Java NullPointerException processing SAML2 attribute assertion

  • 3478821
  • 07-Sep-2007
  • 26-Apr-2012


Novell Access Management 3 Linux Novell Identity Server
Novell Access Management 3 Access Administration


SAML 2 Identity (IDP) server configured to send a number of attributes to an Access Manager SAML2 service provider (SP) during authentication.

After the user authenticated to the IDP server successfully and sends a request to the SP via the intersite transfer link, the SP page would never get displayed and a Exception message:"java.lang.NullPointerException" would appear on the browser instead.


Make sure that the attribute being sent from the IDP server to the SP was mapped correctly. In the above case, a remote attribute userid was sent over and when we mapped it with the local attribute LDAP:cn, the excption dissapeared.

WIth the IDP SAML2 component logs enabled, more details were visible for troubleshooting purposes in the catalina.out file of the SP (/var/opt/novell/tomcat4/logs directory). When the problem occured, the following details were outputed:

< amLogEntry> 2007-08-31T18:21:14Z VERBOSE NIDS Application: Session has consumed authentications: false

< amLogEntry> 2007-08-31T18:21:14Z WARNING NIDS SAML2: Exception message: "java.lang.NullPointerException"
y, Line: 3332, Method: query
y, Line: 2282, Method: A
y, Line: 46, Method: A
y, Line: 3532, Method: getPrefetchAttributes
y, Line: 2798, Method: getAttributes
y, Line: 807, Method: B
y, Line: 2155, Method: handleAuthentication
y, Line: 3241, Method: processResponse
y, Line: 860, Method: processResponse
y, Line: 3173, Method: processArtifactMessage

From this exception, we could get an idea that the issue occured processing the SAML attribute assertion.