v1/CustomProvider throws 400 exception if skipUserStrikeCountIncrement is not in request
search cancel

v1/CustomProvider throws 400 exception if skipUserStrikeCountIncrement is not in request

book

Article ID: 418089

calendar_today

Updated On:

Products

Symantec Identity Security Platform - IDSP (formerly VIP Authentication Hub)

Issue/Introduction

It is observed if the skipUserStrikeCountIncrement is not available in request, CustomProvider API throws a 400 error instead of a 401 on invalid token.

According to the docs, this value is not required? https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/vip-authentication-hub/3-4/Developer-Information/integrating-with-Custom-SPI.html#concept.dita_00eb7849-5d7b-467a-8759-ebe1b5f5fb48_GenerallistofattributesanddescriptionsusedinCustomSPI

So, no where in release notes or docs is it stated this would break existing custom providers. Below exception is observed.:

java.lang.NullPointerException: Cannot invoke "String.equalsIgnoreCase(String)" because "skipUserStrikeCountIncrement" is null
at com.broadcom.layer7authentication.flow.filter.FlowStateFilter.setUserStatusLocked(FlowStateFilter.java:1107)
at com.broadcom.layer7authentication.flow.filter.FlowStateFilter.processFlowManagement(FlowStateFilter.java:911)
at com.broadcom.layer7authentication.flow.filter.FlowStateFilter.doFilter(FlowStateFilter.java:333)
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205)
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1594)
at com.broadcom.layer7authentication.filters.SecurityFilter.doFilter(SecurityFilter.java:542)
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205)
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1594)
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at com.broadcom.layer7authentication.filters.CustomCorsFilter.doFilterInternal(CustomCorsFilter.java:227)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.eclipse.jetty.ee10.servlet.FilterHolder.doFilter(FilterHolder.java:205)
at org.eclipse.jetty.ee10.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1594)

Environment

VIP AuthHub

Release: 3.4.4

Resolution

This issue is identified as a BUG and will be resolved in the next major AuthHub release. 

Workaround:

Use the Patch to update your customprovider and add the skipUserStrikeCountIncrement value to false and that should address the issue.

Powered by Wolken Software