-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 6.5.1
-
Component/s: None
-
Labels:
Bug description
If authenticating via LDAP Decision node fails with a NPE, this will also fail to continue executing the full tree via the failed route
How to reproduce the issue
Details steps outlining how to recreate the issue
- Vanilla AM install
- Create a new tree called testtree
- Within the tree I have the following :
Start > Username > Password > LDAP Decision > True / False > Success / Fail > If FAIL > Choice Collector with a single choice > Fail
3.1. the Ldap Decision node has the following :
Attributes Used to Search for a User to be Authenticated = uid cn - I created two new users as follows :
Login > Top Level Realm > Identities > Add Identity >
User ID = testone
Password = password
Create - Create another user
Login > Top Level Realm > Identities > Add Identity >
User ID = testtwo
Password = password
> Create > Full Name = testone - Then attempt to login using the new testtree
http://openam.example.com:8080/openam/XUI/?service=testtree You should see that authentication fails but does not prompt for a choice. (using the choice collector node)
Authentication Logs have the following exception, which should be caught an continue the flow via the failed route.
ERROR: searchForUser : Multiple matches found for user 'eliottest'. Please modify search start DN/filter/scope to make sure unique match returned. Contact your administrator to fix the problem
amAuth:07/11/2019 04:15:27:174 PM BST: Thread[http-nio-8080-exec-1,5,main]: TransactionId[93d625d7-6af4-48dd-aea8-7b953aa677f2-19813]
ERROR: Node processing failed
java.lang.NullPointerException
at org.forgerock.openam.auth.nodes.LdapDecisionNode.authenticateUser(LdapDecisionNode.java:333)
at org.forgerock.openam.auth.nodes.LdapDecisionNode.process(LdapDecisionNode.java:282)
at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:105)
at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:149)
at org.forgerock.openam.core.rest.authn.trees.AuthTrees.processTree(AuthTrees.java:421)
at org.forgerock.openam.core.rest.authn.trees.AuthTrees.evaluateTreeAndProcessResult(AuthTrees.java:261)
at org.forgerock.openam.core.rest.authn.trees.AuthTrees.invokeTree(AuthTrees.java:253)
at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:222)
at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:164)
at sun.reflect.GeneratedMethodAccessor97.invoke(Unknown Source)
Expected behaviour
Flow should fall through the fail route of the LDAP decision node
Current behaviour
Flow fails completely after ldap decision node
Work around
Use authentication chains, LDAP module will fail and continue through chain to the next module
- relates to
-
OPENAM-15160 LDAP Decision Node throws NPE when custom ldap server returns LDAP code 50 on bind
-
- Resolved
-