[OPENAM-11937] Federation UI does not allow empty NameIDMappingService Created: 12/Oct/17  Updated: 06/Feb/19  Resolved: 08/Nov/17

Status: Resolved
Project: OpenAM
Component/s: console, SAML
Affects Version/s: 13.5.0, 13.5.1, 14.0.0, 14.1.1, 14.5.0
Fix Version/s: 13.5.2, 6.0.0, 14.1.2, 5.5.2

Type: Bug Priority: Major
Reporter: C-Weng C Assignee: C-Weng C
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates OPENAM-11268 SAML2 IDP metadata missing NameIDMapp... Resolved
Relates
is related to OPENAM-11268 SAML2 IDP metadata missing NameIDMapp... Resolved
Rank: 1|hzkzjj:
Sprint: AM Sustaining Sprint 44
Story Points: 2
Needs backport:
No
Support Ticket IDs:
Verified Version/s:
Needs QA verification:
No
Functional tests:
No
Are the reproduction steps defined?:
Yes and I used the same an in the description

 Description   

Bug description

Importing a Remote IDP saml which does not have NameIDMappingService.
Then later goto the SAML2 service for the IDP and try to goto the Service
tab and save or configure anything. This fails with Entity descriptor "saml-idp" under realm "/" has invalid syntax."

How to reproduce the issue

Details steps outlining how to recreate the issue (remove this text)

1. Create an IDP using the wizard
2. Now export the IDP metadata and remove the NameIDMappingService from the exported metadata
3. Now import the changed IDP metadata again (using ssoadm import-entity) say after removing this IDP.
4. Test configuring other saml metadata property and when save the error is seen.

Expected behaviour
NameIDMappingService is optional and should be possible to be empty and not cause the UI to fail
Current behaviour

Error seen on UI

Entity descriptor "......" under realm "/" has invalid syntax." 

Exception seen when saving the settings on the Federation logs:

at javax.xml.bind.helpers.AbstractMarshallerImpl.marshal(AbstractMarshallerImpl.java:116)
        at com.sun.identity.saml2.meta.SAML2MetaUtils.convertJAXBToString(SAML2MetaUtils.java:187)
        at com.sun.identity.saml2.meta.SAML2MetaUtils.convertJAXBToAttrMap(SAML2MetaUtils.java:221)
        at com.sun.identity.saml2.meta.SAML2MetaManager.setEntityDescriptor(SAML2MetaManager.java:406)
        at com.sun.identity.console.federation.model.SAMLv2ModelImpl.setIDPStdAttributeValues(SAMLv2ModelImpl.java:1231)
        at com.sun.identity.console.federation.SAMLv2IDPServicesViewBean.handleButton1Request(SAMLv2IDPServicesViewBean.java:109)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        ...
                at java.lang.Thread.run(Thread.java:745)
Caused by: com.sun.xml.bind.serializer.AbortSerializationException

java.lang.NullPointerException

        at com.sun.identity.saml2.jaxb.assertion.impl.runtime.SAXMarshaller.repo

rtError(SAXMarshaller.java:436)

        at com.sun.identity.saml2.jaxb.assertion.impl.runtime.SAXMarshaller.text

(SAXMarshaller.java:272)

        at com.sun.identity.saml2.jaxb.metadata.impl.EndpointTypeImpl.serializeAttributes(EndpointTypeImpl.java:88)
....

                at com.sun.identity.saml2.jaxb.metadata.impl.IDPSSODescriptorElementImpl
.serializeBody(IDPSSODescriptorElementImpl.java:43)

other errors sent to Tomcat logs:

DefaultValidationEventHandler: [ERROR]: a required field "Location" is missing an object 
     Location:  obj: com.sun.identity.saml2.jaxb.metadata.impl.NameIDMappingServiceElementImpl@2dca0f4a

Work around

Either do the config changes using export-entity/import-entity or set a bogus value (non-empty) for the NameIDMappingService.

Code analysis

SAML2vModel.java
... may need to avoid creating the NameIDMappingService when there is no value.


 Comments   
Comment by Ľubomír Mlích [ 06/Nov/17 ]

Reproduced in OpenAM 13.5.2-M7 Build 1d3e4900c0 (2017-October-20 09:14)
Verified in OpenAM 13.5.2-M8 Build 1e79511bcb (2017-October-30 15:13)

Comment by Ľubomír Mlích [ 08/Nov/17 ]

Verified in OpenAM 14.1.2-M2 Build e8116f5a64 (2017-November-06 11:10) 

Generated at Fri Mar 05 07:03:11 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.