VIP Authentication Hub - Internal Server Error 500 in attempt to configure custom Risk adapter
search cancel

VIP Authentication Hub - Internal Server Error 500 in attempt to configure custom Risk adapter

book

Article ID: 260667

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

We noticed in VIP Authentication Hub, release 1.0.3186, we can no longer receive calls on the custom providers API. The endpoint returns error 500.

Request:
POST https://authhub.dev.net/default/admin/v1/CustomProviders

POST data:
{
  "providerName": RSARiskProvider",
  "providerProperties": [
    {
      "name": "rsaorganization",
      "value": "Custom_ECS"
    }
  ],   
  "securityMethod": "oauth",
  "clientId": "4eb6871d-8a98-4745-a0d9-cb69e834085b",
  "clientSecretAlias": "oauthSpiClientSecret",
  "oauthScopes": "urn:iam:t.authenticate",
  "oauthTokenUrl": "https://authhub.dev.net/default/oauth2/v1/token",
  "oauthTokenCertificateAlias": "root-ca",
  "sslMode": "VERIFY_CA",
  "ignoreSSLValidation":"true",
  "ignoreSSLValidation":"true",
  "url": "https://rsa-risk-provider.dev.net/riskprovider",
  "spiReadTimeoutMillis": "5000",
  "spiConnectTimeoutMillis": "5000",  
  "version": "1.0"
}


Response:
{
    "timestamp": 1677094489485,
    "status": 500,
    "error": "Internal Server Error",
    "path": "/admin/v1/CustomProviders"
}

 

Logs:
{ [-]
   appName: DefaultTenantClient
   clientTid: 506e36ad-8346-43c5-ad4f-260cb3aae68f
   httpMethod: POST
   level: error
   msg: Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.NullPointerException] with root cause
   relVersion: 1.0
   sid:  
   sub: 760297f4-c54b-4be1-bff6-b06aad9915a5
   subType: CLIENT
   thread: https-jsse-nio-8083-exec-5
   throwable: java.lang.NullPointerException
    at com.broadcom.layer7authentication.core.service.provider.ProviderConfigValidation.verifySecurityMethodConfig(ProviderConfigValidation.java:401)
    at com.broadcom.layer7authentication.admin.controller.CustomProviderController.addCustomProviders(CustomProviderController.java:111)
    at com.broadcom.layer7authentication.admin.controller.CustomProviderController$$FastClassBySpringCGLIB$$79c9b883.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
    at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
    at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
    at com.broadcom.layer7authentication.persistence.aop.ReadOnlyRouteInterceptor.proceed(ReadOnlyRouteInterceptor.java:29)
    at jdk.internal.reflect.GeneratedMethodAccessor238.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
    at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
    at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
    at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
    at com.broadcom.layer7authentication.admin.controller.CustomProviderController$$EnhancerBySpringCGLIB$$52b812f8.addCustomProviders(<generated>)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
    ............

   timestamp: 2023-02-22T19:34:49.485055Z
   type: log
   userGuid:  
   userLoginId:  
   userRiskLevel:  
   userRiskScore:  
   userUniversalId:  
}

Environment

Release : Oct.05

Resolution

Starting Oct base release of VIP Authentication we require these additional parameters to be passed in the request payload, these are mentioned at the bottom of this request which is a working example and also just below:

"oauthTokenSslMode": "VERIFY_CA",
"oauthTokenIgnoreSslValidation": true

{
    "providerName": "RSARiskProvider",
    "providerProperties": [
        {
            "name": "rsaorganization",
            "value": "Custom_ECS"
        }
    ],
    "securityMethod": "oauth",
    "clientId": "4eb6871d-8a98-4745-a0d9-cb69e834085b",
    "clientSecretAlias": "oauthSpiClientSecret",
    "oauthScopes": "urn:iam:t.authenticate",
    "oauthTokenUrl": "https://authhub.dev.net/default/oauth2/v1/token",
    "oauthTokenCertificateAlias": "",
    "sslMode": "VERIFY_CA",
    "ignoreSSLValidation": "true",
    "url": "https://rsa-risk-provider.dev.net/riskprovider",
    "spiReadTimeoutMillis": "5000",
    "spiConnectTimeoutMillis": "5000",
    "version": "1.0",
    "oauthTokenSslMode": "VERIFY_CA",
    "oauthTokenIgnoreSslValidation": true
}

 

The Null Pointer exception observed in the logs is the cause of these parameters missing but the VIP Auth Hub team will address this in code to handle it gracefully so NPE is not observed.