Environment
Novell Access Management 3 Linux Novell Identity Server
Novell Access Management 3 Access Administration
Situation
SAML 2 Identity (IDP) server configured to send a number of
attributes to an Access Manager SAML2 service provider (SP) during
authentication.
After the user authenticated to the IDP server successfully and sends a request to the SP via the intersite transfer link, the SP page would never get displayed and a Exception message:"java.lang.NullPointerException" would appear on the browser instead.
After the user authenticated to the IDP server successfully and sends a request to the SP via the intersite transfer link, the SP page would never get displayed and a Exception message:"java.lang.NullPointerException" would appear on the browser instead.
Resolution
Make sure that the attribute being sent from the IDP server to the
SP was mapped correctly. In the above case, a remote attribute
userid was sent over and when we mapped it with the local attribute
LDAP:cn, the excption dissapeared.
WIth the IDP SAML2 component logs enabled, more details were visible for troubleshooting purposes in the catalina.out file of the SP (/var/opt/novell/tomcat4/logs directory). When the problem occured, the following details were outputed:
< amLogEntry> 2007-08-31T18:21:14Z VERBOSE NIDS Application: Session has consumed authentications: false
< amLogEntry> 2007-08-31T18:21:14Z WARNING NIDS SAML2: Exception message: "java.lang.NullPointerException"
y, Line: 3332, Method: query
y, Line: 2282, Method: A
y, Line: 46, Method: A
y, Line: 3532, Method: getPrefetchAttributes
y, Line: 2798, Method: getAttributes
y, Line: 807, Method: B
y, Line: 2155, Method: handleAuthentication
y, Line: 3241, Method: processResponse
y, Line: 860, Method: processResponse
y, Line: 3173, Method: processArtifactMessage
From this exception, we could get an idea that the issue occured processing the SAML attribute assertion.
WIth the IDP SAML2 component logs enabled, more details were visible for troubleshooting purposes in the catalina.out file of the SP (/var/opt/novell/tomcat4/logs directory). When the problem occured, the following details were outputed:
< amLogEntry> 2007-08-31T18:21:14Z VERBOSE NIDS Application: Session has consumed authentications: false
< amLogEntry> 2007-08-31T18:21:14Z WARNING NIDS SAML2: Exception message: "java.lang.NullPointerException"
y, Line: 3332, Method: query
y, Line: 2282, Method: A
y, Line: 46, Method: A
y, Line: 3532, Method: getPrefetchAttributes
y, Line: 2798, Method: getAttributes
y, Line: 807, Method: B
y, Line: 2155, Method: handleAuthentication
y, Line: 3241, Method: processResponse
y, Line: 860, Method: processResponse
y, Line: 3173, Method: processArtifactMessage
From this exception, we could get an idea that the issue occured processing the SAML attribute assertion.