Internal Server Error (NullPointerException) Accessing Public Features After Logout in Identity Manager
search cancel

Internal Server Error (NullPointerException) Accessing Public Features After Logout in Identity Manager

book

Article ID: 437654

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

In a Identity Manager environment integrated with SiteMinder, users encounter an HTTP 500 Internal Server Error when attempting to access public features (e.g., Public Password Management) immediately after logging out from a private Identity Manager session.

The following error is observed in the server.log (WildFly/Undertow):

ERROR [io.undertow.request] (default task-34) UT005023: Exception handling request to /iam/im/test/index.jsp: java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "currentSessionSpec" is null at deployment.iam_im.ear.user_console.war//com.netegrity.webapp.UIContext.getUserDN(UIContext.java:435) at deployment.iam_im.ear.user_console.war//com.netegrity.webapp.UIContext.logout(UIContext.java:1641)

Environment

IGA Xpress 1.0
IGA Suite v15

Cause

The issue is caused by a code defect where the UIContext fails to handle a null session specification during the logout/redirect transition. This is often triggered when the SiteMinder Policy Server protecting the Identity Manager environment does not have the Session Store enabled, while the Portal Policy Server does. When a persistent session from the Portal hits an IDM Policy Server without Session Store access, the session cannot be validated/updated, leading to a null currentSessionSpec.

Resolution

A fix for this issue has been developed (Defect DE665185) and is slated for the upcoming fix pack. If you are currently impacted, please open a support ticket so we can verify your environment and take necessary next actions.

Powered by Wolken Software