search cancel

SAML2.0 SP initiated Authnrequest failing on the IDP with 500 Error (java.lang.NullPointerException)


Article ID: 41853


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



When setup as IDP , SP Initiated Authnrequest fails with 500 Error with the below errors:

[04/06/2016][14:51:33][9124][25][90fd726f-5ef606ad-7b16be32-5192bd0e-c89fb44e-7][][doGet][Exception caught in class com.netegrity.affiliateminder.webservices.saml2.SSO, method doGet: java.lang.NullPointerException]

[04/06/2016][14:51:33][9124][25][90fd726f-5ef606ad-7b16be32-5192bd0e-c89fb44e-7][][doGet][Stack Trace: java.lang.NullPointerException

at com.netegrity.affiliateminder.webservices.saml2.SSO.a(DashoA10*..:1266)

at com.netegrity.affiliateminder.webservices.saml2.SSO.doGet(DashoA10*..:384) 



Web agent version --> 12.5 

WAOP --> 12.5 

Policy server --> 12.52



Their is a Defect (Defect 54689) associated with our product in version R12.5 for the Web agent Option pack which was fixed in R12.52 onward. This caused this specific error for SP initiated transactions only.

Defect Details: 

This is a class loading conflict between an unsigned package and signed package.

The classes which are in namespace.jar(signed) are also present in xml-apis.jar(unsigned) hence the signer exception.



Option 1:

Please follow the below Steps to resolve this issue on the 12.5 WAOP. 

a. In your environment, on the box where you have deployed the WAOP, please go to the following directory: \affwebservices\WEB-INF\lib 

b. In this folder, check if you have the following 3 files: sax.jar, dom.jar, and namespace.jar 

c. backup and remove the namespace.jar and restart the Agent / WAOP 

Once done ,the SP initiated Authnrequest should work be processed on the IDP with no issues.


Option 2:

Upgrade to 12.52 WAOP or higher 


Additional Information:




Release: SOASMU99000-12.5-SOA Security Manager-Upgrade