Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

SAML Logout

Avatar

Avatar
Validate 10
Level 2
Stanleyor
Level 2

Likes

6 likes

Total Posts

36 posts

Correct Reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 10
Level 2
Stanleyor
Level 2

Likes

6 likes

Total Posts

36 posts

Correct Reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Stanleyor
Level 2

19-06-2020

I'm working on SAML 2.0 integration on totally clean 6.4.8.1 instance.

Login works properly. However, logout fails with NPE. In logs I see:

19.06.2020 11:32:21.061 *ERROR* [0:0:0:0:0:0:0:1 [1592555541049] GET /system/sling/logout.html HTTP/1.1] com.adobe.granite.auth.saml.SamlAuthenticationHandler Unable to perform SAML logout.
java.lang.NullPointerException: null
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.createLogoutRequest(SamlAuthenticationHandler.java:916) [com.adobe.granite.auth.saml:1.0.10.CQ640-B0012]
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.dropCredentials(SamlAuthenticationHandler.java:663) [com.adobe.granite.auth.saml:1.0.10.CQ640-B0012]
at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doDropCredentials(AuthenticationHandlerHolder.java:95) [org.apache.sling.auth.core:1.4.2]
at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.dropCredentials(AbstractAuthenticationHandlerHolder.java:103) [org.apache.sling.auth.core:1.4.2]

........................................................................

In settings dropCredentials set to true and logoutUrl is filled with KeyCloak logout URL.

According to my investigation, the handler's code might try to get NameQualifier and SpNameQualifier. SAML 2.0 specification defines these attributes as optional. Also, these attributes are not present in the IdP response.

I'm confused since I have just two logout-related configuration options and there is nothing I can do more.

Any ideas how to resolve the issue?

Thanks

 

6.4.8.1 SAML SAML2.0

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,086 likes

Total Posts

3,121 posts

Correct Reply

1,063 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,086 likes

Total Posts

3,121 posts

Correct Reply

1,063 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

25-06-2020

Hi,

that looks really strange; when I look at the code that mentioned line it makes me think that the request doesn't have an assertion at all (unfortunately there a number of chances where a NPE can occur).

Please raise a request with support and report your problem (at best including the relevant details about the SAML assertion attached to the request).

 

Jörg

Answers (2)

Answers (2)

Avatar

Avatar
Give Back 5
Employee
Andrew_Khoury
Employee

Likes

75 likes

Total Posts

93 posts

Correct Reply

33 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile

Avatar
Give Back 5
Employee
Andrew_Khoury
Employee

Likes

75 likes

Total Posts

93 posts

Correct Reply

33 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile
Andrew_Khoury
Employee

25-06-2020

As @Jörg_Hoh said, please file a support ticket.

 

The saml response XML gets stored in encrypted form under the user node.  That xml isn't complying with the xmil structure that the createLogoutRequest method expects.  So we might need to do some debugging there.

Avatar

Avatar
Validate 10
Level 2
Stanleyor
Level 2

Likes

6 likes

Total Posts

36 posts

Correct Reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 10
Level 2
Stanleyor
Level 2

Likes

6 likes

Total Posts

36 posts

Correct Reply

3 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Stanleyor
Level 2

01-07-2020

Thank you @Jörg_Hoh  and @Andrew_Khoury for your answers, information and ideas.