[OPENAM-13426] EncryptSAMLIDPSPBasicAuthPwdStep fails in upgrade Created: 09/Aug/18  Updated: 25/Jul/19  Resolved: 13/Aug/18

Status: Resolved
Project: OpenAM
Component/s: upgrade
Affects Version/s: 13.5.2, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 14.1.2, 6.0.0.3, 6.5.0
Fix Version/s: 12.0.5, 13.5.3, 14.1.2, 6.0.0.4, 6.5.0, 6.0.1, 5.5.2

Type: Bug Priority: Major
Reporter: Lawrence Yarham Assignee: Lawrence Yarham
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Target Version/s:
Sprint: AM Sustaining Sprint 53
Story Points: 1
Support Ticket IDs:
Needs QA verification:
No

 Description   

Bug description

AM upgrade from 6.0.0 to 6.0.0.2 or 13.5.1 to 13.5.2 fails for EncryptSAMLIDPSPBasicAuthPwdStep

How to reproduce the issue

Am unable to reproduce at present.  Believe this relates to a SAML entity present from AM 10 which has been carried through at least one previous upgrade.

Have ruled out an upgrade for an env that has no SAML entities, then a SAML entity created using the Applications tab (rather than dashboard and e.g. Create hosted IdP).

Expected behaviour
Upgrade step should process successfully
Current behaviour
Upgrade step fails with following logged output (taken from 13.5.2):
ERROR: An error occurred while finding SAMLv2 IdP and SP entries that require update 
java.lang.NullPointerException
at org.forgerock.openam.upgrade.steps.EncryptSAMLIDPSPBasicAuthPwdStep.findEntitiesToUpdate(EncryptSAMLIDPSPBasicAuthPwdStep.java:164)
at org.forgerock.openam.upgrade.steps.EncryptSAMLIDPSPBasicAuthPwdStep.initialize(EncryptSAMLIDPSPBasicAuthPwdStep.java:76)
at org.forgerock.openam.upgrade.UpgradeServices.<init>(UpgradeServices.java:98)
at org.forgerock.openam.upgrade.UpgradeServices.getInstance(UpgradeServices.java:125)
at com.sun.identity.config.upgrade.Upgrade.<init>(Upgrade.java:60)

Work around

Upgrade from 13.5.x to 6.0.0.2 directly.  The upgrade step is only performed in 6.0.0.2 for original versions of 6.0.0 and later.

Code analysis

There needs to be a null check guard just before line 164 (code version from 13.5.2).  Its unclear as to why an entityConfig of null would result from the call at the second line below, but this is causing the issue.

EncryptSAMLIDPSPBasicAuthPwdStep.findEntitiesToUpdate function
for (String entityId : entityIdList) {
    EntityConfigElement entityConfig = saml2MetaManager.getEntityConfig(realm, entityId);

    List<? extends BaseConfigType> entities =
        entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();

Generated at Sat Nov 28 13:23:04 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.