search cancel

java.lang.NullPointerException when processing an SLO with application after upgrading to 12.8.5

book

Article ID: 216164

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder)

Issue/Introduction

SLO log out fails with java.lang.NullPointerException after upgrading to 12.8.5.

IDP initiated SLO fails with session store enabled.

Environment

Policy server: 12.8.5
SPS server: 12.8.5

Cause

Below is snippet from the transaction.

smtracedefault.log 

[05/19/2021][13:22:35][13:22:35.798][][][][][][1076][5020][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][][][][][][][][][CServer.cpp:6682][CServer::Tunnel][][][][][][][][][][][][][][][192.168.3.32][][][][][][][Lib='smjavaapi', Func='JavaTunnelService', Params='com.netegrity.saml2ps.tunnel.SAMLSingleLogoutTunnelService', Server='', Device=''][][][][][Resolved all the input parameters][][][][][][][][][]
[05/19/2021][13:22:35][13:22:35.798][][][][][][1076][5020][][][][][][][][][][CServer.cpp:6835][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][][][][Resolving tunnel Service function JavaTunnelService...][][][][][][][][][]
[05/19/2021][13:22:35][13:22:35.798][][][][][][1076][5020][][][][][][][][][][CServer.cpp:6865][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][][][][][][][Start of tunnel call JavaTunnelService][][][][][][][][][]

Smps.log

[1076/5020][Wed May 19 2021 13:22:35.954][SingleLogoutTunnelServiceHandler.java][ERROR][sm-FedServer-00330] java.lang.NullPointerException

com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verifyExpiration(Unknown Source)

com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verify(Unknown Source)

com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.verify(Unknown Source)

com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.setupSession(Unknown Source)

com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.tunnelHandler(Unknown Source)

com.netegrity.saml2ps.tunnel.SAMLSingleLogoutTunnelService.tunnel(Unknown Source)

com.netegrity.policyserver.smapi.TunnelServiceContext.tunnel(TunnelServiceContext.java:245)

FWSTrace.log

[05/19/2021][13:22:36][300][1124][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][SAMLTunnelClient.java][callSingleLogout][Tunnel result code: 1.]
[05/19/2021][13:22:36][300][1124][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][SLOService.java][handleLogout][
TUNNEL STATUS:
   status  : 2
   message : Exception when processing an SLO message: java.lang.NullPointerException
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verifyExpiration(Unknown Source)
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verify(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.verify(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.setupSession(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.tunnelHandler(Unknown Source)
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutTunnelService.tunnel(Unknown Source)
com.netegrity.policyserver.smapi.TunnelServiceContext.tunnel(TunnelServiceContext.java:245)]
[05/19/2021][13:22:36][300][1124][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][SLOService.java][handleLogoutFailure][Exception when processing an SLO message: java.lang.NullPointerException
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verifyExpiration(Unknown Source)
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutInputMessage.verify(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.verify(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.setupSession(Unknown Source)
com.netegrity.federationps.tunnel.SingleLogoutTunnelServiceHandler.tunnelHandler(Unknown Source)
com.netegrity.saml2ps.tunnel.SAMLSingleLogoutTunnelService.tunnel(Unknown Source)
com.netegrity.policyserver.smapi.TunnelServiceContext.tunnel(TunnelServiceContext.java:245)]
[05/19/2021][13:22:36][300][1124][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][SLOService.java][handleLogoutFailure][Redirecting to error handling URL [CHECKPOINT = SLOSAML2_ERRORURL_REDIRECT]]
[05/19/2021][13:22:36][300][1124][82dd2419-6e391f6c-3397fb46-fb4a7d7f-0eed5b65-73][SLOService.java][handleLogoutFailure][Displaying default failure page.]

The root cause is that SLO request does not contain NotOnOrAfter attribute. Code change is needed to check this attribute in SLO request before obtaining value from it. 

Resolution

This issue will be fixed in upcoming release. Replacement jars are needed on policy server side. Please reach out to the support for a dev fix (DE503196) on 12.8.5 version.