Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16014

An invalid user passed to any WebAuthn node throws NPE and breaks the Tree flow

    Details

    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      a. Have a UserNameCollector -> WebAuthn(reg/authn) tree flow
      b. Submit an unknown user

      The following is see in the logs

      o.f.o.a.t.e.AuthTreeExecutor: 2020-03-11 13:37:48,878: Thread[https-jsse-nio-8443-exec-9]: TransactionId[57fae5c6-1982-43db-a851-2987ffb9b472-2203]
      ERROR: Node processing failed
      java.lang.NullPointerException: null
              at org.forgerock.openam.auth.nodes.webauthn.WebAuthnAuthenticationNode.process(WebAuthnAuthenticationNode.java:172)
              at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:137)
              at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:179)
              at org.forgerock.openam.core.rest.authn.trees.AuthTrees.processTree(AuthTrees.java:426)
              at org.forgerock.openam.core.rest.authn.trees.AuthTrees.evaluateTreeAndProcessResult(AuthTrees.java:265)
              at org.forgerock.openam.core.rest.authn.trees.AuthTrees.invokeTree(AuthTrees.java:257)
      

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. See steps above
      Expected behaviour
      The failure outcome flow should be trigger and presumably the enhanced error should be propagated to indicate either profile not found or user is not available.
      
      Current behaviour
      NullPointerException when "user" is null  from IdUtil.getIdentity() trigger NodeProcessException and this causes the whole Tree flow to break.
      

      Work around

      Maybe check user in another node before going to the WebAuthn* nodes.

      Code analysis

      • Need to check fro user not existent and sent to Failure outcome.

        Attachments

          Activity

            People

            • Assignee:
              chee-weng.chea C-Weng C
              Reporter:
              chee-weng.chea C-Weng C
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: