java.lang.NullPointerException for SLO in Policy Server
search cancel

java.lang.NullPointerException for SLO in Policy Server

book

Article ID: 216164

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

 

SLO log out fails with java.lang.NullPointerException after upgrading to 12.8.5.

IDP initiated SLO fails with session store enabled.

 

Environment

 

Policy server: 12.8.5
SPS server: 12.8.5

 

Cause

 

Below is a snippet from the transaction.

smtracedefault.log 

[05/19/2021][13:22:35][13:22:35.798][][][][][][1076][5020][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][][][][][][][][][CServer.cpp:6682][CServer::Tunnel][][][][][][][][][][][][][][][10.0.0.1][][][][][][][Lib='smjavaapi', Func='JavaTunnelService', Params='com.netegrity.saml2ps.tunnel.SAMLSingleLogoutTunnelService', Server='', Device=''][][][][][Resolved all the input parameters][][][][][][][][][]
[05/19/2021][13:22:35][13:22:35.798][][][][][][1076][5020][][][][][][][][][][CServer.cpp:6835][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][][][][Resolving tunnel Service function JavaTunnelService...][][][][][][][][][]
[05/19/2021][13:22:35][13:22:35.798][][][][][][1076][5020][][][][][][][][][][CServer.cpp:6865][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][][][][Start of tunnel call JavaTunnelService][][][][][][][][][]

smps.log

[1076/5020][Wed May 19 2021 13:22:35.954][SingleLogoutTunnelServiceHandler.java][ERROR][sm-FedServer-00330] java.lang.NullPointerException

com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verifyExpiration(Unknown Source)
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verify(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.verify(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.setupSession(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.tunnelHandler(Unknown Source)
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutTunnelService.tunnel(Unknown Source)
com.netegrity.policyserver.smapi.TunnelServiceContext.tunnel(TunnelServiceContext.java:245)

FWSTrace.log

[05/19/2021][13:22:36][300][1124][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][SAMLTunnelClient.java][callSingleLogout][Tunnel result code: 1.]
[05/19/2021][13:22:36][300][1124][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][SLOService.java][handleLogout][
TUNNEL STATUS:
   status  : 2
   message : Exception when processing an SLO message: java.lang.NullPointerException
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verifyExpiration(Unknown Source)
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verify(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.verify(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.setupSession(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.tunnelHandler(Unknown Source)
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutTunnelService.tunnel(Unknown Source)
com.netegrity.policyserver.smapi.TunnelServiceContext.tunnel(TunnelServiceContext.java:245)]
[05/19/2021][13:22:36][300][1124][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][SLOService.java][handleLogoutFailure][Exception when processing an SLO message: java.lang.NullPointerException
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verifyExpiration(Unknown Source)
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verify(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.verify(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.setupSession(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.tunnelHandler(Unknown Source)
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutTunnelService.tunnel(Unknown Source)
com.netegrity.policyserver.smapi.TunnelServiceContext.tunnel(TunnelServiceContext.java:245)]
[05/19/2021][13:22:36][300][1124][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][SLOService.java][handleLogoutFailure][Redirecting to error handling URL [CHECKPOINT = SLOSAML2_ERRORURL_REDIRECT]]
[05/19/2021][13:22:36][300][1124][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][SLOService.java][handleLogoutFailure][Displaying default failure page.]

The root cause is that SLO request does not contain NotOnOrAfter attribute. Code change is needed to check this attribute in SLO request before obtaining value from it. 

 

Resolution

 

Upgrade the Policy Server to 12.8SP6 to benefit from fix DE503196 (1).

 

Additional Information

 

(1)

    Defects Fixed in 12.8.06
    

Powered by Wolken Software