Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16256

StringIndexOutOfBoundsException when SAML Auth Request 's Reference URI has an empty string

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.5.2.3
    • 5.5.3, 6.0.1, 7.0.0, 6.5.3
    • SAML
    • Rank:
      1|i010j3:
    • AM Sustaining Sprint 75
    • 1
    • No
    • No
    • Yes and I used the same an in the description, Yes but I used my own steps. (If so, please add them in a new comment)
    • 0
    • Future
    • None

    Description

      Bug description

       

      The SAML Request  contains an empty Reference URI string

      <ds:Reference URI="">

      and

      AM throws this error

      Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -1
      
        at java.lang.String.substring(String.java:1931)
       at com.sun.identity.saml2.xmlsig.FMSigProvider.verify(FMSigProvider.java:267)
       at com.sun.identity.saml2.xmlsig.FMSigProvider.verify(FMSigProvider.java:235)
      

       

      Expected behaviour
      Should not throw the StringIndexOutOfBoundsException
      
      Current behaviour
      Should catch that empty string error and display a proper error message 
      

      Attachments

        Activity

          People

            lawrence.yarham Lawrence Yarham
            sam.phua Sam Phua
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: