[IdP] "Object reference not set to an instance of an object" error

Forge Component
(32)
Published on 16 Apr (9 days ago) by Telmo Martins
32 votes
Published on 16 Apr (9 days ago) by Telmo Martins

We are getting an "Object reference not set to an instance of an object." error in Service Center when the user request a single logout. Actually for each request for single logout two lines with the same error are generated at Service Center logs, as the details bellow:


First error

Time of Log: 22/11/2018 15:54:02

eSpace: IdP

Module: 

Message: Object reference not set to an instance of an object.

Environment Information: 

eSpaceVer: 44 (Id=17664, PubId=17606, CompiledWith=10.0.900.0)
RequestUrl: https://somedoain/IdP/SLO.aspx (Method: POST)
AppDomain: /LM/W3SVC/1/ROOT/IdP-4321-131866049137394014
FilePath: C:\...\PS\running\IdP.1556661045\SamlSLO.aspx
.NET: 4.0.30319.42000

Stack: 

Object reference not set to an instance of an object.
   at ssIdP.RssExtensionXml.MssXmlElement_GetInnerText(HeContext heContext, Object inParamXmlElement, String& outParamInnerText)
   at ssIdP.Actions.ActionRetrieveMessageIDsFromSamlMessage(HeContext heContext, String inParamSamlMessage, Boolean inParamGetIssuer, String& outParamMessageId, String& outParamResponseId, String& outParamIssuer)


Second error

Time of Log: 22/11/2018 15:54:02

eSpace: IdP

Module: Extension metho

Message: Object reference not set to an instance of an object.

Environment Information: 

eSpaceVer: 44 (Id=17664, PubId=17606, CompiledWith=10.0.900.0)
RequestUrl: https://somedomain/IdP/SLO.aspx (Method: POST)
AppDomain: /LM/W3SVC/1/ROOT/IdP-4321-131866049137394014
FilePath: C:\...\PS\running\IdP.1556661045\SamlSLO.aspx
.NET: 4.0.30319.42000

Stack: 

Object reference not set to an instance of an object.
   at OutSystems.NssXml.CssXml.MssXmlElement_GetInnerText(Object ssXmlElement, String& ssInnerText)
   at ssIdP.RssExtensionXml.MssXmlElement_GetInnerText(HeContext heContext, Object inParamXmlElement, String& outParamInnerText)


Despite the error, the logout process are finished successfully, I mean, user's sessions is endded on Outsystems and on Identity Provider, in our case OpenAM. 


We need to worry about these messages? Do you have seen this before?


Thank's,


Tiago

Hi Tiago,

On the first error that's the whole stack error? The remaining stack is needed to check if it was while checking the logout request or logout response.

The error itself it's due it cannot retrieve the Issuer from the message. In the saml message logs the messages are all without error?

Also the Logout is initiated by the IdP connector or IdP server?

Regards


Hello Telmo,

It is the complete stack error that Service Center logs show me; there is another placte to get a full version?

In the saml message logs there is no error; I can see a logout request and logout response, both valid. 

The logout is initiated by SP, in this case, the IdP connector.

Best regards

Hi Tiago,

Ok, in that case only through debug on that action it will be possible to understand what's causing that, and on which screen flow are we.

Regards

Hi Telmo,

I got back to this error, make a debug and could identify the follow:


The exception occurs in RetrieveMessageIDsFromSamlMessage action when it calls XmlElement_SelectSingleNode method with "Issuer" value for XPathString parameter; the output is used as input parameter in the next action XmlElement_GetInnerText, but it is not available and the exception occurs. 


In saml logout responses I can find Issuer node, and its value match with IdP Server Issuer/Entity ID configuration:

<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                      ID="se323f8ecdf939fd27e6a68f9128cfed309615737"
                      Version="2.0"
                      IssueInstant="2019-04-03T20:23:34Z"
                      Destination="https://appdev.unimedbh.com.br/IdP/SLO.aspx"
                      InResponseTo="id_9ac3a16a26e5429b842d948d30be6d27">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">UnimedBHIdP</saml:Issuer>
  <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                      Value="urn:oasis:names:tc:SAML:2.0:status:Success">
    </samlp:StatusCode>
  </samlp:Status>
</samlp:LogoutResponse>


Configuration hint says that this value should be a URL, but our IdP server already exists, so we have to use this way. This could be cause XmlElement_SelectSingleNode not identify the node in xml? Can you see another problem in the response that could generate this problem?


This flow's part is executed because RetrieveMessageIDsFromSamlMessage is called with input parameter GetIssuer as True; 



Can you see any side effects in changing its value to default (False)? I see that in Login flow it is called this way...


Thanks in advance.


Tiago









Solution

Hi Tiago,


That's an issue on the component side due the namespaces of your saml message. We need to search for the Issuer regardless if it's "inside" a namespace or not.

To fix it set the XPathString input to : "*[local-name() = 'Issuer']"


Regards.

Solution

Hi Telmo,


I modified XPathString's values and it works. Thank you.

Note: We are using IdP Connector with Forge Rock OpenAM as IdP server; if you want to include it in component description.


Regards,


Tiago