Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16367

OIDC request_uri response causes NPE while debug logging

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.1, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3
    • Fix Version/s: 6.5.3, 7.1.0, 7.0.1
    • Component/s: debug logging, oauth2
    • Labels:
    • Rank:
      1|i0194f:
    • Sprint:
      AM Sustaining Sprint 77, AM Sustaining Sprint 78
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      When using a request_uri in Authorization Code grant type flow, an NPE is thrown. The JWT is null, possibly because the JWT is encrypted and when AM tries to write to the debug logs, this part fails:

       

      LOG.message("Loaded JWT {}", signedJwt.build());
      

      How to reproduce the issue

      Not sure how to reproduce the issue locally but the exception being thrown is:

      Caused by: java.lang.NullPointerException
      	at org.forgerock.json.jose.jws.SignedJwt.build(SignedJwt.java:175)
      	at org.forgerock.openam.oauth2.requesturis.RequestUrisCache.loadRequestUrisContent(RequestUrisCache.java:185)
      	at org.forgerock.openam.oauth2.requesturis.RequestUrisCache.getJWTFromRequestUri(RequestUrisCache.java:84)
      	at org.forgerock.oauth2.core.OAuth2RequestFactory.wrapperForRequestParameter(OAuth2RequestFactory.java:150)
      	at org.forgerock.oauth2.core.OAuth2RequestFactory.createWithRequestParameter(OAuth2RequestFactory.java:107)
      	at org.forgerock.oauth2.restlet.AuthorizeResource.getOAuth2Request(AuthorizeResource.java:217)
      	at org.forgerock.oauth2.restlet.AuthorizeResource.authorize(AuthorizeResource.java:126)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.restlet.resource.ServerResource.doHandle(ServerResource.java:511)
      	... 131 more
      

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                aaron.haskins Aaron Haskins
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: