Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8351

SAML2 JSP pages making use of the SAML2Auditor are calling the SAML2Utils.getRealm with an incorrect Map structure

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 13.0.0, 13.5.0
    • 13.5.0
    • SAML
    • Rank:
      1|hzl75b:
    • AM Sustaining Sprint 17, AM Sustaining Sprint 18
    • 0
    • Future
    • None

    Description

      The request.getParameterMap() returns a Map<String, String[]> and the SAML2Utils.getParameter() method is expecting a Map<String, String>:

          public static String getRealm(final Map paramsMap) {
              return getRealm(getParameter(paramsMap, SAML2Constants.REALM));
          }
      
          public static String getParameter(final Map paramsMap, final String attributeName) {
              if (null == paramsMap || paramsMap.isEmpty()) {
                  return null;
              }
              return (String) paramsMap.get(attributeName);
          }
      

      So the SAML2Auditor.setRealm(SAML2Utils.getRealm(request.getParameterMap()))) call fails when a REALM parameter is present.

      This may result in a ClassCastException in logs similar to following:

      Stacktrace: 
      at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:494) 
      .........
      at java.lang.Thread.run(Thread.java:745) 
      Caused by: java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.String 
      at com.sun.identity.saml2.common.SAML2Utils.getParameter(SAML2Utils.java:1370) 
      at com.sun.identity.saml2.common.SAML2Utils.getRealm(SAML2Utils.java:1356) 
      

      Attachments

        Activity

          People

            markdr Mark de Reeper
            markdr Mark de Reeper
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 6h Original Estimate - 6h
                6h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 8h
                8h