500 Internal error handling incoming WS-FED Authn request because of Null Pointer Exception

  • 7013267
  • 12-Sep-2013
  • 18-Sep-2013

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Identity Server setup as WS-FED IDentity Server
Sharepoint 2010 Server setup as WS-FED Service Provider

Situation

When SP2013 generates the AuthnRequest to the IDP server, the NAM Identity server respond with a 500
internal error, caused by a null pointer exception. The catalina log files shows the following:

<amLogEntry> 2013-06-06T16:03:02Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: http-bio-147.2.16.135-8443-exec-7
****** HttpServletRequest Information:
Method: GET
Scheme: https
Context Path: /nidp
Servlet Path: /wsfed
Query String:
wa=wsignin1.0&wtrealm=urn%3afederation%3asp2013&wctx=https%3a%2f%2fwin2k12dc.win2k12lab.info%3a24094%2f_layouts%2f15%2fAuthenticate.aspx%
3fSource%3d%252F&wreply=https%3a%2f%2fwin2k12dc.win2k12lab.info%3a24094%2f_trust%2fdefault.aspx
Path Info: /ep
Server Name: nam32phys.lab.novell.com
Server Port: 8443
Content Length: -1
Content Type: null
Auth Type: null
Request URL: https://nam32phys.lab.novell.com:8443/nidp/wsfed/ep
Host IP Address: 147.2.16.135
Remote Client IP Address: 147.2.47.17
Header: Name: accept, Value: image/gif, image/jpeg, image/pjpeg, image/pjpeg,
application/x-shockwave-flash, application/x-ms-application, application/
x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml,
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
*/*
Header: Name: accept-language, Value: en-ie
Header: Name: user-agent, Value: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT
5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3
.5.30729; .NET CLR 1.1.4322; MS-RTC LM 8)
Header: Name: accept-encoding, Value: gzip, deflate
Header: Name: host, Value: nam32phys.lab.novell.com:8443
Header: Name: connection, Value: Keep-Alive
Session Id: 6873C46DCE85D60643F8F65580F0F7E5
Session Last Accessed Time: 1370534582750
 </amLogEntry>
:
:
<amLogEntry> 2013-06-06T16:03:02Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-bio-147.2.16.135-8443-exec-7

Retrieval of object from cache session failed using key
6873C46DCE85D60643F8F65580F0F7E5.  Cache size is 0
 </amLogEntry>

<amLogEntry> 2013-06-06T16:03:02Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-bio-147.2.16.135-8443-exec-7

Retrieval of object from cache ancestralsession failed using key
6873C46DCE85D60643F8F65580F0F7E5.  Cache size is 0
 </amLogEntry>

<amLogEntry> 2013-06-06T16:03:02Z DEBUG NIDS Application: AM#600105011:
AMDEVICEID#DB7471BE99DE2C40: AMAUTHID#6873C46DCE85D60643F8F65580F0F7E5:  IDP ws
fed handler to process request received for /nidp/wsfed </amLogEntry>
:
:

<amLogEntry> 2013-06-06T16:03:02Z VERBOSE NIDS Application: Session has
consumed authentications: false </amLogEntry>

Added claim http://schemas.xmlsoap.org/claims/emailAddress
Added claim http://schemas.xmlsoap.org/claims/roles
<amLogEntry> 2013-06-06T16:03:02Z INFO NIDS Application: AM#500105016:
AMDEVICEID#DB7471BE99DE2C40: AMAUTHID#6873C46DCE85D60643F8F65580F0F7E5: 
Process
ing login resulting from Service Provider authentication request. </amLogEntry>

<amLogEntry> 2013-06-06T16:03:02Z VERBOSE NIDS Application: Session has
consumed authentications: false </amLogEntry>

<amLogEntry> 2013-06-06T16:03:02Z INFO NIDS Application: AM#500105009:
AMDEVICEID#DB7471BE99DE2C40: AMAUTHID#6873C46DCE85D60643F8F65580F0F7E5: 
Executi
ng contract Name/Password - Form. </amLogEntry>

:
:

<amLogEntry> 2013-06-06T16:03:02Z VERBOSE NIDS Application: Session has
consumed authentications: false </amLogEntry>

<amLogEntry> 2013-06-06T16:03:02Z VERBOSE NIDS Application: Executing
authentication method Introduction </amLogEntry>

Jun 06, 2013 5:03:02 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [NIDPServlet] in context with path
[/nidp] threw exception
java.lang.NullPointerException
        at
com.novell.nidp.saml2.authentication.card.SAML2IDPAuthenticationCard.isProxyable(y:2996)
        at
com.novell.nidp.authentication.AuthenticationManager.getProviderCards(y:1401)
        at com.novell.nidp.authentication.AuthenticationManager.getCards(y:496)
        at com.novell.nidp.authentication.local.CardBasedClass.getCards(y:2928)
        at
com.novell.nidp.authentication.local.IntroductionClass.authenticate(y:803)
        at com.novell.nidp.authentication.ContractExecutionState.A(y:1056)
        at
com.novell.nidp.authentication.ContractExecutionState.doContract(y:3524)
        at com.novell.nidp.authentication.ContractExecutionState.exec(y:1262)
        at com.novell.nidp.authentication.ContractExecutionState.execute(y:788)
        at com.novell.nidp.common.profile.LoginProfile.C(y:3546)
        at com.novell.nidp.common.profile.LoginProfile.executeContract(y:2397)
        at com.novell.nidp.common.profile.LoginProfile.executeContract(y:2869)
        at com.novell.nidp.common.profile.LoginProfile.spLogin(y:3360)
        at
com.novell.nidp.wsfed.profile.WSFedSSOProfile.doAuthentication(y:1899)
        at com.novell.nidp.wsfed.profile.WSFedSSOProfile.processRST(y:360)
        at com.novell.nidp.wsfed.profile.WSFedSSOProfile.processRequest(y:1836)
        at com.novell.nidp.wsfed.WSFedHandler.k(y:320)
        at com.novell.nidp.wsfed.WSFedHandler.handleRequest(y:1884)
        at com.novell.nidp.wsfed.WSFedMeDescriptor.handleRequest(y:2007)
        at com.novell.nidp.servlets.NIDPServlet.myDoGet(y:866)
        at com.novell.nidp.servlets.NIDPBaseServlet.doGet(y:1516)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

Resolution

Fixed in 3.2.2 IR1.