Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8192

spSSOInit with IDP proxy gives null pointer exception

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 13.0.0
    • 13.5.0
    • audit logging, SAML
    • OpenAM 13.0.0 RC - Build 5d4589530d (2016-January-14 21:15)
      MacOS
      Java 1.7.0_67
      tomcat 7.0.62
    • Rank:
      1|hzl71r:
    • AM Sustaining Sprint 19
    • 0
    • Future
    • None

    Description

      Setup IDP proxy configuration as per: https://wikis.forgerock.org/confluence/display/openam/SAMLv2+IDP+Proxy+Part+1.+Setting+up+a+simple+Proxy+scenario

      This requires 3 instances: SP, IDP, and IDP Proxy.

      On SP-initiated SSO (spSSOInit.jsp), user agent is directed correctly to IDP, but after authentication a null point exception is raised on the IDP proxy:

      ----------------------------
      type Exception report

      message AMSetupFilter.doFilter

      description The server encountered an internal error that prevented it from fulfilling this request.

      exception

      javax.servlet.ServletException: AMSetupFilter.doFilter
      com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:135)
      org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)

      root cause

      org.apache.jasper.JasperException: java.lang.NullPointerException
      org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:556)
      org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:477)
      org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
      org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
      org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      org.forgerock.openam.cors.CORSFilter.doFilter(CORSFilter.java:120)
      org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
      com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:106)
      org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)

      root cause

      java.lang.NullPointerException
      com.sun.identity.saml2.profile.IDPSSOUtil.doSSOFederate(IDPSSOUtil.java:232)
      com.sun.identity.saml2.profile.IDPProxyUtil.sendProxyResponse(IDPProxyUtil.java:552)
      com.sun.identity.saml2.profile.IDPProxyUtil.generateProxyResponse(IDPProxyUtil.java:610)
      org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:330)
      org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
      org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
      org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
      org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
      org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      org.forgerock.openam.cors.CORSFilter.doFilter(CORSFilter.java:120)
      org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
      com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:106)
      org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)

      ----------------------------

      It looks like IDPProxyUtil.java makes a call to IDPSSOUtil.doSSOFederate with an "auditor" parameter set to null. IDPSSOUtil.doSSOFederate fails to check whether "auditor" is null and attempts to call "auditor.setSSOTokenID", leading to NPE.

      Attachments

        Activity

          People

            jonthomas Jonathan Thomas
            jon.knight@forgerock.com Jon Knight
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 2h Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 6h
                6h