SAML: activeAuthenticator is null by session timeout
tc_nguyen Aug 6, 2012 7:37 AMI use the implementation of Marcel Kolsteren for the seam-security-external with SAML2. All works fine, but if a user sends a request to the service provider, which redirects user to the login page of the identity provider. This user waits so long till the session timeout of the service provider is reached and then he processes the authentification.
The following exception will be fired and the service provider will be collapsed completely:
Caused by: java.lang.IllegalStateException: activeAuthenticator is null
at org.jboss.seam.security.IdentityImpl.postAuthenticate(IdentityImpl.java:271) [seam-security-3.1.0.Final.jar:3.1.0.Final]
at org.jboss.seam.security.IdentityImpl.deferredAuthenticationObserver(IdentityImpl.java:262) [seam-security-3.1.0.Final.jar:3.1.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_32]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_32]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_32]
at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_32]
at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:44) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.seam.security.IdentityImpl$Proxy$_$$_WeldClientProxy.deferredAuthenticationObserver(IdentityImpl$Proxy$_$$_WeldClientProxy.java) [seam-security-3.1.0.Final.jar:3.1.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_32]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_32]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_32]
at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_32]
at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:264) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:52) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:137) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:260) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.introspector.jlr.WeldMethodImpl.invokeOnInstance(WeldMethodImpl.java:170) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.introspector.ForwardingWeldMethod.invokeOnInstance(ForwardingWeldMethod.java:51) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.injection.MethodInjectionPoint.invokeOnInstanceWithSpecialValue(MethodInjectionPoint.java:154) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:241) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:229) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.java:207) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.manager.BeanManagerImpl.notifyObservers(BeanManagerImpl.java:569) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:564) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.jboss.weld.event.EventImpl.fire(EventImpl.java:68) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at de.kbv.edoku.security.SamlServiceProviderSpiImpl.loginSucceeded(SamlServiceProviderSpiImpl.java:38) [classes:]
at org.jboss.seam.security.external.saml.sp.SamlSpSingleSignOnService.loginUser(SamlSpSingleSignOnService.java:228) [seam-security-external-3.1.0.Final.jar:3.1.0.Final]
at org.jboss.seam.security.external.saml.sp.SamlSpSingleSignOnService.processIDPResponse(SamlSpSingleSignOnService.java:107) [seam-security-external-3.1.0.Final.jar:3.1.0.Final]
at org.jboss.seam.security.external.saml.SamlMessageReceiver.handleIncomingSamlMessage(SamlMessageReceiver.java:186) [seam-security-external-3.1.0.Final.jar:3.1.0.Final]
... 35 more
I use JBOSS 7.1.0-Final, seam-security-external-3.1.0.Final and OpenAM as identity provider.
Here is the implementation of Marcel Kolsteren:
public class SamlServiceProviderSpiImpl implements SamlServiceProviderSpi {
...
@Inject
Event<DeferredAuthenticationEvent> deferredAuthentication;
@Override
public void loginSucceeded(SamlSpSession session, ResponseHolder responseHolder) {
try {
authenticator.success();
deferredAuthentication.fire(new DeferredAuthenticationEvent(true));
responseHolder.getResponse().sendRedirect("index.xhtml");
} catch (IOException e) {
throw new RuntimeException(e);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
...
}
The bold line fires the exception.
Thanks for help!