Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3225

SAML authentication throws NPE with IDP metadata showing certain characteristics

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.0.1
    • Fix Version/s: 10.0.2, 11.0.1, 12.0.0
    • Component/s: SAML
    • Labels:
    • Environment:
      any
    • Rank:
      1|hzo52v:
    • Support Ticket IDs:

      Description

      The problem is caused by IDPs with metadata containing at least two KeyDescriptorType elements without "use" attribute. In such cases, when getKeyDescriptor() is called, the while loop starting line 324 will throw an NPE on second iteration.

      On the first pass through the block, kd.getUse() will return null, the if clause will be true and as "noUsageKD" is unassigned so far, we go into lines 329-330, which assigns "noUsageKD" to the first KeyDescriptor and breaks us out of this iteration with "continue".

      The second pass though, "use" will be null again, but this time "noUsageKD" is not null, the continue is not reached and in line 333 trim() called on a null "use".

      A simple patch is to move continue out of its containing block - see attachment.

        Attachments

          Activity

            People

            Assignee:
            markdr Mark de Reeper
            Reporter:
            stevie stevie
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: