Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15036

Cannot view/manage SAML IdP entity in console, imported from schema compliant meta data file

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 6.5.1, 6.5.0.2
    • Fix Version/s: 6.5.2, 7.0.0
    • Component/s: console, SAML
    • Labels:
    • Environment:
      Oracle JDK 1.8.0_201-b09
      Apache Tomcat/9.0.8
      AM 6.5.1
    • Support Ticket IDs:

      Description

      Bug description

      viewing a SAML IdP entity in AM console may lead to an error

      How to reproduce the issue

      1. Configure AM
      2. Import IdP meta data with ssoadm that does not have attribute 'WantAuthnRequestsSigned' set for IDPSSODescriptor
      3. Access the IdP entity in console
      Expected behaviour
      IdP entity should be manageable via console
      
      Current behaviour
      Error message "An error occurred while processing this request. Contact your administrator." is shown.
      
      excerpt from AM debug logs
      ERROR: ConsoleServletBase.onUncaughtException
      com.iplanet.jato.NavigationException: Exception encountered during forward
      Root cause = [java.lang.NullPointerException]
              at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
              at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
              at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:155)
              at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:113)
      ...
      Root cause:
      java.lang.NullPointerException
              at com.sun.identity.console.federation.model.SAMLv2ModelImpl.getStandardIdentityProviderAttributes(SAMLv2ModelImpl.java:492)
              at com.sun.identity.console.federation.SAMLv2IDPAssertionContentViewBean.getStandardValues(SAMLv2IDPAssertionContentViewBean.java:216)
      ...
      

      Work around

      Set

      WantAuthnRequestsSigned="false"
      

      attribute for the IDPSSODescriptor element before importing.

      Code analysis

      com.sun.identity.console.federation.model.EntityModelImpl.java
      ...
          protected Set returnEmptySetIfValueIsNull(boolean b) {
              Set set = new HashSet(2);
              set.add(Boolean.toString(b));
              return set;
          }
      ..
      

      This leads to

      java.lang.NullPointerException: cannot unbox null value
      

      if called with null

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jonthomas Jonathan Thomas
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: