Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18062

SPACSUtils withholds exception and does not log error

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 6.5.0, 6.5.0.1, 6.5.1, 6.5.0.2, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3, 6.5.3
    • None
    • SAML
    • Rank:
      1|i054fy:
    • AM Sustaining Sprint 87, AM Sustaining Sprint 88, AM Sustaining Sprint 89
    • 1

      Description

      Bug description

      In case a SAML protocol binding is not supported, SPACSUtils does not log any error. If the HTTP response body can not be seen, troubleshooting will be impossible.

      How to reproduce the issue

      1. Set up AM 1 as SAML IdP
      2. Set up AM 2 as SAML SP
      3. Configure SAML trust
      4. On SP side remove HTTP-Artifact binding
      5. Perform IdP-initiated SSO with HTTP-Artifact binding
      6. Adjust configuration and perform IdP-initiated SSO with other unsupported protocol bindings
      Expected behaviour
      SP should log an error that the binding is not supported
      
      Current behaviour
      SP does not log anything
      

       

      Code analysis

      com.sun.identity.saml2.profile.SPACSUtils.java
      ...
      public static ResponseInfo getResponse(
      ....
      

       

      excerpt from Federation debug log in 'message' log for this situation
      libSAML:07/06/2021 01:44:25:169 PM CEST: Thread[http-nio-8081-exec-2,5,main]: TransactionId[2447584f-1106-4442-a8d3-a7dcfcdcca74-2300]
      HttpRequest content length= -1
      --
      libIDFF:07/06/2021 01:44:25:170 PM CEST: Thread[http-nio-8081-exec-2,5,main]: TransactionId[2447584f-1106-4442-a8d3-a7dcfcdcca74-2300]
      FSUtils.getRemoteServiceURLs: requestURL = http://proxy.test.xyz:8081
      --
      libIDFF:07/06/2021 01:44:25:170 PM CEST: Thread[http-nio-8081-exec-2,5,main]: TransactionId[2447584f-1106-4442-a8d3-a7dcfcdcca74-2300]
      FSUtils.getRemoteServiceURLs: servers=[http://proxy.test.xyz:8081/am], siteList=[]
      --
      libIDFF:07/06/2021 01:44:25:170 PM CEST: Thread[http-nio-8081-exec-2,5,main]: TransactionId[2447584f-1106-4442-a8d3-a7dcfcdcca74-2300]
      FSUtils.getRemoteServiceURLs: new servers=[http://proxy.test.xyz:8081/am]
      --
      libIDFF:07/06/2021 01:44:25:170 PM CEST: Thread[http-nio-8081-exec-2,5,main]: TransactionId[2447584f-1106-4442-a8d3-a7dcfcdcca74-2300]
      FSUtils.getRemoteServiceURLs: remoteServiceURLs = []
      --
      libPlugins:07/06/2021 01:44:25:170 PM CEST: Thread[http-nio-8081-exec-2,5,main]: TransactionId[2447584f-1106-4442-a8d3-a7dcfcdcca74-2300]
      ConfigurationInstanceImpl.getAllConfigurationNames: realm = /sub1, componentName = SAML2
      --
      libSAML2:07/06/2021 01:44:25:171 PM CEST: Thread[http-nio-8081-exec-2,5,main]: TransactionId[2447584f-1106-4442-a8d3-a7dcfcdcca74-2300]
      SAML2MetaCache.getEntityConfig: cacheKey = /sub1//idp-proxy-sub1, found = true
      --
      libSAML2:07/06/2021 01:44:25:171 PM CEST: Thread[http-nio-8081-exec-2,5,main]: TransactionId[2447584f-1106-4442-a8d3-a7dcfcdcca74-2300]
      SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: idp-proxy-sub1
      --
      libSAML:07/06/2021 01:44:40:577 PM CEST: Thread[http-nio-8081-exec-2,5,main]: TransactionId[2447584f-1106-4442-a8d3-a7dcfcdcca74-2300]
      SAMLUtils.sendError: error page/saml2/jsp/saml2error.jsp
      

      As you can see from the above excerpt, it's impossible to tell the reason why SAML flow fails from looking at the debug log.

        Attachments

          Activity

            People

            Unassigned Unassigned
            bthalmayr Bernhard Thalmayr
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: