2

We're currently encountering errors with a SAML2.0 integration at a client's site. We've succesfully setup the configuration for the SAML module as per the instructions mentioned in the module's documentation. What we see is that if we navigating to /SSO/ on a laptop of one of the internal users, we get a redirect to /SSO/assertion, after which a white page appears with the text "Initializing SSO...", and nothing else happens.  In our system log we can see the following error: Unable to validate Response, see SAMLRequest overview for detailed response. Error: null java.lang.NullPointerException at saml20.implementation.wrapper.MxSAMLAssertion.getNameID(MxSAMLAssertion.java:163) at saml20.implementation.ArtifactHandler.handleSAMLResponse(ArtifactHandler.java:91) at saml20.implementation.ArtifactHandler.handleRequest(ArtifactHandler.java:33) at saml20.implementation.SAMLRequestHandler.processRequest(SAMLRequestHandler.java:172) at com.mendix.externalinterface.connector.RequestHandler.doProcessRequest(RequestHandler.java:40) at com.mendix.external.connector.MxRuntimeConnector$1.execute(MxRuntimeConnector.java:70) at com.mendix.external.connector.MxRuntimeConnector$1.execute(MxRuntimeConnector.java:67) at com.mendix.util.classloading.Runner.doRunUsingClassLoaderOf(Runner.java:33) at com.mendix.external.connector.MxRuntimeConnector.processRequest(MxRuntimeConnector.java:73) at com.mendix.basis.impl.MxRuntimeImpl.processRequest(MxRuntimeImpl.java:876) at com.mendix.m2ee.appcontainer.server.handler.RuntimeHandler.handle(RuntimeHandler.java:41) at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:52) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:368) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:953) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1014) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:861) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) at java.lang.Thread.run(Thread.java:748) Unfortunately, this is the most detailed information we can get from our logging, even with the SAML_SSO lognode set to Trace. The IdP has been setup with "Use NameID" for the assertion, "Disable NameID policy" checked and Authentication context "Minimum (stronger than)". For Authentication Context Classes, we have "Integrated Windows Authentication" selected. All these settings are as per the answer provided by Jasper as most commonly encountered setups in this topic. Does anyone have a clue what's going wrong here? Edit:  Eric, here's a sample XML response <removed>   Edit 2: Thanks for all the input everybody. In the end the cause was a configuration error at the system administrator (ADFS) side. They had not properly setup the claim rules. Thanks for the pointer in the right direction regarding the SAML response. The important thing I noticed was that the Subject tags didn't have any NameID attribute set and included in the response.   Edit 3: I can't close my topic?

asked 2017-10-10

2 answers