Uploaded image for project: 'OpenICF'
  1. OpenICF
  2. OPENICF-949

LDAP connector - AD with SSL _action=authenticate returns 500 Internal server error

    Details

      Description

      We started to get null pointer exception possibly after updates OPENICF-666 or 25d9e743f25 (isn't there wrong OPENICF ticket?).

      To reproduce

      1. Run _action=authenticate
        curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --header "Content-Type: application/json" --data '{"username": "A_1536924197", "password": "Passw0rd"}' --request POST "http://localhost:8080/openidm/system/ldap/account?_action=authenticate" 
        
        {"code":500,"reason":"Internal Server Error","message":"Internal Server Error"}
        

      Logs

      WARNING: Resource exception: 500 Internal Server Error: "Internal Server Error"
      org.forgerock.json.resource.InternalServerErrorException: Internal Server Error
      	at org.forgerock.openidm.provisioner.openicf.impl.ObjectClassResourceProvider.handleAction(ObjectClassResourceProvider.java:251)
      	at org.forgerock.openidm.provisioner.openicf.impl.ObjectClassRequestHandler.handleAction(ObjectClassRequestHandler.java:89)
      	at org.forgerock.json.resource.Router.handleAction(Router.java:251)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:55)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:44)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.authz.DelegatedAdminFilter.lambda$filterAction$0(DelegatedAdminFilter.java:177)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:258)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:222)
      	at org.forgerock.openidm.authz.DelegatedAdminFilter.filterRequest(DelegatedAdminFilter.java:252)
      	at org.forgerock.openidm.authz.DelegatedAdminFilter.filterAction(DelegatedAdminFilter.java:177)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.audit.filter.AuditFilter.lambda$filterAction$0(AuditFilter.java:113)
      	at org.forgerock.openidm.audit.filter.AuditFilter.logAuditAccessEntry(AuditFilter.java:169)
      	at org.forgerock.openidm.audit.filter.AuditFilter.filterAction(AuditFilter.java:113)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3.lambda$filterAction$0(ServletConnectionFactory.java:379)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3.handleRequestWithLogging(ServletConnectionFactory.java:436)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3.filterAction(ServletConnectionFactory.java:379)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.router.filter.PassthroughFilter.filterAction(PassthroughFilter.java:42)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.openidm.router.filter.PassthroughFilter.filterAction(PassthroughFilter.java:42)
      	at org.forgerock.openidm.router.filter.MutableFilterDecorator.filterAction(MutableFilterDecorator.java:66)
      	at org.forgerock.json.resource.Filters$ConditionalFilter.filterAction(Filters.java:42)
      	at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:53)
      	at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:226)
      	at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:29)
      	at org.forgerock.json.resource.AbstractConnectionWrapper.actionAsync(AbstractConnectionWrapper.java:74)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$InternalConnectionWrapper.lambda$actionAsync$11(ServletConnectionFactory.java:357)
      	at org.forgerock.openidm.metrics.MetricsCollector.time(MetricsCollector.java:112)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$InternalConnectionWrapper.time(ServletConnectionFactory.java:292)
      	at org.forgerock.openidm.servlet.internal.ServletConnectionFactory$InternalConnectionWrapper.actionAsync(ServletConnectionFactory.java:357)
      	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:136)
      	at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:82)
      	at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:177)
      	at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:128)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:258)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:247)
      	at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:713)
      	at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:619)
      	at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:281)
      	at org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:146)
      	at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:69)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.routing.Router.handle(Router.java:100)
      	at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:63)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.openidm.auth.ProfileEnhancementCheckFilter.filter(ProfileEnhancementCheckFilter.java:149)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.openidm.auth.LoginCountFilter.filter(LoginCountFilter.java:63)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:258)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:247)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
      	at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
      	at org.forgerock.openidm.auth.AuthFilterWrapper.filter(AuthFilterWrapper.java:87)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:252)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
      	at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:83)
      	at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:301)
      	at sun.reflect.GeneratedMethodAccessor97.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.forgerock.openidm.servletregistration.impl.ServletRegistrationSingleton$FilterProxy.invoke(ServletRegistrationSingleton.java:309)
      	at com.sun.proxy.$Proxy64.doFilter(Unknown Source)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      	at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:257)
      	at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:220)
      	at sun.reflect.GeneratedMethodAccessor97.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.forgerock.openidm.servletregistration.impl.ServletRegistrationSingleton$FilterProxy.invoke(ServletRegistrationSingleton.java:309)
      	at com.sun.proxy.$Proxy64.doFilter(Unknown Source)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
      	at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
      	at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:276)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
      	at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
      	at org.eclipse.jetty.server.Server.handle(Server.java:499)
      	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
      	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
      	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: java.lang.NullPointerException
      	at org.identityconnectors.ldap.LdapConnection.hasPasswordExpiredControl(LdapConnection.java:149)
      	at org.identityconnectors.ldap.LdapConnection.createContext(LdapConnection.java:304)
      	at org.identityconnectors.ldap.LdapConnection.createContext(LdapConnection.java:281)
      	at org.identityconnectors.ldap.LdapConnection.authenticate(LdapConnection.java:436)
      	at org.identityconnectors.ldap.LdapAuthenticate.authenticate(LdapAuthenticate.java:83)
      	at org.identityconnectors.ldap.LdapConnector.authenticate(LdapConnector.java:168)
      	at org.identityconnectors.framework.impl.api.local.operations.AuthenticationImpl.authenticate(AuthenticationImpl.java:64)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:104)
      	at com.sun.proxy.$Proxy74.authenticate(Unknown Source)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
      	at com.sun.proxy.$Proxy74.authenticate(Unknown Source)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:98)
      	at com.sun.proxy.$Proxy74.authenticate(Unknown Source)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:76)
      	at com.sun.proxy.$Proxy74.authenticate(Unknown Source)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.identityconnectors.framework.impl.api.local.LocalConnectorFacadeImpl$ReferenceCountingProxy.invoke(LocalConnectorFacadeImpl.java:304)
      	at com.sun.proxy.$Proxy74.authenticate(Unknown Source)
      	at org.identityconnectors.framework.impl.api.AbstractConnectorFacade.authenticate(AbstractConnectorFacade.java:283)
      	at org.forgerock.openidm.provisioner.openicf.impl.ObjectClassResourceProvider.handleAuthenticate(ObjectClassResourceProvider.java:193)
      	at org.forgerock.openidm.provisioner.openicf.impl.ObjectClassResourceProvider.handleAction(ObjectClassResourceProvider.java:237)
      	... 107 more
      

      Tests

      ./run-pybot.py --suite connectors.ldap.ad.*with_ssl --test expire_account OpenIDM
      

      With LDAPConnector bundled 1.4.7.0 (376435bd9e0), tests passes

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                gael Gael Allioux
                Reporter:
                michal.orlik@profiq.cz Michal Orlik
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: