Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5898

ssoadm get-realm-svc-attrs fails with Nullpointer when module based authentication is disabled

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 12.0.0
    • Fix Version/s: None
    • Component/s: authentication, CLI
    • Labels:
      None
    • Support Ticket IDs:

      Description

      ./ssoadm get-realm-svc-attrs -u amadmin -f amadminpwd -e / -s validationService
      

      is failing with nullpointer.
      Other services as well.

      java.lang.NullPointerException
          at java.util.Hashtable.get(Hashtable.java:351)
          at com.iplanet.services.naming.WebtopNaming.getSiteID(WebtopNaming.java:936)
          at com.iplanet.dpro.session.Session.validateSessionID(Session.java:2034)
          at com.iplanet.dpro.session.Session.getSessionServiceURL(Session.java:1356)
          at com.iplanet.dpro.session.service.SessionService.checkSessionLocal(SessionService.java:903)
          at com.iplanet.dpro.session.Session.checkSessionLocal(Session.java:1983)
          at com.iplanet.dpro.session.Session.refresh(Session.java:1536)
          at com.iplanet.dpro.session.Session.getSession(Session.java:1203)
          at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:190)
          at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:169)
          at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:219)
          at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:306)
          at com.sun.identity.idm.server.IdRepoJAXRPCObjectImpl.getSSOToken(IdRepoJAXRPCObjectImpl.java:996)
          at com.sun.identity.idm.server.IdRepoJAXRPCObjectImpl.getAssignedServices_idrepo(IdRepoJAXRPCObjectImpl.java:255)
          at com.iplanet.am.sdk.remote.DirectoryManagerIF_Tie.invoke_getAssignedServices_idrepo(DirectoryManagerIF_Tie.java:2060)
          at com.iplanet.am.sdk.remote.DirectoryManagerIF_Tie.processingHook(DirectoryManagerIF_Tie.java:5497)
          at com.sun.xml.rpc.server.StreamingHandler.handle(StreamingHandler.java:350)
          at com.sun.xml.rpc.server.http.JAXRPCServletDelegate.doPost(JAXRPCServletDelegate.java:465)
          at com.sun.xml.rpc.server.http.JAXRPCServlet.doPost(JAXRPCServlet.java:119)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
          at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
          at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:100)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
      

      This is due to disabling module based authentication.

      In Session.java :

                  if (!WebtopNaming.isServer(siteID)) {
                      errorMessage = "Invalid session ID, Site ID \"" + siteID + "\" either points to a non-existent server,"
                              + " or to a site";
                  }
                  String realSiteID = WebtopNaming.getSiteID(siteID);
      

      As the siteID is null, the WebtopNaming.isServer(siteID) fails and returns false.

      Steps to reproduce:
      In the console, go into the Top Level Realm / > Authentication > All Core Settings > Security > disable Module Based Authentication
      Run the ssoadm command

      ./ssoadm get-realm-svc-attrs -u amadmin -f amadminpwd -e / -s validationService 
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                quentin.castel Quentin CASTEL
                Reporter:
                mark.powell Mark Powell
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: