Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15944

WS-Federation - RPSignin Request fails because config data is used unchecked

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 14.1.1.1, 14.1.1.2, 14.1.1.3, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 14.1.1.4, 6.0.0.5, 14.1.1.5, 14.1.2.2, 6.5.0, 6.0.0.6, 6.5.0.1, 6.0.0.7, 14.1.2.3, 6.5.1, 6.5.0.2, 14.1.2.4, 6.5.2, 6.5.2.1, 6.5.2.2, 14.1.2.5, 14.1.2.11
    • Fix Version/s: 6.0.1, 5.5.2, 7.0.0, 6.5.3
    • Component/s: WS Federation
    • Labels:
    • Sprint:
      AM Sustaining Sprint 72, AM Sustaining Sprint 73
    • Story Points:
      3
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description, Yes but I used my own steps. (If so, please add them in a new comment)

      Description

      Bug description

      If hosted WS-Federation relying party is missing configuration attributes, RP initiated Signin Request fails

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Configure AM 1 as WS-Federation issuing party in sub-realm X
      2. Configure AM 2 as WS-Federation relying party in sub-realm A
      3. remove some properties from relying party, e.g. value for HomeRealmDiscoveryService
      4. Build trust between AM 1 and AM 2
      5. Perform relying part passive request (e.g. http://am2.test.xyz:8080/am/WSFederationServlet/metaAlias/A/wsfed-sp?wa=wsignin1.0&whr=wsfed-idp&wreply=http%3A%2F%2Flocalhost%3A8080
      Expected behaviour
      RS Signin Request should be generated
      
      Current behaviour
      RP Signin Request is not generated
      

      AM fails with

      java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
          at java.util.ArrayList.rangeCheck(ArrayList.java:657)
          at java.util.ArrayList.get(ArrayList.java:433)
          at com.sun.xml.bind.util.ProxyListImpl.get(ProxyListImpl.java:189)
      

      Code analysis

      com.sun.identity.wsfederation.servlet.RPSigninRequest.java
      ...
          public void process() throws WSFederationException, IOException
          {
      ...
              String accountRealmSelection = 
                      spConfigAttributes.get(
                      com.sun.identity.wsfederation.common.WSFederationConstants.
                      ACCOUNT_REALM_SELECTION).get(0);
      ...
              String accountRealmCookieName = 
                  spConfigAttributes.get(WSFederationConstants.
                  ACCOUNT_REALM_COOKIE_NAME).get(0);
      ...
                  String homeRealmDiscoveryService =
                      spConfigAttributes.get(
                      WSFederationConstants.HOME_REALM_DISCOVERY_SERVICE).get(0);
      ...
      
      }
      

      --> Create wrapping method that checks occurrence of key in map.

        Attachments

          Activity

            People

            • Assignee:
              lawrence.yarham Lawrence Yarham
              Reporter:
              bthalmayr Bernhard Thalmayr
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: