• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

SAML error 500 (version 1.7.4)

Scheduled Pinned Locked Moved
Q&A
3
9
5.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jmarin
    last edited by 11 Jun 2020, 18:54

    Hello. I started using docker FusionAuth v 1.6.1 with OAuth. Then tried to use FusionAuth as IdP with SAML it not worked. Metadata was wrong.
    After reading a lot about it I upgraded step by step to v 1.7.4 which is supposed to has some bug fixed about it. The service provider uptaded our new metadata and it worked, but, during SAML authentication process FusionAuth shows an error 500 (internal server error).

    The logs I can see in FA is:

    PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
    java.lang.NullPointerException: null
    	at io.fusionauth.samlv2.service.DefaultSAMLv2Service.parseRequest(DefaultSAMLv2Service.java:471)
    	at io.fusionauth.app.action.samlv2.LoginAction.get(LoginAction.java:92)
    	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    	at java.lang.reflect.Method.invoke(Method.java:498)
    	at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:436)
    	at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.execute(DefaultActionInvocationWorkflow.java:84)
    	at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.perform(DefaultActionInvocationWorkflow.java:64)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:47)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:60)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:50)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:52)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:57)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:102)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:58)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:45)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:126)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.workflow.StaticResourceWorkflow.perform(StaticResourceWorkflow.java:97)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.parameter.RequestBodyWorkflow.perform(RequestBodyWorkflow.java:89)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:57)
    	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:43)
    	at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:91)
    	at org.primeframework.mvc.workflow.DefaultWorkflowChain.continueWorkflow(DefaultWorkflowChain.java:44)
    	at org.primeframework.mvc.servlet.FilterWorkflowChain.continueWorkflow(FilterWorkflowChain.java:50)
    	at org.primeframework.mvc.servlet.PrimeFilter.doFilter(PrimeFilter.java:84)
    	at com.inversoft.maintenance.servlet.MaintenanceModePrimeFilter.doFilter(MaintenanceModePrimeFilter.java:59)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at com.inversoft.servlet.UTF8Filter.doFilter(UTF8Filter.java:27)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
    	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
    	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1468)
    	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    	at java.lang.Thread.run(Thread.java:748)
    

    The parameters I can see in the last call the browser does before obtaining the error are:
    SAMLRequest, RelayState, SigAlg, and Signature.

    Y have tried allmost everything; but I can not make it work.

    1 Reply Last reply Reply Quote 0
    • D
      dan
      last edited by dan 6 Nov 2020, 21:06 11 Jun 2020, 21:05

      Hi,

      The latest version of FusionAuth is 1.17.0. 1.7.4 is quite a few versions behind. Can you go through the upgrade steps in the release notes? Or perhaps test with a separate server to see if 1.17.0 works with the SAML SP you need?

      Which SP are you trying to use FusionAuth as the IdP for?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      J 1 Reply Last reply 12 Jun 2020, 14:56 Reply Quote 0
      • J
        jmarin @dan
        last edited by 12 Jun 2020, 14:56

        Hello @dan,
        I plan to upgrade to the latest version in a near future. I already tried upgrading in testing environment but it was unsuccessful to continue ahead version 1.7.4 because upgrade errors (I have to review this later), and I have to be sure before doing it in production environment. Anyway it is supposed version 1.7.4 has the SAML bugs fixed, as I didn't find anything more related to SAML on release notes after that version.

        I don't fully understand the SAML integration process with FusionAuth, because I couldn't find a place to upload the SP metadata into FusionAuth (and I'm not sure if I have to do that).

        The SP is Rosetta Stone (https://www.rosettastone.com/)

        0bf689ec-c8fc-4422-898b-aa343186d191-imagen.png

        1 Reply Last reply Reply Quote 0
        • D
          dan
          last edited by 15 Jun 2020, 15:39

          Hmmm.

          The SAML metadata goes into the "SAML" tab of your application. Here's an example with Zendesk: https://fusionauth.io/docs/v1/tech/samlv2/zendesk

          I see you have excerpted that tab. Is there metadata that doesn't fit there?

          If you are looking to modify metadada on a user by user basis, you probably want the reconciliation lambda, documented here: https://fusionauth.io/docs/v1/tech/lambdas/samlv2-response-reconcile

          --
          FusionAuth - Auth for devs, built by devs.
          https://fusionauth.io

          1 Reply Last reply Reply Quote 0
          • R
            robotdan
            last edited by 15 Jun 2020, 16:23

            @jmarin the fix you're looking for is was in FusionAuth version 1.11.0, if you upgrade to version 1.11.0 or later this issues should be resolved. https://fusionauth.io/docs/v1/tech/release-notes#version-1-11-0

            J 1 Reply Last reply 18 Jun 2020, 12:21 Reply Quote 1
            • J
              jmarin @robotdan
              last edited by jmarin 18 Jun 2020, 12:21

              @dan, the SP provider sent me their metadata as an xml file, and I didn't find how to import it to FusionAuth. I already did read documentation and it is not clear to me what lambda are and how it work.

              @robotdan, I will try upgrading to version 1.11.0 or the latest one if it is possible. Just, in my tests, upgrade from 1.7.4 to 1.8.0 RC1 failed. I'm using docker and was upgrading one next version at time to allow db migration the right way, as I understand. I need to find how to do it.

              Thanks you both

              1 Reply Last reply Reply Quote 2
              • D
                dan
                last edited by 18 Jun 2020, 14:32

                @jmarin Ah, we don't handle direct import from XML of SAML metadata. You'll need to consult their docs and map what is in the file into the settings in the SAML tab. Please feel free to post a question here if there are difficulties.

                --
                FusionAuth - Auth for devs, built by devs.
                https://fusionauth.io

                J 1 Reply Last reply 18 Jun 2020, 19:08 Reply Quote 1
                • J
                  jmarin @dan
                  last edited by 18 Jun 2020, 19:08

                  @dan I already did that at first instance, but there is a lot more metadata to include.

                  D 1 Reply Last reply 18 Jun 2020, 19:12 Reply Quote 0
                  • D
                    dan @jmarin
                    last edited by 18 Jun 2020, 19:12

                    @jmarin Interesting. What instructions are you working off of from Rosetta Stone?

                    --
                    FusionAuth - Auth for devs, built by devs.
                    https://fusionauth.io

                    1 Reply Last reply Reply Quote 0
                    • F fred.fred referenced this topic on 28 Apr 2022, 18:04
                    9 out of 9
                    • First post
                      9/9
                      Last post