[IdP] [IDP] Object reference not set to an instance of an object error

Forge Component
(32)
Published on 7 Jan by Telmo Martins
32 votes
Published on 7 Jan by Telmo Martins

Hi,
We are getting an "Object reference not set to an instance of an object." error when the user request a SAML login.

Following is the SAML response.

=====
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
                xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                ID="i3UL7DI1DiQooWruVtoB3KFg2RqNMQ6AqJO6sEmdb"
                InResponseTo="id_t20_a57d0fcff183495ab32c264dbfe9719c"
                IssueInstant="2019-03-12T05:03:30Z"
                Version="2.0">
                <samlp:Status>
                <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
                </samlp:Status>
                <Assertion ID="idnZNtbF3mkIip1bjWjgAyefOKFwREB4kVvZnjrgF"
               IssueInstant="2019-03-12T05:03:30Z"
               Version="2.0"
               xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
               <Issuer>http://icewall.mw.ctc-g.co.jp/fw/dfw/tc/iwidp</Issuer>
               <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
               <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
               <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
               <Reference URI="#idnZNtbF3mkIip1bjWjgAyefOKFwREB4kVvZnjrgF">
               <Transforms>
               <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
               <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </Transforms>
               <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
               <DigestValue>xl/V5uaIfwIHyK2z+N1YLc2WLKQ=</DigestValue>
               </Reference> </SignedInfo>
               <SignatureValue>X8Mpj+G8JJ9xW0F1In9z7WC2X9b2PUjWY+q6Anko6jcpXQtiNcamjwxNvRhe0YQbpgGUtM1vsd66 rBN3DU7/n6DLtUrGQdZeXV5Olf9OiHEpgi4TeUGBsCTMBOAKaJwcv3heVm1jVajNhHDlOxl3kjR6 m6FGcl6cM/4hH4UV7II=</SignatureValue>
               </Signature>
               <Subject>
               <NameID>samltest</NameID>
               <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
               <SubjectConfirmationData InResponseTo="id_t20_a57d0fcff183495ab32c264dbfe9719c"
                                         NotOnOrAfter="2019-03-12T05:13:30Z"
                                         Recipient="http://10.116.13.240/IdP/SSO.aspx"
                                         />
               </SubjectConfirmation> </Subject>
               <Conditions NotBefore="2019-03-12T04:58:30Z" NotOnOrAfter="2019-03-12T05:13:30Z">
               <AudienceRestriction> <Audience>http://10.116.13.240/IdP/SSO.aspx</Audience> </AudienceRestriction> </Conditions>
               <AuthnStatement AuthnInstant="2019-03-12T05:03:30Z"> <AuthnContext>
               <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
               </AuthnContext> </AuthnStatement> </Assertion>
</samlp:Response>
=====

Is there anything wrong with that?
It will be helpful if you can point out.

Thanks,

Hiroko

Hi Hiroko,


The error it's due your IdPserver is not sending in the response message the destination URL:

<saml:Response .... Destination="https://<your_environment>/IdP/SSO.aspx" ...>


If for some reason your IdP server is really unable to send that property in the response, you'll need a quick change on the code to allow that field to be missing on the response.


Regards