Skip to content

NPE in BaseOpenSamlAuthenticationProvider #16989

New issue
New issue
Closed
Closed
NPE in BaseOpenSamlAuthenticationProvider#16989
Assignees
jzheaux
Labels
in: saml2An issue in SAML2 modulestype: bugA general bug
@fournm

Description

@fournm
fournm
opened on Apr 23, 2025

Describe the bug
A clear and concise description of what the bug is.

SAML response parsing is incorrect in 6.4.5's BaseOpenSamlAuthenticationProvider and results in a NullPointerException

Response has the Issuer field correctly marked as @Nullable, but the process method treats issuer in Response as non-null, sometimes resulting in an error while creating a logging statement.

To Reproduce
Steps to reproduce the behavior.

  1. Provide SAML response with Issuer in Assertion, not as a direct child to the saml2p:Response element
  2. get nullpointerexception on line 317 of BaseOpenSamlAuthenticationProvider

Expected behavior
A clear and concise description of what you expected to happen.

No null pointer exception for responses that valid against the schema. I would expect to see issuer = null instead.

Metadata

Metadata

Assignees

Labels

in: saml2An issue in SAML2 modulestype: bugA general bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions