Shibboleth Developers

[Brent Putman <>]

Hi Halm,


On 1/5/11 4:47 AM, Halm Reusser wrote:
> 
> 
> - Error occurred while processing request
> java.lang.NullPointerException: null
>     at
> edu.internet2.middleware.shibboleth.idp.ext.delegation.profile.DelegationAwareSAML2SSOProfileHandler.buildLibertSSOSEPRAttributeValue(DelegationAwareSAML2SSOProfileHandler.java:322)
> 

> I looked at the code (DelegationAwareSAML2SSOProfileHandler) and it
> seems that XMLObjectBuilder<MetadataAbstract> abstractBuilder created by
> getBuilderFactory().getBuilder(LibertyConstants.DISCO_ABSTRACT_ELEMENT_NAME)
> 
> is null (unchecked).


Yes, I agree, the null on line 322 would suggest that's exactly the problem.


> 
> 
> 
> Brent, the NPE looks like a bug. Do you have any hint to debug further?
> If I should test something, let me know. But unfortunately I'm not able
> to reproduce same error on test and I don't like to redeploy the
> software on production if I'm unsure that it has some positive affect :-)
> 


I think the problem you have is related to missing or incorrect
configuration of the XMLObject providers from the Liberty schemas.
Double-check that in production you implemented step 3 of the
INSTALL.txt with the modifications to shibboleth.OpensamlConfig bean in
internal.xml.  There's 3 provider configs that you have to add there.
The one that's either missing or typoed or whatever would be the
/disco-config.xml one, which has the config for that MetadataAbstract
provider.

Note that internal.xml is not reloadable on-the-fly, so you have to stop
and restart the IdP webapp in order for changes to take effect.

What's basically happening is that the OpenSAML Configuration can't
lookup the builder for that element. I don't like NPE's showing up in
code, but it's an unfortunate fact that throughout the IdP, we don't
check for null when we lookup builders, marshallers and unmarshallers.
We probably should, but it would entail updating probably thousands of
calls.