Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14207

NullPointerException AM Console if IDPSSODescriptor is missing attribute 'WantAuthnRequestsSigned'

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 7.0.0
    • Fix Version/s: None
    • Component/s: console, SAML
    • Labels:
    • Environment:
      Oracle JDK 1.8.0_151
      Apache Tomcat 9.0.8
      AM 6.5.0
    • Support Ticket IDs:

      Description

      Bug description

      When IDPSSODescriptor does not include optional attribute 'WantAuthnRequestSigned' , then it can not be used by AM , e.g. when the entity should be viewed in AM console.

       

      How to reproduce the issue

      1. Configure AM
      2. Create Hosted SP via console dashboard task
      3. Register remote IdP via console dashboard task, IdP-URL: 'https://idp-test.feide.no/simplesaml/saml2/idp/metadata.php'
      4. Try to view IdP entity (https://idp-test.feide.no)
      Expected behaviour
      IdP entity should be displayed
      
      Current behaviour
      Error message "An error occurred while processing this request. Contact your administrator" is displayed
      

      Log output

      amConsole:01/08/2019 09:00:17:513 PM CET: Thread[http-nio-8080-exec-5,5,main]: TransactionId[0b62e4c1-52bd-414a-943d-da776aefd27b-52699]
      ERROR: ConsoleServletBase.onUncaughtException
      com.iplanet.jato.NavigationException: Exception encountered during forward
      Root cause = [java.lang.NullPointerException]
      	at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
      	at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
      	at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:155)
      	at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:113)
      	at com.sun.identity.console.federation.FederationViewBean.handleEntityNameHrefRequest(FederationViewBean.java:858)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
      	at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
      	at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
      	at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
      	at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
      	at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
      	at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
      	at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.lambda$doFilter$0(DataStoreConsistencyFilter.java:46)
      	at org.forgerock.openam.service.datastore.ReentrantVolatileActionConsistencyController.safeExecute(ReentrantVolatileActionConsistencyController.java:37)
      	at org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.doFilter(DataStoreConsistencyFilter.java:46)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:115)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.audit.servlet.AuditAccessServletFilter.doFilter(AuditAccessServletFilter.java:54)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:494)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
      	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
      	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:412)
      	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1385)
      	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:748)
      
      Root cause:
      java.lang.NullPointerException
      	at com.sun.identity.console.federation.model.SAMLv2ModelImpl.getStandardIdentityProviderAttributes(SAMLv2ModelImpl.java:492)
      	at com.sun.identity.console.federation.SAMLv2IDPAssertionContentViewBean.getStandardValues(SAMLv2IDPAssertionContentViewBean.java:216)
      	at com.sun.identity.console.federation.SAMLv2IDPAssertionContentViewBean.beginDisplay(SAMLv2IDPAssertionContentViewBean.java:89)
      	at com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
      	at org.apache.jsp.console.federation.SAMLv2IDPAssertionContent_jsp._jspService(SAMLv2IDPAssertionContent_jsp.java:175)
      	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:444)
      	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:386)
      	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:330)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712)
      	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:459)
      	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384)
      	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
      	at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
      	at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
      	at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:155)
      	at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:113)
      	at com.sun.identity.console.federation.FederationViewBean.handleEntityNameHrefRequest(FederationViewBean.java:858)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
      	at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
      	at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
      	at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
      	at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
      	at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
      	at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
      	at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.lambda$doFilter$0(DataStoreConsistencyFilter.java:46)
      	at org.forgerock.openam.service.datastore.ReentrantVolatileActionConsistencyController.safeExecute(ReentrantVolatileActionConsistencyController.java:37)
      	at org.forgerock.openam.services.datastore.DataStoreConsistencyFilter.doFilter(DataStoreConsistencyFilter.java:46)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:115)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.audit.servlet.AuditAccessServletFilter.doFilter(AuditAccessServletFilter.java:54)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:494)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
      	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
      	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:412)
      	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1385)
      	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:748)
      

      Work around

      export IdP entity metadata via 'ssoadm export-entity ...'

      update IDPSSODescriptor to include attribute WantAuthnRequestsSigned="false"

      delete entity via 'ssoadm delete-entity ...'

      re-import entity meta data via 'ssoadm ...'

      Code analysis

      com.sun.identity.console.federation.model.EntityModelImpl.java
      protected Set returnEmptySetIfValueIsNull(boolean b) {
          Set set = new HashSet(2);
          set.add(Boolean.toString(b));
          return set;
      }
      

      is actually called with argument of type Boolean and not boolean, unboxing leads to NPE.

      com.sun.identity.console.federation.model.SAMLv2ModelImpl
      public Map getStandardIdentityProviderAttributes(
      ...
                      map.put(WANT_AUTHN_REQ_SIGNED,returnEmptySetIfValueIsNull(
                              idpssoDescriptor.isWantAuthnRequestsSigned()));
      ...
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: