Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17939

Logs show missing resource exception for key Invalid SAML2 request jwt

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 7.0.0, 6.5.3, 7.1.0, 7.0.1, 7.0.2
    • None
    • authentication, SAML
    • None
    • May be seen on catalina.out logs
    • Rank:
      1|i04vhq:

      Description

      Bug description

      When the Elastic SAML request is invalid or timed out the following is seen logged to some container logs

      Caused by: java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key Invalid SAML2 request jwt
              at java.util.ResourceBundle.getObject(ResourceBundle.java:450)
              at java.util.ResourceBundle.getString(ResourceBundle.java:407)
              at com.sun.identity.saml2.profile.FederatedSSOException.getMessage(FederatedSSOException.java:46)
              at java.lang.Throwable.getLocalizedMessage(Throwable.java:392)
              at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFederate.java:107)
              at org.apache.jsp.saml2.jsp.idpSSOFederate_jsp._jspService(idpSSOFederate_jsp.java:202)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
              at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467)
      

      How to reproduce the issue

      1. Do a SP initiated flow
      2. Pause before the IDP login for 620 sec (for the saml to timeout) or reuse a old/invalid (or expired) saml2Request stored in the Local storage
      3. Check the webcontainer logs
      4. Alternatively one can save the previous saml2Request local storage and when in the IDP screen replace with the old invalid request before submission.

      Expected behaviour
      There is a proper error rather than an exception.
      
      Current behaviour
      Exception throw with above error on logs
      

      Work around

      Code analysis

      ....
      ... This key should be changed to a resource Id and a property file for the resource key be mapped to a proper error. Current this will go to Server error
      

        Attachments

          Activity

            People

            Unassigned Unassigned
            chee-weng.chea C-Weng C
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: