-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 7.0.0
-
Component/s: SAML
-
Labels:
-
Environment:Oracle JDK jdk1.8.0_201
Apache Tomcat/9.0.8
AM 7.0.0 (c36edcc20aab37e8bc86e092e0552951ba0cc6a5)
-
Rank:1|hzxq4v:
-
Sprint:AM Sustaining Sprint 61, AM Sustaining Sprint 62
-
Story Points:2
-
Needs backport:No
-
Support Ticket IDs:
-
Needs QA verification:No
-
Functional tests:No
-
Are the reproduction steps defined?:Yes and I used the same an in the description
Bug description
NullPointerException when handling encrypted NameIDManageRequest.
How to reproduce the issue
Details steps outlining how to recreate the issue (remove this text)
- Configure AM as hosted SP
- Configure some IdP
- Perform SAML Account Linking
- Configure IdP to encypt NameID (on IdP side)
- Perform IdP-initiated MangeNameID Request via SOAP-binding
Expected behaviour
Request should fail with SAML error message
Current behaviour
NullPointerException is thrown
excerpt from AM 6.5.0.1 debug log
DoManageNameID.processManageNameIDRequest: java.lang.NullPointerException at com.sun.identity.saml2.profile.DoManageNameID.processManageNameIDRequest(DoManageNameID.java:1017) at com.sun.identity.saml2.profile.DoManageNameID.processManageNameIDRequest(DoManageNameID.java:1200) at com.sun.identity.saml2.profile.DoManageNameID.processSOAPRequest(DoManageNameID.java:846) at com.sun.identity.saml2.servlet.SPManageNameIDServiceSOAP.doPost(SPManageNameIDServiceSOAP.java:60) at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
Work around
Configure NameID encryption on hosted SP.
Code analysis
com.sun.identity.saml2.profile.DoManageNameID.java
... private static Status processManageNameIDRequest( ManageNameIDRequest mniRequest, String realm, String hostEntityID, String remoteEntityID, String hostRole, String userID) throws Exception { ... NameID nameID = getNameIDFromMNIRequest(mniRequest, realm, hostEntityID, hostRole); NameIDInfo oldNameIDInfo = getNameIDInfo(userID, hostEntityID, remoteEntityID, hostRole, realm, nameID.getSPNameQualifier(), true); ...