3 Replies Latest reply on Aug 7, 2012 12:59 PM by lightguard

    SAML: activeAuthenticator is null by session timeout

    tc_nguyen

      I use the implementation of Marcel Kolsteren for the seam-security-external with SAML2. All works fine, but if a user sends a request to the service provider, which redirects user to the login page of the identity provider. This user waits so long till the session timeout of the service provider is reached and then he processes the authentification.

      The following exception will be fired and the service provider will be collapsed completely:

       

      Caused by: java.lang.IllegalStateException: activeAuthenticator is null

          at org.jboss.seam.security.IdentityImpl.postAuthenticate(IdentityImpl.java:271) [seam-security-3.1.0.Final.jar:3.1.0.Final]

          at org.jboss.seam.security.IdentityImpl.deferredAuthenticationObserver(IdentityImpl.java:262) [seam-security-3.1.0.Final.jar:3.1.0.Final]

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_32]

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_32]

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_32]

          at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_32]

          at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:44) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.seam.security.IdentityImpl$Proxy$_$$_WeldClientProxy.deferredAuthenticationObserver(IdentityImpl$Proxy$_$$_WeldClientProxy.java) [seam-security-3.1.0.Final.jar:3.1.0.Final]

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_32]

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_32]

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_32]

          at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_32]

          at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:264) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:52) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:137) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:260) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.introspector.jlr.WeldMethodImpl.invokeOnInstance(WeldMethodImpl.java:170) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.introspector.ForwardingWeldMethod.invokeOnInstance(ForwardingWeldMethod.java:51) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.injection.MethodInjectionPoint.invokeOnInstanceWithSpecialValue(MethodInjectionPoint.java:154) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:241) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:229) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.java:207) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.manager.BeanManagerImpl.notifyObservers(BeanManagerImpl.java:569) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:564) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at org.jboss.weld.event.EventImpl.fire(EventImpl.java:68) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]

          at de.kbv.edoku.security.SamlServiceProviderSpiImpl.loginSucceeded(SamlServiceProviderSpiImpl.java:38) [classes:]

          at org.jboss.seam.security.external.saml.sp.SamlSpSingleSignOnService.loginUser(SamlSpSingleSignOnService.java:228) [seam-security-external-3.1.0.Final.jar:3.1.0.Final]

          at org.jboss.seam.security.external.saml.sp.SamlSpSingleSignOnService.processIDPResponse(SamlSpSingleSignOnService.java:107) [seam-security-external-3.1.0.Final.jar:3.1.0.Final]

          at org.jboss.seam.security.external.saml.SamlMessageReceiver.handleIncomingSamlMessage(SamlMessageReceiver.java:186) [seam-security-external-3.1.0.Final.jar:3.1.0.Final]

          ... 35 more

       

      I use JBOSS 7.1.0-Final,  seam-security-external-3.1.0.Final and OpenAM as identity provider.

       

      Here is the implementation of Marcel Kolsteren:

       

      public class SamlServiceProviderSpiImpl implements SamlServiceProviderSpi {

          ...

         

          @Inject

          Event<DeferredAuthenticationEvent> deferredAuthentication;

         

          @Override

          public void loginSucceeded(SamlSpSession session, ResponseHolder responseHolder) {

              try {

                  authenticator.success();

               deferredAuthentication.fire(new DeferredAuthenticationEvent(true));

       

                  responseHolder.getResponse().sendRedirect("index.xhtml");

              } catch (IOException e) {

                  throw new RuntimeException(e);

              } catch (Exception e) {

                  throw new RuntimeException(e);

              }

          }

         

          ...

      }

       

      The bold line fires the exception.

       

      Thanks for help!