We noticed in VIP Authentication Hub, release 1.0.3186, we can no longer receive calls on the custom providers API. The endpoint returns error 500.
Request:
POST https://authhub.dev.net/default/admin/v1/CustomProviders
POST data:
{
"providerName": RSARiskProvider",
"providerProperties": [
{
"name": "rsaorganization",
"value": "Custom_ECS"
}
],
"securityMethod": "oauth",
"clientId": "4eb6871d-8a98-4745-a0d9-cb69e834085b",
"clientSecretAlias": "oauthSpiClientSecret",
"oauthScopes": "urn:iam:t.authenticate",
"oauthTokenUrl": "https://authhub.dev.net/default/oauth2/v1/token",
"oauthTokenCertificateAlias": "root-ca",
"sslMode": "VERIFY_CA",
"ignoreSSLValidation":"true",
"ignoreSSLValidation":"true",
"url": "https://rsa-risk-provider.dev.net/riskprovider",
"spiReadTimeoutMillis": "5000",
"spiConnectTimeoutMillis": "5000",
"version": "1.0"
}
Response:
{
"timestamp": 1677094489485,
"status": 500,
"error": "Internal Server Error",
"path": "/admin/v1/CustomProviders"
}
Logs:
{ [-]
appName: DefaultTenantClient
clientTid: 506e36ad-8346-43c5-ad4f-260cb3aae68f
httpMethod: POST
level: error
msg: Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.NullPointerException] with root cause
relVersion: 1.0
sid:
sub: 760297f4-c54b-4be1-bff6-b06aad9915a5
subType: CLIENT
thread: https-jsse-nio-8083-exec-5
throwable: java.lang.NullPointerException
at com.broadcom.layer7authentication.core.service.provider.ProviderConfigValidation.verifySecurityMethodConfig(ProviderConfigValidation.java:401)
at com.broadcom.layer7authentication.admin.controller.CustomProviderController.addCustomProviders(CustomProviderController.java:111)
at com.broadcom.layer7authentication.admin.controller.CustomProviderController$$FastClassBySpringCGLIB$$79c9b883.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
at com.broadcom.layer7authentication.persistence.aop.ReadOnlyRouteInterceptor.proceed(ReadOnlyRouteInterceptor.java:29)
at jdk.internal.reflect.GeneratedMethodAccessor238.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
at com.broadcom.layer7authentication.admin.controller.CustomProviderController$$EnhancerBySpringCGLIB$$52b812f8.addCustomProviders(<generated>)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
............
timestamp: 2023-02-22T19:34:49.485055Z
type: log
userGuid:
userLoginId:
userRiskLevel:
userRiskScore:
userUniversalId:
}
Release : Oct.05
Starting Oct base release of VIP Authentication we require these additional parameters to be passed in the request payload, these are mentioned at the bottom of this request which is a working example and also just below:
"oauthTokenSslMode": "VERIFY_CA",
"oauthTokenIgnoreSslValidation": true
{
"providerName": "RSARiskProvider",
"providerProperties": [
{
"name": "rsaorganization",
"value": "Custom_ECS"
}
],
"securityMethod": "oauth",
"clientId": "4eb6871d-8a98-4745-a0d9-cb69e834085b",
"clientSecretAlias": "oauthSpiClientSecret",
"oauthScopes": "urn:iam:t.authenticate",
"oauthTokenUrl": "https://authhub.dev.net/default/oauth2/v1/token",
"oauthTokenCertificateAlias": "",
"sslMode": "VERIFY_CA",
"ignoreSSLValidation": "true",
"url": "https://rsa-risk-provider.dev.net/riskprovider",
"spiReadTimeoutMillis": "5000",
"spiConnectTimeoutMillis": "5000",
"version": "1.0",
"oauthTokenSslMode": "VERIFY_CA",
"oauthTokenIgnoreSslValidation": true
}
The Null Pointer exception observed in the logs is the cause of these parameters missing but the VIP Auth Hub team will address this in code to handle it gracefully so NPE is not observed.