Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15036

Cannot view/manage SAML IdP entity in console, imported from schema compliant meta data file

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 6.5.1, 6.5.0.2
    • 6.5.2, 7.0.0
    • console, SAML
    • Oracle JDK 1.8.0_201-b09
      Apache Tomcat/9.0.8
      AM 6.5.1
    • Rank:
      1|hzye9j:

      Description

      Bug description

      viewing a SAML IdP entity in AM console may lead to an error

      How to reproduce the issue

      1. Configure AM
      2. Import IdP meta data with ssoadm that does not have attribute 'WantAuthnRequestsSigned' set for IDPSSODescriptor
      3. Access the IdP entity in console
      Expected behaviour
      IdP entity should be manageable via console
      
      Current behaviour
      Error message "An error occurred while processing this request. Contact your administrator." is shown.
      
      excerpt from AM debug logs
      ERROR: ConsoleServletBase.onUncaughtException
      com.iplanet.jato.NavigationException: Exception encountered during forward
      Root cause = [java.lang.NullPointerException]
              at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
              at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
              at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:155)
              at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:113)
      ...
      Root cause:
      java.lang.NullPointerException
              at com.sun.identity.console.federation.model.SAMLv2ModelImpl.getStandardIdentityProviderAttributes(SAMLv2ModelImpl.java:492)
              at com.sun.identity.console.federation.SAMLv2IDPAssertionContentViewBean.getStandardValues(SAMLv2IDPAssertionContentViewBean.java:216)
      ...
      

      Work around

      Set

      WantAuthnRequestsSigned="false"
      

      attribute for the IDPSSODescriptor element before importing.

      Code analysis

      com.sun.identity.console.federation.model.EntityModelImpl.java
      ...
          protected Set returnEmptySetIfValueIsNull(boolean b) {
              Set set = new HashSet(2);
              set.add(Boolean.toString(b));
              return set;
          }
      ..
      

      This leads to

      java.lang.NullPointerException: cannot unbox null value
      

      if called with null

        Attachments

          Issue Links

            Activity

              People

              jonthomas Jonathan Thomas
              bthalmayr Bernhard Thalmayr
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: