.getEntityConfig(realm, entityId);
      
          List<? extends BaseConfigType> entities =
              entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
      

        Attachments

          Activity

            People

            • Assignee:
              lawrence.yarham Lawrence Yarham
              Reporter:
              lawrence.yarham Lawrence Yarham
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: