search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
746 stars 724 forks source link

JIT provisioning with any option other than 'Silent' is throwing an error #11680

Open johannnallathamby opened 3 years ago

johannnallathamby commented 3 years ago

Describe the issue: JIT provisioning with any option other than 'Silent' is throwing an error

How to reproduce:

  1. Set up multi-attribute authentication with email address claim
  2. Configured Facebook as an IdP and set up JIT provisioning to PRIMARY userstore with password and consent. Screenshot 2021-05-02 at 22 13 34 Screenshot 2021-05-02 at 22 13 50
  3. Configured Pickup Manager to be federated to Facebook
  4. Got the following error:

UI:

Screenshot 2021-05-02 at 22 15 55

Backend log:

[2021-05-02 22:15:32,560] [01d71813-26cc-4086-b656-d890eda53bd3] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework java.lang.NullPointerException at java.base/java.net.URLEncoder.encode(URLEncoder.java:224) at java.base/java.net.URLEncoder.encode(URLEncoder.java:196) at org.wso2.carbon.identity.core.internal.DefaultServiceURLBuilder.getResolvedParamString(DefaultServiceURLBuilder.java:199) at org.wso2.carbon.identity.core.internal.DefaultServiceURLBuilder.access$100(DefaultServiceURLBuilder.java:52) at org.wso2.carbon.identity.core.internal.DefaultServiceURLBuilder$ServiceURLImpl.fetchRelativePublicUrl(DefaultServiceURLBuilder.java:521) at org.wso2.carbon.identity.core.internal.DefaultServiceURLBuilder$ServiceURLImpl.fetchAbsolutePublicUrl(DefaultServiceURLBuilder.java:493) at org.wso2.carbon.identity.core.internal.DefaultServiceURLBuilder$ServiceURLImpl.(DefaultServiceURLBuilder.java:320) at org.wso2.carbon.identity.core.internal.DefaultServiceURLBuilder$ServiceURLImpl.(DefaultServiceURLBuilder.java:287) at org.wso2.carbon.identity.core.internal.DefaultServiceURLBuilder.build(DefaultServiceURLBuilder.java:93) at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.JITProvisioningPostAuthenticationHandler.redirectToAccountCreateUI(JITProvisioningPostAuthenticationHandler.java:542) at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.JITProvisioningPostAuthenticationHandler.handleRequestFlow(JITProvisioningPostAuthenticationHandler.java:326) at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.JITProvisioningPostAuthenticationHandler.handle(JITProvisioningPostAuthenticationHandler.java:153) at org.wso2.carbon.identity.application.authentication.framework.services.PostAuthenticationMgtService.executePostAuthnHandler(PostAuthenticationMgtService.java:116) at org.wso2.carbon.identity.application.authentication.framework.services.PostAuthenticationMgtService.handlePostAuthentication(PostAuthenticationMgtService.java:82) at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handlePostAuthentication(DefaultAuthenticationRequestHandler.java:229) at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:194) at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:274) at org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53) at org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doGet(CommonAuthenticationServlet.java:43) at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilter(CaptchaFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:115) at org.wso2.carbon.tomcat.ext.valves.SameSiteCookieValve.invoke(SameSiteCookieValve.java:38) at org.wso2.carbon.identity.cors.valve.CORSValve.invoke(CORSValve.java:89) at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110) at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:115) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:101) at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49) at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690) at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49) at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:126) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:832)

Expected behavior: JIT provisioning should happen successfully.

Environment information (Please complete the following information; remove any unnecessary fields) :

IsuraD commented 3 years ago

Tried to reproduce with the same configs, but could not reproduce.

johannnallathamby commented 3 years ago

@IsuraD I was able to resolve this issue by removing the custom claim mapping for middle_name which I haven't mapped to any specific local attribute. Though it is a user misconfiguration, I believe for a better user experience we need to handle such edge cases. I am just stating this here for someone who may come across the same issue.

I think you can keep the issue open but lower the priority for this issue.