HTTP 500 when resolving SAML Artifact

This topic has 3 replies, 1 voice, and was last updated 4 years, 10 months ago by diedel.

  • Author
    Posts
  • #20668
     diedel
    Participant

    Hello,
    Again with my OpenAM adventures… :)

    I’m testing the SAML 2 IDP Init SSO with /idpssoinit endpoint and, during the SAML Artifact resolution, the client side receives HTTP 500 with no more info.

    I checked the Federation log file in the OpenAM side and it seems that the execution stops in the getSamlpElement() function:

    ....
    tP8YegN3HzeP/BeW0+npaPMsKdcBrAK+kDLHB6Fbpj1+6AudWUuVarKB+NgaKmXtD6+eM2/jRt6S
    GB4JoH6sR/mGCMPJ8Qb/9QLt0NlvgUS/jlvh2PAB96dzUk2GHRMcPNbZOe90h/o=</X509Certificate></X509Data></KeyInfo></Signature></ds:Signature><samlp:Artifact>AAQAAECi/PpIbFF5FFWAfTQ++Dya51Lf4PBilGXZhznTtcFSa+4j4ib/MDE=</samlp:Artifact></samlp:ArtifactResolve></SOAP-ENV:Body></SOAP-ENV:Envelope>
    libSAML2:01/23/2018 04:01:37:631 PM CET: Thread[http-nio-8080-exec-3,5,main]: TransactionId[3173c918-df35-4214-9036-12e378b6fbf8-474]
    SOAPCommunicator.getSOAPBody: local name= Header
    libSAML2:01/23/2018 04:01:37:631 PM CET: Thread[http-nio-8080-exec-3,5,main]: TransactionId[3173c918-df35-4214-9036-12e378b6fbf8-474]
    SOAPCommunicator.getSOAPBody: local name= Body
    libSAML2:01/23/2018 04:01:37:631 PM CET: Thread[http-nio-8080-exec-3,5,main]: TransactionId[3173c918-df35-4214-9036-12e378b6fbf8-474]
    SOAPCommunicator.getSamlpElement: node=ArtifactResolve, nsURI=urn:oasis:names:tc:SAML:2.0:protocol

    In the extracted log you can see the end of the signed SOAP message from the client containing the <ArtifactResolve> XML document.

    Any ideas other than having to debug the code?

    • This topic was modified 4 years, 10 months ago by diedel.
    #20670
     diedel
    Participant

    I just noticed that the last recognized XML node was ArtifactResolve, the next should be the node Signature. Does that mean that OpenAM doesn’t recognize signed ArtifactResolve messages?

    #20671
     diedel
    Participant

    In Federation -> Hosted IdP configuration, I checked the Artifact Resolution option under the Signing section… but still the same problem, it apparently stops in the getSamlpElement() function.

    #20672
     diedel
    Participant

    Well…

    I just find out the problem by analyzing the Tomcat catalina.out file.

    The cause was a Null pointer exception while trying to get the Issuer field from the ArtifactResolve element.

    Sorry for the noise…

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?