Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14523

NullPointerException in IdP-initiated ManageNameIDRequest using SOAP Binding

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 7.0.0
    • Fix Version/s: 6.5.2, 6.0.1, 5.5.2, 7.0.0
    • Component/s: SAML
    • Labels:
    • Environment:
      Oracle JDK jdk1.8.0_201
      Apache Tomcat/9.0.8
      AM 7.0.0 (c36edcc20aab37e8bc86e092e0552951ba0cc6a5)
    • Rank:
      1|hzxq4v:
    • Sprint:
      AM Sustaining Sprint 61, AM Sustaining Sprint 62
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      NullPointerException when handling encrypted NameIDManageRequest.

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Configure AM as hosted SP
      2. Configure some IdP
      3. Perform SAML Account Linking
      4. Configure IdP to encypt NameID (on IdP side)
      5. Perform IdP-initiated MangeNameID Request via SOAP-binding
      Expected behaviour
      Request should fail with SAML error message
      Current behaviour
      NullPointerException is thrown
      excerpt from AM 6.5.0.1 debug log
      DoManageNameID.processManageNameIDRequest:
java.lang.NullPointerException
        at com.sun.identity.saml2.profile.DoManageNameID.processManageNameIDRequest(DoManageNameID.java:1017)
        at com.sun.identity.saml2.profile.DoManageNameID.processManageNameIDRequest(DoManageNameID.java:1200)
        at com.sun.identity.saml2.profile.DoManageNameID.processSOAPRequest(DoManageNameID.java:846)
        at com.sun.identity.saml2.servlet.SPManageNameIDServiceSOAP.doPost(SPManageNameIDServiceSOAP.java:60)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)

      Work around

      Configure NameID encryption on hosted SP.

      Code analysis

      com.sun.identity.saml2.profile.DoManageNameID.java
      ...
    private static Status processManageNameIDRequest(
        ManageNameIDRequest mniRequest, String realm, String hostEntityID,
        String remoteEntityID, String hostRole, String userID)
        throws Exception {
...
        NameID nameID = getNameIDFromMNIRequest(mniRequest, realm, 
            hostEntityID, hostRole);
        NameIDInfo oldNameIDInfo = getNameIDInfo(userID, hostEntityID,
            remoteEntityID, hostRole, realm, nameID.getSPNameQualifier(),
            true);
...

        Attachments

          Activity

            People

            • Assignee:
              lawrence.yarham Lawrence Yarham
              Reporter:
              bthalmayr Bernhard Thalmayr
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: