search

Internet2 / Shibboleth-Multi-Context-Broker

Shibboleth Multi-context Broker
4 stars 7 forks source link

UIInfo null language nullpointerexception #24

Open Sepiidae opened 9 years ago

Sepiidae commented 9 years ago

When our metadata is read MCB throws the following exception due to a missing null pointer check.

16:28:03.842 - ERROR [edu.internet2.middleware.assurance.mcb.authn.provider.MCBLoginServlet:602] - Exception calling submodule. java.lang.NullPointerException: null at edu.internet2.middleware.assurance.mcb.authn.provider.ui.IDPUIHandler.getServiceLogo(IDPUIHandler.java:190) ~[IDPUIHandler.class:na] at edu.internet2.middleware.assurance.mcb.authn.provider.MCBLoginServlet.doVelocity(MCBLoginServlet.java:692) [MCBLoginServlet.class:na] at edu.uchicago.identity.mcb.authn.provider.duo.DuoLoginSubmodule.displayLogin(DuoLoginSubmodule.java:102) ~[DuoLoginSubmodule.class:2.1.0] at edu.internet2.middleware.assurance.mcb.authn.provider.MCBLoginServlet.showMethods(MCBLoginServlet.java:594) [MCBLoginServlet.class:na] at edu.internet2.middleware.assurance.mcb.authn.provider.MCBLoginServlet.service(MCBLoginServlet.java:138) [MCBLoginServlet.class:na] at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) [servlet-api.jar:na]

Example UIInfo

md:Extensionsmdui:UIInfoFAU Workday - fau3 - P3/mdui:DisplayNameWorkday is designed to work the way we work today and enables nimble processes for the data driven organization. Log in to manage your, information, request time off, access pay stubs, purchases, and other related tasks. Users without an FAUNet ID may use the following link to login <a href="https://impl.workday.com/fau3/login.flex?redirect=n"">directly to Workday</a>. /mdui:Descriptionhttp://www.workday.com/mdui:InformationURLhttps://images.workday.com/shared/wd-logo.gif/mdui:Logo/mdui:UIInfo/md:Extensions md:KeyDescriptor ds:KeyInfo ds:X509Data
langedb commented 9 years ago

While I agree that we shouldn't throw an NPE in this case, you cannot put links into the MDUI elements in general.

akadiyala commented 9 years ago

We have observed a similar behavior with MCB throwing NPE with mdui extentions with a logo url is present in an SP's metadata.

DEBUG [edu.internet2.middleware.assurance.mcb.authn.provider.ui.IDPUIHandler:188] - Found Logo in UIInfo, language=null ERROR [edu.internet2.middleware.assurance.mcb.authn.provider.MCBLoginServlet:758] - Exception calling submodule. java.lang.NullPointerException: null

And these extensions were valid and were working with Shib Idp 2.4.4 without the MCB. When these extensions were removed, MCB started working normal.

Here are the extentions that were present in the blackboard's metadata:

University of Miami - Blackboard Learn/mdui:DisplayName This is the University of Miami Production Blackboard Service/mdui:Description https://www.courses.miami.edu/shibboleth-sp/logo.png/mdui:Logo http://www.blackboard.com/Footer/Privacy-Center.aspx/mdui:PrivacyStatementURL /mdui:UIInfo
akadiyala commented 9 years ago

Problem is the following code not checking for Null language value .getXMLLang().equals(lang) in the following methods of IDPUIHandler.java getServiceName() getServiceLogo() getInformationURL() getPrivacyURL() when a language element lang="en" is missing in any of the mdui extention tag mdui:UIInfo

Our mdui:Logo element did not have this declared. Hence the NPE.