Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6196

Exception With SAML 2.0 ECP IDP Profile (PAOS Binding)

    Details

    • Support Ticket IDs:

      Description

      This bug was reported on the OpenAM mailing list (see https://lists.forgerock.org/pipermail/openam/2015-June/040852.html); though I have not yet been able yet to recreate the error, but have inspected our code repository and have deducted the following (of course this needs to be validated).

      Due to story https://bugster.forgerock.org/jira/browse/AME-2227 a wide set of changes have been made to the code to make sure we're adhering to the JSP 2.0 specifications. One of these changes which was committed in rev. 7698 is the calling of "response.getWriter()" in "IDPSingleSignOnServiceSOAP.java". By doing so any subsequent call to "response.getWriter()" would result in the IllegalStateException that "getWriter()" was already called for "response". This to avoid similar behaviour downwards in the code inc. "x.getOutputStream()".

      Various changes have been committed fixing several such statements in the entire project. It seems that for SAML 2.0 "HTTP-POST" and "HTTP-Artifact" bindings these changes were done correctly; but that the "PAOS" binding got forgotten. And as it's not that heavily used went unnoticed since the update.

      Example 1: IDPSSOUtil.sendResponseECP(...) lines 2161 to 2163 have the following code present which is obviously causing an IllegalStateException.

      OutputStream os = response.getOutputStream();
      reply.writeTo(os);
      os.flush();

      Example 2: IDPSSOFederate.sendError(...) lines 1110 to 1113 have the next lines of code present which is again obviously creating the same exception.

      OutputStream os = response.getOutputStream();
      soapFault.writeTo(os);
      os.flush();
      os.close();

      I advise a thorough inspection; anyway above examples do not adhere to the JSP 2.0 specifications so must anyway be dealt with to my opinion.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                chrisadriaensen Chris Adriaensen
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2h Original Estimate - 2h
                  2h
                  Remaining:
                  Time Spent - 8h Remaining Estimate - 2h
                  2h
                  Logged:
                  Time Spent - 8h Remaining Estimate - 2h
                  8h