SAML2 SP Initiated SLO 500 error (OpenAM 13)

Tagged: , ,

This topic has 0 replies, 1 voice, and was last updated 5 years, 3 months ago by chris.piasecki.

  • Author
    Posts
  • #18637
     chris.piasecki
    Participant

    Hi,

    We run into a 500 error when we initiate a single-logout from a SAML2 SP when the following is true:
    1. Logged into at least two SAML2 SP applications.
    2. Logged into at least one WS-FED SP application.

    We could not reproduce the issue with other combinations of scenarios such as being logged into only SAML2 SPs, or only WS-Fed SPs, or even one SAML2 SP and one WS-Fed SP. Could not reproduce when initiating SLO from the WS-FED SP.

    Below is the error message that occurs when doing a GET request to “/IDPSloRedirect/metaAlias/myrealm/idp?SAMLResponse=…”

    type Exception report

    message AMSetupFilter.doFilter

    description The server encountered an internal error that prevented it from fulfilling this request.

    exception

    javax.servlet.ServletException: AMSetupFilter.doFilter
    com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:135)
    org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
    root cause

    org.apache.jasper.JasperException: java.lang.IllegalStateException: Cannot forward after response has been committed
    org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:560)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:471)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
    com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:106)
    org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
    root cause

    java.lang.IllegalStateException: Cannot forward after response has been committed
    org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.java:742)
    org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:712)
    org.apache.jsp.saml2.jsp.idpSingleLogoutRedirect_jsp._jspService(idpSingleLogoutRedirect_jsp.java:215)
    org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
    com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:106)
    org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
    note The full stack trace of the root cause is available in the Apache Tomcat/8.0.41 logs.

    Is this a product issue, or a configuration issue?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?