-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 13.5.2, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.5.0, 14.1.2
-
Component/s: upgrade
-
Labels:
Bug description
AM upgrade from 6.0.0 to 6.0.0.2 or 13.5.1 to 13.5.2 fails for EncryptSAMLIDPSPBasicAuthPwdStep
How to reproduce the issue
Am unable to reproduce at present. Believe this relates to a SAML entity present from AM 10 which has been carried through at least one previous upgrade.
Have ruled out an upgrade for an env that has no SAML entities, then a SAML entity created using the Applications tab (rather than dashboard and e.g. Create hosted IdP).
Expected behaviour
Upgrade step should process successfully
Current behaviour
Upgrade step fails with following logged output (taken from 13.5.2): ERROR: An error occurred while finding SAMLv2 IdP and SP entries that require update java.lang.NullPointerException at org.forgerock.openam.upgrade.steps.EncryptSAMLIDPSPBasicAuthPwdStep.findEntitiesToUpdate(EncryptSAMLIDPSPBasicAuthPwdStep.java:164) at org.forgerock.openam.upgrade.steps.EncryptSAMLIDPSPBasicAuthPwdStep.initialize(EncryptSAMLIDPSPBasicAuthPwdStep.java:76) at org.forgerock.openam.upgrade.UpgradeServices.<init>(UpgradeServices.java:98) at org.forgerock.openam.upgrade.UpgradeServices.getInstance(UpgradeServices.java:125) at com.sun.identity.config.upgrade.Upgrade.<init>(Upgrade.java:60)
Work around
Upgrade from 13.5.x to 6.0.0.2 directly. The upgrade step is only performed in 6.0.0.2 for original versions of 6.0.0 and later.
Code analysis
There needs to be a null check guard just before line 164 (code version from 13.5.2). Its unclear as to why an entityConfig of null would result from the call at the second line below, but this is causing the issue.
for (String entityId : entityIdList) { EntityConfigElement entityConfig = saml2MetaManager.getEntityConfig(realm, entityId); List<? extends BaseConfigType> entities = entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();