Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18174

NullPointerException in SAML2 Auth module

    XMLWordPrintable

    Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 6.5.2
    • None
    • authentication, SAML
    • Oracle HotSpot JVM 1.8.0_201
      Apache Tomcat 9.0.8
      FR AM 6.5.2
    • Rank:
      1|i05eqe:

      Description

      Bug description

      SAML2 auth module fails when using singed AuthnRequest

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Configure some AM as IdP
      2. Configure AM 6.5.2 in SAML2 integrated mode
      3. Configure the hosted SP to sign SAML AuthnRequest
      4. Do not specify singing alias
      5. Start service based authentication
      Expected behaviour
      NullPointerException should not occur
      
      Current behaviour
      NPE happens
      
      excerpt from AM 6.5.2 debug logs
      javax.security.auth.login.LoginException: java.lang.NullPointerException
              at com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:114)
              at java.security.KeyStore.getKey(KeyStore.java:1023)
              at org.forgerock.openam.utils.AMKeyProvider.lambda$getPrivateKey$1(AMKeyProvider.java:291)
              at org.forgerock.openam.shared.concurrency.ConcurrentMultiTypedMap.lambda$getWithKeyOrCompute$0(ConcurrentMultiTypedMap.java:53)
              at java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1660)
              at org.forgerock.openam.shared.concurrency.ConcurrentMultiTypedMap.getWithKeyOrCompute(ConcurrentMultiTypedMap.java:53)
              at org.forgerock.openam.utils.AMKeyProvider.getPrivateKey(AMKeyProvider.java:289)
              at com.sun.identity.saml.xmlsig.JKSKeyProvider.getPrivateKey(JKSKeyProvider.java:114)
              at com.sun.identity.saml2.profile.SPSSOFederate.signQueryString(SPSSOFederate.java:1277)
              at com.sun.identity.saml2.profile.SPSSOFederate.getRedirect(SPSSOFederate.java:383)
              at org.forgerock.openam.authentication.modules.saml2.SAML2.initiateSAMLLoginAtIDP(SAML2.java:251)
              at org.forgerock.openam.authentication.modules.saml2.SAML2.process(SAML2.java:176)
              at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1091)
              at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1289)
      

        Attachments

          Activity

            People

            Unassigned Unassigned
            bthalmayr Bernhard Thalmayr
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: