536
Views
7
Comments
Solved
[IdP] "Object reference not set to an instance of an object" error
Question
Forge component by Rui Barbosa
44
Published on 07 Oct 2020

We are getting an "Object reference not set to an instance of an object." error in Service Center when the user request a single logout. Actually for each request for single logout two lines with the same error are generated at Service Center logs, as the details bellow:


First error

Time of Log: 22/11/2018 15:54:02

eSpace: IdP

Module: 

Message: Object reference not set to an instance of an object.

Environment Information: 

eSpaceVer: 44 (Id=17664, PubId=17606, CompiledWith=10.0.900.0)
RequestUrl: https://somedoain/IdP/SLO.aspx (Method: POST)
AppDomain: /LM/W3SVC/1/ROOT/IdP-4321-131866049137394014
FilePath: C:\...\PS\running\IdP.1556661045\SamlSLO.aspx
.NET: 4.0.30319.42000

Stack: 

Object reference not set to an instance of an object.
   at ssIdP.RssExtensionXml.MssXmlElement_GetInnerText(HeContext heContext, Object inParamXmlElement, String& outParamInnerText)
   at ssIdP.Actions.ActionRetrieveMessageIDsFromSamlMessage(HeContext heContext, String inParamSamlMessage, Boolean inParamGetIssuer, String& outParamMessageId, String& outParamResponseId, String& outParamIssuer)


Second error

Time of Log: 22/11/2018 15:54:02

eSpace: IdP

Module: Extension metho

Message: Object reference not set to an instance of an object.

Environment Information: 

eSpaceVer: 44 (Id=17664, PubId=17606, CompiledWith=10.0.900.0)
RequestUrl: https://somedomain/IdP/SLO.aspx (Method: POST)
AppDomain: /LM/W3SVC/1/ROOT/IdP-4321-131866049137394014
FilePath: C:\...\PS\running\IdP.1556661045\SamlSLO.aspx
.NET: 4.0.30319.42000

Stack: 

Object reference not set to an instance of an object.
   at OutSystems.NssXml.CssXml.MssXmlElement_GetInnerText(Object ssXmlElement, String& ssInnerText)
   at ssIdP.RssExtensionXml.MssXmlElement_GetInnerText(HeContext heContext, Object inParamXmlElement, String& outParamInnerText)


Despite the error, the logout process are finished successfully, I mean, user's sessions is endded on Outsystems and on Identity Provider, in our case OpenAM. 


We need to worry about these messages? Do you have seen this before?


Thank's,


Tiago

Staff
Rank: #41
Solution

Hi Tiago,


That's an issue on the component side due the namespaces of your saml message. We need to search for the Issuer regardless if it's "inside" a namespace or not.

To fix it set the XPathString input to : "*[local-name() = 'Issuer']"


Regards.

Staff
Rank: #41

Hi Tiago,

On the first error that's the whole stack error? The remaining stack is needed to check if it was while checking the logout request or logout response.

The error itself it's due it cannot retrieve the Issuer from the message. In the saml message logs the messages are all without error?

Also the Logout is initiated by the IdP connector or IdP server?

Regards


Hello Telmo,

It is the complete stack error that Service Center logs show me; there is another placte to get a full version?

In the saml message logs there is no error; I can see a logout request and logout response, both valid. 

The logout is initiated by SP, in this case, the IdP connector.

Best regards

Staff
Rank: #41

Hi Tiago,

Ok, in that case only through debug on that action it will be possible to understand what's causing that, and on which screen flow are we.

Regards

Hi Telmo,

I got back to this error, make a debug and could identify the follow:


The exception occurs in RetrieveMessageIDsFromSamlMessage action when it calls XmlElement_SelectSingleNode method with "Issuer" value for XPathString parameter; the output is used as input parameter in the next action XmlElement_GetInnerText, but it is not available and the exception occurs. 


In saml logout responses I can find Issuer node, and its value match with IdP Server Issuer/Entity ID configuration:

<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                      ID="se323f8ecdf939fd27e6a68f9128cfed309615737"
                      Version="2.0"
                      IssueInstant="2019-04-03T20:23:34Z"
                      Destination="https://appdev.unimedbh.com.br/IdP/SLO.aspx"
                      InResponseTo="id_9ac3a16a26e5429b842d948d30be6d27">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">UnimedBHIdP</saml:Issuer>
  <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                      Value="urn:oasis:names:tc:SAML:2.0:status:Success">
    </samlp:StatusCode>
  </samlp:Status>
</samlp:LogoutResponse>


Configuration hint says that this value should be a URL, but our IdP server already exists, so we have to use this way. This could be cause XmlElement_SelectSingleNode not identify the node in xml? Can you see another problem in the response that could generate this problem?


This flow's part is executed because RetrieveMessageIDsFromSamlMessage is called with input parameter GetIssuer as True; 



Can you see any side effects in changing its value to default (False)? I see that in Login flow it is called this way...


Thanks in advance.


Tiago









Staff
Rank: #41
Solution

Hi Tiago,


That's an issue on the component side due the namespaces of your saml message. We need to search for the Issuer regardless if it's "inside" a namespace or not.

To fix it set the XPathString input to : "*[local-name() = 'Issuer']"


Regards.

Hi Telmo,


I modified XPathString's values and it works. Thank you.

Note: We are using IdP Connector with Forge Rock OpenAM as IdP server; if you want to include it in component description.


Regards,


Tiago

Rank: #82447

An Object is an instance of a Class , it is stored some where in memory. A reference is what is used to describe the pointer to the memory location where the Object resides. The message "object reference not set to an instance of an object" means that you are referring to an object the does not exist or was deleted or cleaned up. It's usually better to avoid a NullReferenceException than to handle it after it occurs. To prevent the error, objects that could be null should be tested for null before being used.

if (mClass != null)

{

  // Go ahead and use mClass

  mClass.property = ...

}

else

{

  // Attempting to use mClass here will result in NullReferenceException

}