Session OpenAMHTTP状态500
我需要一些帮助:) 我目前正在为我们的SSO建立合作伙伴 我们正在使用OpenAm。 因此,我们是托管服务提供商,我设立了身份提供商——我们的合作伙伴 我们已成功配置,但对于此配置,我遇到了麻烦:/ 它是SAML2.0, 代理安装在tomcat 7上,通信似乎正常 当我们的合作伙伴向我们发送请求时,他会收到:Session OpenAMHTTP状态500,session,nullpointerexception,single-sign-on,agent,openam,Session,Nullpointerexception,Single Sign On,Agent,Openam,我需要一些帮助:) 我目前正在为我们的SSO建立合作伙伴 我们正在使用OpenAm。 因此,我们是托管服务提供商,我设立了身份提供商——我们的合作伙伴 我们已成功配置,但对于此配置,我遇到了麻烦:/ 它是SAML2.0, 代理安装在tomcat 7上,通信似乎正常 当我们的合作伙伴向我们发送请求时,他会收到: HTTP 500 Exception: javax.servlet.ServletException : AMSetupFilter.doFilter
HTTP 500
Exception:
javax.servlet.ServletException : AMSetupFilter.doFilter
com.sun.identify.setup.AMSetupFilter.doFilter(AMSetupFilter.java 121)
Root cause:
java.lang.NullPointerException
com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1158)
org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp)
.....
com.sun.identify.setup.AMSetupFilter.doFilter(AMSetupFilter)
Nov 26, 2013 4:52:22 PM com.sun.org.apache.xml.internal.security.signature.Reference verify
INFO: Verification successful for URI "#_6cf47d3b-f425-4a10-aeb1-fa20cf763387"
org.apache.jasper.JasperException: java.lang.NullPointerException
at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:522)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:416)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:95)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.NullPointerException
at com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1158)
at org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:224)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
... 21 more
CookieMode is:true
SessionID(HttpServletRequest) : is forward = null
getSidFromQuery: request =org.apache.catalina.connector.RequestFacade@b1a7a0
getSidFromQuery: sid =null
before decoding getSidFromURL:sidString=null
after decoding: getSidFromURL:sidString=null
could not create SSOToken from HttpRequest
com.iplanet.dpro.session.SessionException: Invalid session ID.
at com.iplanet.dpro.session.Session.getSession(Session.java:1089)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:92)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:241)
at com.sun.identity.plugin.session.impl.FMSessionProvider.getSession(FMSessionProvider.java:408)
at org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:202)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
...
SPACSUtils.getResponse: got response= (give me a proper xml response)
**FMSessionProvider.getSession: Could not get the session from the HTTP request: Invalid session ID.
spAssertionConsumer.jsp: Token is null.Invalid session ID.**
SPACSUtils.processResponse: Response : com.sun.identity.saml2.protocol.impl.ResponseImpl@1262e43
SAML2Utils.getSPAdapterClass: get SPAdapter for ***
getAttributeValueFromSSOConfig : realm - /***
getAttributeValueFromSSOConfig : hostEntityId - ***
getAttributeValueFromSSOConfig : entityRole - SPRole
getAttributeValueFromSSOConfig : attrName - spAdapter
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId -***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - spAdapter
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
getAttributeValueFromSSOConfig: values=com.sun.xml.bind.util.ListImpl@1f
SAML2Utils.getSPAdapterClass: get SPAdapter class
SAML2MetaCache.getEntityConfig: cacheKey = /***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
ConfigurationInstanceImpl.getAllConfigurationNames: realm = /***, componentName = LIBCOT
CircleOfDescriptorCache:getCircleOfTrust:cacheKey = ***, found = true
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
SAML2MetaCache.getEntityDescriptor: cacheKey = ***, found = true
SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache ***
SAML2Utils:getWantPOSTResponseSigned : realm - /***
SAML2Utils:getWantPOSTResponseSigned : hostEntityId - ***
SAML2Utils:getWantPOSTResponseSigned : entityRole - SPRole
getAttributeValueFromSSOConfig : realm - /***
getAttributeValueFromSSOConfig : hostEntityId -***
getAttributeValueFromSSOConfig : entityRole - SPRole
getAttributeValueFromSSOConfig : attrName - wantPOSTResponseSigned
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId - ***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - wantPOSTResponseSigned
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
getAttributeValueFromSSOConfig: values=com.sun.xml.bind.util.ListImpl@5cb1942
SAML2Utils.verifyResponse:binding is :urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
ConfigurationInstanceImpl.getAllConfigurationNames: realm = /***, componentName = LIBCOT
CircleOfDescriptorCache:getCircleOfTrust:cacheKey = ***, found = true
SAML2MetaCache.getEntityDescriptor: cacheKey = ***, found = true
SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache ***
FMSigProvider.verify: The cert contained in the document is the same as the one being passed in.
validateCertificate : CRL check is not configured. Just return it is good.
FMSigProvider.verify: Signature verification successful.
SAML2Utils.isBearerSubjectConfirmation:timeskew = 300
AuthContext Class Name is :com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId - ***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - spAuthncontextClassrefMapping
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
DefaultSPAuthnContextMapper: List:com.sun.xml.bind.util.ListImpl@8d71dc68
DefaultSPAuthnContextMapper.getAuthnCtxFromSPConfig: AuthLevel is 0
DefaultSPAuthnContextMapper:hostEntityID:***
DefaultSPAuthnContextMapper:realm:/***
DefaultSPAuthnContextMapper:MAP:{default=0, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=0, defaultClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}
DefaultSPAuthnContextMapper:HASH:{***={default=0, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=0, defaultClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}}
DefaultSPAuthnContextMapper:authnClRef:urn:federation:authentication:windows
DefaultSPAuthnContextMapper:authLevel :0
SAML2Utils.fillMap: Found valid authentication assertion.
SPACSUtils.processResponse: Assertions : [com.sun.identity.saml2.assertion.impl.AssertionImpl@1f2c081]
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache:
DefaultAccountMapper.constructor:
DefaultLibrarySPAccountMapper.constructor:
DefaultSPAccountMapper.constructor:
SPACSUtils.getSPAccountMapper: mapper = com.sun.identity.saml2.plugins.DefaultSPAccountMapper
DefaultSPAttributeMapper.constructor
SAML2MetaCache.getEntityDescriptor: cacheKey =, found = true
Nov 26, 2013 4:52:22 PM com.sun.org.apache.xml.internal.security.signature.Reference verify
INFO: Verification successful for URI "#_6cf47d3b-f425-4a10-aeb1-fa20cf763387"
org.apache.jasper.JasperException: java.lang.NullPointerException
at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:522)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:416)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:95)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.NullPointerException
at com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1158)
at org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:224)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
... 21 more
CookieMode is:true
SessionID(HttpServletRequest) : is forward = null
getSidFromQuery: request =org.apache.catalina.connector.RequestFacade@b1a7a0
getSidFromQuery: sid =null
before decoding getSidFromURL:sidString=null
after decoding: getSidFromURL:sidString=null
could not create SSOToken from HttpRequest
com.iplanet.dpro.session.SessionException: Invalid session ID.
at com.iplanet.dpro.session.Session.getSession(Session.java:1089)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:92)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:241)
at com.sun.identity.plugin.session.impl.FMSessionProvider.getSession(FMSessionProvider.java:408)
at org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:202)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
...
SPACSUtils.getResponse: got response= (give me a proper xml response)
**FMSessionProvider.getSession: Could not get the session from the HTTP request: Invalid session ID.
spAssertionConsumer.jsp: Token is null.Invalid session ID.**
SPACSUtils.processResponse: Response : com.sun.identity.saml2.protocol.impl.ResponseImpl@1262e43
SAML2Utils.getSPAdapterClass: get SPAdapter for ***
getAttributeValueFromSSOConfig : realm - /***
getAttributeValueFromSSOConfig : hostEntityId - ***
getAttributeValueFromSSOConfig : entityRole - SPRole
getAttributeValueFromSSOConfig : attrName - spAdapter
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId -***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - spAdapter
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
getAttributeValueFromSSOConfig: values=com.sun.xml.bind.util.ListImpl@1f
SAML2Utils.getSPAdapterClass: get SPAdapter class
SAML2MetaCache.getEntityConfig: cacheKey = /***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
ConfigurationInstanceImpl.getAllConfigurationNames: realm = /***, componentName = LIBCOT
CircleOfDescriptorCache:getCircleOfTrust:cacheKey = ***, found = true
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
SAML2MetaCache.getEntityDescriptor: cacheKey = ***, found = true
SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache ***
SAML2Utils:getWantPOSTResponseSigned : realm - /***
SAML2Utils:getWantPOSTResponseSigned : hostEntityId - ***
SAML2Utils:getWantPOSTResponseSigned : entityRole - SPRole
getAttributeValueFromSSOConfig : realm - /***
getAttributeValueFromSSOConfig : hostEntityId -***
getAttributeValueFromSSOConfig : entityRole - SPRole
getAttributeValueFromSSOConfig : attrName - wantPOSTResponseSigned
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId - ***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - wantPOSTResponseSigned
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
getAttributeValueFromSSOConfig: values=com.sun.xml.bind.util.ListImpl@5cb1942
SAML2Utils.verifyResponse:binding is :urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
ConfigurationInstanceImpl.getAllConfigurationNames: realm = /***, componentName = LIBCOT
CircleOfDescriptorCache:getCircleOfTrust:cacheKey = ***, found = true
SAML2MetaCache.getEntityDescriptor: cacheKey = ***, found = true
SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache ***
FMSigProvider.verify: The cert contained in the document is the same as the one being passed in.
validateCertificate : CRL check is not configured. Just return it is good.
FMSigProvider.verify: Signature verification successful.
SAML2Utils.isBearerSubjectConfirmation:timeskew = 300
AuthContext Class Name is :com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId - ***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - spAuthncontextClassrefMapping
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
DefaultSPAuthnContextMapper: List:com.sun.xml.bind.util.ListImpl@8d71dc68
DefaultSPAuthnContextMapper.getAuthnCtxFromSPConfig: AuthLevel is 0
DefaultSPAuthnContextMapper:hostEntityID:***
DefaultSPAuthnContextMapper:realm:/***
DefaultSPAuthnContextMapper:MAP:{default=0, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=0, defaultClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}
DefaultSPAuthnContextMapper:HASH:{***={default=0, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=0, defaultClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}}
DefaultSPAuthnContextMapper:authnClRef:urn:federation:authentication:windows
DefaultSPAuthnContextMapper:authLevel :0
SAML2Utils.fillMap: Found valid authentication assertion.
SPACSUtils.processResponse: Assertions : [com.sun.identity.saml2.assertion.impl.AssertionImpl@1f2c081]
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache:
DefaultAccountMapper.constructor:
DefaultLibrarySPAccountMapper.constructor:
DefaultSPAccountMapper.constructor:
SPACSUtils.getSPAccountMapper: mapper = com.sun.identity.saml2.plugins.DefaultSPAccountMapper
DefaultSPAttributeMapper.constructor
SAML2MetaCache.getEntityDescriptor: cacheKey =, found = true
Nov 26, 2013 4:52:22 PM com.sun.org.apache.xml.internal.security.signature.Reference verify
INFO: Verification successful for URI "#_6cf47d3b-f425-4a10-aeb1-fa20cf763387"
org.apache.jasper.JasperException: java.lang.NullPointerException
at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:522)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:416)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:95)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.NullPointerException
at com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1158)
at org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:224)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
... 21 more
CookieMode is:true
SessionID(HttpServletRequest) : is forward = null
getSidFromQuery: request =org.apache.catalina.connector.RequestFacade@b1a7a0
getSidFromQuery: sid =null
before decoding getSidFromURL:sidString=null
after decoding: getSidFromURL:sidString=null
could not create SSOToken from HttpRequest
com.iplanet.dpro.session.SessionException: Invalid session ID.
at com.iplanet.dpro.session.Session.getSession(Session.java:1089)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:92)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:241)
at com.sun.identity.plugin.session.impl.FMSessionProvider.getSession(FMSessionProvider.java:408)
at org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:202)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
...
SPACSUtils.getResponse: got response= (give me a proper xml response)
**FMSessionProvider.getSession: Could not get the session from the HTTP request: Invalid session ID.
spAssertionConsumer.jsp: Token is null.Invalid session ID.**
SPACSUtils.processResponse: Response : com.sun.identity.saml2.protocol.impl.ResponseImpl@1262e43
SAML2Utils.getSPAdapterClass: get SPAdapter for ***
getAttributeValueFromSSOConfig : realm - /***
getAttributeValueFromSSOConfig : hostEntityId - ***
getAttributeValueFromSSOConfig : entityRole - SPRole
getAttributeValueFromSSOConfig : attrName - spAdapter
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId -***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - spAdapter
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
getAttributeValueFromSSOConfig: values=com.sun.xml.bind.util.ListImpl@1f
SAML2Utils.getSPAdapterClass: get SPAdapter class
SAML2MetaCache.getEntityConfig: cacheKey = /***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
ConfigurationInstanceImpl.getAllConfigurationNames: realm = /***, componentName = LIBCOT
CircleOfDescriptorCache:getCircleOfTrust:cacheKey = ***, found = true
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
SAML2MetaCache.getEntityDescriptor: cacheKey = ***, found = true
SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache ***
SAML2Utils:getWantPOSTResponseSigned : realm - /***
SAML2Utils:getWantPOSTResponseSigned : hostEntityId - ***
SAML2Utils:getWantPOSTResponseSigned : entityRole - SPRole
getAttributeValueFromSSOConfig : realm - /***
getAttributeValueFromSSOConfig : hostEntityId -***
getAttributeValueFromSSOConfig : entityRole - SPRole
getAttributeValueFromSSOConfig : attrName - wantPOSTResponseSigned
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId - ***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - wantPOSTResponseSigned
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
getAttributeValueFromSSOConfig: values=com.sun.xml.bind.util.ListImpl@5cb1942
SAML2Utils.verifyResponse:binding is :urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
ConfigurationInstanceImpl.getAllConfigurationNames: realm = /***, componentName = LIBCOT
CircleOfDescriptorCache:getCircleOfTrust:cacheKey = ***, found = true
SAML2MetaCache.getEntityDescriptor: cacheKey = ***, found = true
SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache ***
FMSigProvider.verify: The cert contained in the document is the same as the one being passed in.
validateCertificate : CRL check is not configured. Just return it is good.
FMSigProvider.verify: Signature verification successful.
SAML2Utils.isBearerSubjectConfirmation:timeskew = 300
AuthContext Class Name is :com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper
getAllAttributeValueFromSSOConfig : realm - /***
getAllAttributeValueFromSSOConfig : hostEntityId - ***
getAllAttributeValueFromSSOConfig : entityRole - SPRole
getAllAttributeValueFromSSOConfig : attrName - spAuthncontextClassrefMapping
SAML2MetaCache.getEntityConfig: cacheKey = ***, found = true
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: ***
DefaultSPAuthnContextMapper: List:com.sun.xml.bind.util.ListImpl@8d71dc68
DefaultSPAuthnContextMapper.getAuthnCtxFromSPConfig: AuthLevel is 0
DefaultSPAuthnContextMapper:hostEntityID:***
DefaultSPAuthnContextMapper:realm:/***
DefaultSPAuthnContextMapper:MAP:{default=0, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=0, defaultClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}
DefaultSPAuthnContextMapper:HASH:{***={default=0, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=0, defaultClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}}
DefaultSPAuthnContextMapper:authnClRef:urn:federation:authentication:windows
DefaultSPAuthnContextMapper:authLevel :0
SAML2Utils.fillMap: Found valid authentication assertion.
SPACSUtils.processResponse: Assertions : [com.sun.identity.saml2.assertion.impl.AssertionImpl@1f2c081]
SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache:
DefaultAccountMapper.constructor:
DefaultLibrarySPAccountMapper.constructor:
DefaultSPAccountMapper.constructor:
SPACSUtils.getSPAccountMapper: mapper = com.sun.identity.saml2.plugins.DefaultSPAccountMapper
DefaultSPAttributeMapper.constructor
SAML2MetaCache.getEntityDescriptor: cacheKey =, found = true
stacktrace表明,出于某种原因,SAML响应中没有定义NameID元素,很可能这是IdP中的一个bug。消息级别上的联合调试日志应该包含有关SAML响应的所有详细信息,我建议打开日志级别并查看一下
如果要复制HTTP 500,则应手动将SAML响应发送到SSOPOST端点(请参阅SAML元数据中的AssertionConsumerService元素)。好的,这很有意义。感谢您提供详细信息:) 我们注意到这个问题是因为我们的idp合作伙伴将请求从一点点调整到了一点点 所以这个问题已经过去了,我们实际上知道我们能够登陆我们的应用程序页面-我们在联合日志中成功实现了SSO 但在会议中,我们得到:
cookieMode is :true
CookieMode is:true
SessionID(HttpServletRequest) : is forward = null
cookieMode is :true
CookieMode is:true
Running sendEvent, type = 0
Session.isPollingEnabled is false
Session Cache cleanup is set to true
Session.isPollingEnabled is false
Session Cache cleanup is set to true
Running sendEvent, type = 0
Session.isPollingEnabled is false
Session Cache cleanup is set to true
Session.isPollingEnabled is false
Session Cache cleanup is set to true
SessionID(HttpServletRequest) : is forward = null
getSidFromQuery: request =org.apache.catalina.connector.RequestFacade@84b1e0
getSidFromQuery: sid =null
before decoding getSidFromURL:sidString=null
after decoding: getSidFromURL:sidString=null
could not create SSOToken from HttpRequest
com.iplanet.dpro.session.SessionException: Invalid session ID.
at com.iplanet.dpro.session.Session.getSession(Session.java:1089)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:92)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:241)
at com.sun.identity.plugin.session.impl.FMSessionProvider.getSession(FMSessionProvider.java:408)
SessionID(HttpServletRequest) : is forward = null
getSidFromQuery: request =org.apache.catalina.connector.RequestFacade@84b1e0
getSidFromQuery: sid =null
before decoding getSidFromURL:sidString=null
after decoding: getSidFromURL:sidString=null
could not create SSOToken from HttpRequest
com.iplanet.dpro.session.SessionException: Invalid session ID.
at com.iplanet.dpro.session.Session.getSession(Session.java:1089)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:92)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:241)
因此,在我们的应用程序中,我们试图从http请求中获取用户会话,但它是空的,因此我们被卡在应用程序的登录页面上://在提供stacktraces时,通常还提供产品版本是有益的,这样人们就可以实际将其与代码进行匹配。感谢您的提醒:)。OpenAM 10.1.0-Xpress。我们发现这个错误很可能是由于我们的合作伙伴请求的错误(修剪了太多的信息!)。我正在尝试查看是否有任何方法可以手动发送请求(可以是idp),而不是等待我们的合作伙伴向我们发送请求,以便我们可以测试sso配置。我试过:
…