HTTP Status 500 – AMSetupFilter.doFilter

Tagged: 

This topic has 4 replies, 2 voices, and was last updated 6 years, 3 months ago by amitnagmode.

  • Author
    Posts
  • #11195
     amitnagmode
    Participant

    HI All,

    We have https SSO (Single Sign On) scenario which fails with following error for Internet Explorer Only (version 11 ) on IDP login screen (Login.jsp not XUI) of OpenAM (version 12) .
    HTTP Status 500 – AMSetupFilter.doFilter
    Catalina log trace attached below
    org.apache.jasper.JasperException: java.lang.NullPointerException
    at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspSer
    vletWrapper.java:556)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
    .java:477)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:3
    95)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
    icationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
    ilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
    )
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
    icationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
    ilterChain.java:208)
    OpenAm version 12

    But if we hit a return key on the Failed URL it again works fine
    please help to resolve
    Thanks in advance

    • This topic was modified 6 years, 3 months ago by amitnagmode.
    #11377
     Peter Major
    Moderator

    It’s difficult to tell what exactly causes that NPE, do you have any more specific stracktraces for this problem?

    #11406
     amitnagmode
    Participant

    Thanks for your response Peter.
    This problem is only with IE browser but it works fine on chrome and Firefox
    We are just using the Evaluation version of OpenAM and we do not have any official technical support.
    Our Architectural Design is as follows
    web Application(OpenAM j2ee agent)—–>SP(OpenAM 13)—–>Broker(OpenAM 12 with IDP chooser page)—–>IDP(OpenAM12)
    We have a web application with OpenAM J2ee agent installed on it. On login to this application it redirects us to the SP (OpenAM 13) which has SAML2 it redirects us to the IDP chooser (OpenAM 12) after you choose one of the IDP you land up on the IDP login screen after successful login on the IDP (OpenAM 12) with correct credentials like username and password you are transferred back to your initial application protected by OpenAM j2ee agent.
    In case of IE it fails after we choose one of the IDP from the available IDP list and before landing on the IDP login screen (but it works fine on chrome and Firefox)
    Stack trace attached below
    org.apache.jasper.JasperException: java.lang.NullPointerException
    at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspSer
    vletWrapper.java:556)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
    .java:477)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:3
    95)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
    icationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
    ilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
    )
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
    icationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
    ilterChain.java:208)
    at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(Res
    ponseValidationFilter.java:44)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
    icationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
    ilterChain.java:208)
    at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:100)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
    icationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
    ilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
    alve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
    alve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
    torBase.java:505)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
    ava:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
    ava:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
    956)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
    ve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
    a:423)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp
    11Processor.java:1079)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
    AbstractProtocol.java:625)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin
    t.java:316)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
    java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
    .java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
    read.java:61)
    at java.lang.Thread.run(Thread.java:745)
    Caused by: java.lang.NullPointerException
    at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFed
    erate.java:167)
    at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFed
    erate.java:129)
    at org.apache.jsp.saml2.jsp.idpSSOFederate_jsp._jspService(idpSSOFederat
    e_jsp.java:145)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
    .java:439)

    #11480
     Peter Major
    Moderator

    Yepp, that stacktrace helps:
    https://stash.forgerock.org/projects/OPENAM/repos/openam/browse/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSSOFederate.java?at=refs%2Ftags%2F12.0.0#167

    Looks like the IDP selection was initiated on idp proxy node 1, but then the response was submitted to node 2, causing a cache miss most likely. This is just a guess though..

    #11524
     amitnagmode
    Participant

    Hi Peter,

    Thanks a lot for your help.We don’t fully understand OpenAM yet because lack of knowledge on this product but we will try and follow your advice.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?