search cancel

JWT authentication scheme encounters NullPointerException.

book

Article ID: 201767

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

Policy server = r12.8.1 RHEL 7

Access Gateway = r12.8.1 RHEL 7

JDK = jdk1.8.0_201

We are testing our application authentication using the SiteMinder JWT auth scheme with the Postman client posting the JWT token to SiteMinder,

but we're getting a Java null pointer errors.

[10/16/2020][09:52:43][140636808271616][][SmAuthUser.cpp:760][][][][][][][][][][][][][LogMessage:INFO:[sm-Server-03580] java.lang.NullPointerException
        at java.util.Date.getMillisOf(Date.java:958)
        at java.util.Date.before(Date.java:917)
        at com.ca.sm.jwtauth.SMJWTResolver.validateJwtContext(SMJWTResolver.java:35)
        at com.ca.sm.jwtauth.SmJWTAuthScheme.disambiguateUser(SmJWTAuthScheme.java:174)
        at com.ca.sm.jwtauth.SmJWTAuthScheme.authenticate(SmJWTAuthScheme.java:86)
        at com.netegrity.policyserver.smapi.SmAuthenticationContext.authenticate(SmAuthenticationContext.java:289)

Cause

When SiteMinder receives JWT token, it requires claim (exp date) to be set within JWT token, which is missing from original client submit.

NullPointerException is encountered when getting the date stamp value.

Environment

Release : 12.8

Component : SITEMINDER -SDK

Resolution

For version earlier than 12.8.03, customer can resolve it by setting the (exp date) for the JWT token during submit.

Or upgrade to fixed version 12.8.03 or later.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/service-packs/defects-fixed-in-12-8-03.html

The following defects are fixed in SiteMinder 12.8.03:

1294105 DE404613 JWT authentication fails if the token does not contain token expiry time