[OPENAM-15036] Cannot view/manage SAML IdP entity in console, imported from schema compliant meta data file Created: 04/Jun/19  Updated: 10/Dec/19  Resolved: 09/Jul/19

Status: Resolved
Project: OpenAM
Component/s: console, SAML
Affects Version/s: 13.0.0, 13.5.0, 13.5.1, 13.5.2, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1, 6.5.1, 6.5.0.2
Fix Version/s: 6.5.2, 7.0.0

Type: Bug Priority: Major
Reporter: Bernhard Thalmayr Assignee: Jonathan Thomas
Resolution: Fixed Votes: 0
Labels: EDISON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Oracle JDK 1.8.0_201-b09
Apache Tomcat/9.0.8
AM 6.5.1


Issue Links:
Depends
depends on OPENAM-14213 Cannot view SAML SP entity imported w... Resolved
Relates
is related to OPENAM-14213 Cannot view SAML SP entity imported w... Resolved
Support Ticket IDs:

 Description   

Bug description

viewing a SAML IdP entity in AM console may lead to an error

How to reproduce the issue

  1. Configure AM
  2. Import IdP meta data with ssoadm that does not have attribute 'WantAuthnRequestsSigned' set for IDPSSODescriptor
  3. Access the IdP entity in console
Expected behaviour
IdP entity should be manageable via console
Current behaviour
Error message "An error occurred while processing this request. Contact your administrator." is shown.
excerpt from AM debug logs
ERROR: ConsoleServletBase.onUncaughtException
com.iplanet.jato.NavigationException: Exception encountered during forward
Root cause = [java.lang.NullPointerException]
        at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
        at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
        at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:155)
        at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:113)
...
Root cause:
java.lang.NullPointerException
        at com.sun.identity.console.federation.model.SAMLv2ModelImpl.getStandardIdentityProviderAttributes(SAMLv2ModelImpl.java:492)
        at com.sun.identity.console.federation.SAMLv2IDPAssertionContentViewBean.getStandardValues(SAMLv2IDPAssertionContentViewBean.java:216)
...

Work around

Set

WantAuthnRequestsSigned="false"

attribute for the IDPSSODescriptor element before importing.

Code analysis

com.sun.identity.console.federation.model.EntityModelImpl.java
...
    protected Set returnEmptySetIfValueIsNull(boolean b) {
        Set set = new HashSet(2);
        set.add(Boolean.toString(b));
        return set;
    }
..

This leads to

java.lang.NullPointerException: cannot unbox null value

if called with null



 Comments   
Comment by Jonathan Thomas [ 05/Jun/19 ]

I suspect the fix for OPENAM-14213 would solve this as  it fixes the IDPSSODescriptorType as well as the SPSSODescriptorType 

Generated at Sat Nov 28 21:51:32 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.