Skip to content

NPE in BaseOpenSamlAuthenticationProvider #16989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
fournm opened this issue Apr 23, 2025 · 0 comments
Closed

NPE in BaseOpenSamlAuthenticationProvider #16989

fournm opened this issue Apr 23, 2025 · 0 comments
Assignees
@jzheaux
Labels
in: saml2 An issue in SAML2 modules type: bug A general bug

Comments

@fournm
Copy link

fournm commented Apr 23, 2025
edited
Loading

Describe the bug
A clear and concise description of what the bug is.

SAML response parsing is incorrect in 6.4.5's BaseOpenSamlAuthenticationProvider and results in a NullPointerException

Response has the Issuer field correctly marked as @Nullable, but the process method treats issuer in Response as non-null, sometimes resulting in an error while creating a logging statement.

To Reproduce
Steps to reproduce the behavior.

  1. Provide SAML response with Issuer in Assertion, not as a direct child to the saml2p:Response element
  2. get nullpointerexception on line 317 of BaseOpenSamlAuthenticationProvider

Expected behavior
A clear and concise description of what you expected to happen.

No null pointer exception for responses that valid against the schema. I would expect to see issuer = null instead.
@fournm fournm added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Apr 23, 2025
@jzheaux jzheaux self-assigned this Apr 24, 2025
@jzheaux jzheaux added in: saml2 An issue in SAML2 modules and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 24, 2025
@jzheaux jzheaux mentioned this issue Apr 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jzheaux @fournm