spring-projects-issues
commented
14 years ago Vladimir Schäfer said:
More descriptive message is now included in the raised exception.
Closed spring-projects-issues closed 12 years ago
spring-projects-issues
commented
14 years ago Vladimir Schäfer said:
More descriptive message is now included in the raised exception.
Rob Moore (Migrated from SES-47) said:
ADFS does not return a subject name identifier by default but can be configured to do so:
http://blogs.msdn.com/card/archive/2010/02/17/name-identifiers-in-saml-assertions.aspx
The issue occurs when ADFS has not been configured this way as no subject name identifier will be provided and the following error will occur:
java.lang.IllegalArgumentException: SAMLBase object can't be created with null object argument at org.springframework.security.saml.parser.SAMLBase.(SAMLBase.java:64)
at org.springframework.security.saml.parser.SAMLObject.(SAMLObject.java:43)
at org.springframework.security.saml.SAMLCredential.(SAMLCredential.java:66)
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processResponse(WebSSOProfileConsumerImpl.java:206)
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:87)
...
I think it would be useful to have the code in WebSSOProfileConsumerImpl.processResponse() check for the existence of the subject name identifier returned from context.getSubjectNameIdentifier() before attempting to create the SAMLCredential and log an error if it is null.