Search code examples
jboss7.xsamlsaml-2.0spring-samlshibboleth

How to resolve org.springframework.web.util.NestedServletException: Request processing failed; with SAML

I am developing an application which is authenticating via IDP which ins ADFS server.
So it has some functionality to import IDP metadata from the program level by accessing metadata URL (given below) and update according to the service provider side.

I am experiencing request processing exception when trying to process SAML metadata from the ADFS server URL.

some solutions that I found says it is problem in wildfly8, and fine with Wildfly 7+ and JBoss 7+, but still I am having the same problem.

Server: JBoss EAP 7.1.4 GA
Idp server: ADFS server accessing metadata from the url
https://adfs-server/FederationMetadata/2007-06/FederationMetadata.xml

Idp saml format can be found here

https://www.samltool.com/idp_metadata.php

adfs-server(fake domain)

when trying to read the metadata, below is throwing because of below code snipt as credentialResolver is not loaded and it is null

 private void initHttpMetadata(String url) throws MetadataProviderException
 {
  httpMetadataProvider = new HTTPMetadataProvider(new Timer(true), new HttpClient(), url);
  httpMetadataProvider.setRequireValidMetadata(true);
  httpMetadataProvider.setParserPool(new BasicParserPool());
  httpMetadataProvider.initialize();
  if (httpMetadataProvider != null)
  {
  entityDescriptor = httpMetadataProvider.getEntityDescriptor(entityId);
  if (entityDescriptor != null)
  {
    ssoDescriptor = 
entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
  }
  credentialResolver  = 
 credentialResolverFactory.getInstance(httpMetadataProvider);
}}

exception:

ERROR [se.myApp.platform.auth.metadata.in.AbstractMetadataReader] (default 
task-48) [] There is no single sign out services to update in metadata url, Please contact idp system administrator
ERROR [se.myApp.platform.auth.metadata.in.AbstractMetadataReader] (default task-48) [] There is no single sign on services to update in metadata url, Please contact idp system administrator
ERROR [io.undertow.request] (default task-48) [] UT005023: Exception handling request to /ssoadmin/metadata/search: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:982) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final-redhat-1.jar:1.0.0.Final-redhat-1]
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:65) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1501)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) [undertow-servlet-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:330) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) [undertow-core-1.4.18.SP8-redhat-1.jar:1.4.18.SP8-redhat-1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [rt.jar:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [rt.jar:1.8.0_181]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_181]
 Caused by: java.lang.NullPointerException
at se.myApp.platform.auth.metadata.in.AbstractMetadataReader.getCertificate(AbstractMetadataReader.java:329) [classes:]
at se.myApp.platform.auth.metadata.in.MetadataReader.getCertificate(MetadataReader.java:40) [classes:]
at se.myApp.platform.auth.metadata.in.MetadataReader.readMetadata(MetadataReader.java:91) [classes:]
at se.myApp.platform.auth.metadata.war.controller.MetadataInController.searchMetadata(MetadataInController.java:97) [classes:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_181]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_181]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_181]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) [spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136) [spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:114) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) [spring-webmvc-4.3.3.RELEASE.jar:4.3.3.RELEASE]
... 46 more

I have tried below options:

org.springframework.web.util.NestedServletException: Request processing failed

org.springframework.web.util.NestedServletException: Handler processing failed

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException in REST with Spring

Appreciate your suggesions for this. thanks

Solution

  • The problem is it is trying to connect and read the metadata via ssl, in the ADFS side SSL certificate and Service Provide side (SP) ssl certificates were not trusted as not in the proper hierarchy.

    So both servers should trust each other with the proper SSL certificates. In this case we need to check the certificate which are added in ADFS server ( you can find the certificate in ADFS Management Console--> Certificate path). It is based on the type of certificate may be decryption certificate or token signing certificate.

    For Example:

    if service provider side certificate below certificate path:

     DigiCert-->root A--> companyRoot--> Machine certificate

    if ADFS certificate path:

    1. Must follow a proper path such as:

      DigiCert-->RootA-->*.adfs.com

    2. self-sign certificate will not work for ADFS.

    This was the problem, once corrected the certificates, It was working fine, Thank you all for your efforts and hope this answer clarified for others as well.