You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This fixed the issue. But still, it would be nice for Fusionauth to handle this a little more gracefully.
Exception:
java.lang.NullPointerException
at io.fusionauth.api.security.SAMLKeySelector.select(SAMLKeySelector.java:35)
at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:556)
at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:268)
at io.fusionauth.samlv2.service.DefaultSAMLv2Service.verifyEmbeddedSignature(DefaultSAMLv2Service.java:957)
at io.fusionauth.samlv2.service.DefaultSAMLv2Service.parseResponse(DefaultSAMLv2Service.java:592)
at io.fusionauth.api.service.authentication.SAMLv2IdentityProviderAuthenticationService._login(SAMLv2IdentityProviderAuthenticationService.java:91)
at io.fusionauth.api.service.authentication.SAMLv2IdentityProviderAuthenticationService$$EnhancerByGuice$$2d68788c.CGLIB$_login$4(<generated>)
at io.fusionauth.api.service.authentication.SAMLv2IdentityProviderAuthenticationService$$EnhancerByGuice$$2d68788c$$FastClassByGuice$$20fb48ec.invoke(<generated>)
at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
we are facing the same issue with one of our customers. We recently shifted this customer over to FusionAuth from a different Auth system that we used (Keycloak).
The SAML response this customer contains the Signature but not the X509 certificate. They have told me that this works for them with a multitude of other Auth applications -- i.e. they should not need to include X509 certificate. I am not sure if this is the actual case, but could it be that FusionAuth requires the X509 certificate in the SAML response, while it is not a must to be so?
SAML v2 NPE when resolving a public key
Description
A null pointer is thrown when the certificate is not configured correctly. See https://fusionauth.io/community/forum/topic/971/samlv2-error-v1-26-1
Affects versions
?
Steps to reproduce
?
Expected behavior
To fail, but perhaps with more grace.
Related
https://fusionauth.io/community/forum/topic/971/samlv2-error-v1-26-1
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: