Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9912

NPE occurs in runRemoteLogin if an exception is created without errorCode

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.3
    • Fix Version/s: 11.0.4, 12.0.5
    • Component/s: DAS, SDK
    • Labels:
    • Sprint:
      AM Sustaining Sprint 30
    • Support Ticket IDs:

      Description

      ERROR: Failed to login to https://openam.example.com:443/openam/authservice: null
      java.lang.NullPointerException
      at com.sun.identity.authentication.AuthContext.runRemoteLogin(AuthContext.java:1027)
      at com.sun.identity.authentication.AuthContext.runLogin(AuthContext.java:796)
      at com.sun.identity.authentication.AuthContext.login(AuthContext.java:671)
      at com.sun.identity.authentication.AuthContext.login(AuthContext.java:617)
      at com.sun.identity.authentication.AuthContext.login(AuthContext.java:557)
      at com.sun.identity.authentication.distUI.LoginViewBean.getLoginDisplay(LoginViewBean.java:850)
      at com.sun.identity.authentication.distUI.LoginViewBean.processLoginDisplay(LoginViewBean.java:967)
      at com.sun.identity.authentication.distUI.LoginViewBean.processLogin(LoginViewBean.java:707)
      at com.sun.identity.authentication.distUI.LoginViewBean.forwardTo(LoginViewBean.java:441)
      at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
      at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
      at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at acuk.corp.security.osso.LoginParamServletFilter.doFilter(LoginParamServletFilter.java:110)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at acuk.corp.security.osso.SessionFilter.doFilter(SessionFilter.java:65)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at com.sun.identity.distauth.setup.DistAuthConfiguratorFilter.doFilter(DistAuthConfiguratorFilter.java:101)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
      at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
      at java.lang.Thread.run(Thread.java:662)

      checkException is run which creates an exception. It is valid for the error message to be there, but not the error code.

      eg else case:

      private AuthLoginException checkException(){
              AuthLoginException exception = null;
              String error = getErrorCode();
      
              // if the app token is invalid, refresh the token
              if (error != null && error.equals(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN)) {
                  appSSOToken = getAppSSOToken(true);
              }
      
              if (error != null && error.length() != 0){
                  exception = new AuthLoginException("amAuth", error, null);
              } else {
                  error = getErrorMessage();
                  if (error != null && error.length() != 0) {
          *            exception = new AuthLoginException(error);
                  }
              }
              return exception;
          }
      
      if (loginException != null &&              loginException.getErrorCode().equals(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN) &&
                      retryRunLogin > 0) {
                      retryRunLogin--;
      

      loginException.getErrorCode() is therefore null and as only a specific Exception type is caught, an NPE is seen in das logs (once configured).

      This is then followed by an AuthenticationContext error which is displayed to the end user.

      DESIRED BEHAVIOUR
      ==================
      processing continues beyond this point and for das ends up in authfailed.jsp screen capturing the message

        Attachments

          Activity

            People

            • Assignee:
              jonthomas Jonathan Thomas
              Reporter:
              alex.levin@forgerock.com Alex Levin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: