NullPointerException on REST access with SAML SSO in BRMS/BPM Suite

Solution In Progress - Updated -

Issue

  • http://localhost:8080/business-central/rest/controller/management/servers/ throws exception:
java.lang.NullPointerException
    org.jboss.errai.security.shared.api.GroupImpl.hashCode(GroupImpl.java:59)
    java.util.HashMap.hash(HashMap.java:338)
    java.util.HashMap.put(HashMap.java:611)
    java.util.HashSet.add(HashSet.java:219)
    java.util.AbstractCollection.addAll(AbstractCollection.java:344)
    java.util.HashSet.<init>(HashSet.java:119)
    org.jboss.errai.security.shared.api.identity.UserImpl.<init>(UserImpl.java:79)
    org.jboss.errai.security.shared.api.identity.UserImpl.<init>(UserImpl.java:68)
    org.uberfire.ext.security.server.ServletSecurityAuthenticationService.getUser(ServletSecurityAuthenticationService.java:115)
    org.uberfire.ext.security.server.ServletSecurityAuthenticationService.login(ServletSecurityAuthenticationService.java:60)
...

standalone.xml

                <security-domain name="sp_saml">
                    <authentication>
                        <login-module code="RealmDirect" flag="optional">
                        <module-option name="password-stacking" value="useFirstPass"/>
                    </login-module>
                    <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="optional">
                        <module-option name="password-stacking" value="useFirstPass"/>
                    </login-module>
                        ...

jboss-web.xml

<jboss-web>
  <security-domain>sp_saml</security-domain>
    <valve>
       <class-name>org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator</class-name>
  </valve>
</jboss-web>

picketlink.xml

<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
  <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
                ServerEnvironment="tomcat"
                BindingType="REDIRECT" RelayState="someURL">
      <IdentityURL>${picketlink.idp.url}</IdentityURL>
      <ServiceURL>${picketlink.sp.url}</ServiceURL>
  </PicketLinkSP>
  <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
    <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
    <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler">
      <Option Key="ASSERTION_SESSION_ATTRIBUTE_NAME" Value="org.picketlink.sp.assertion"/>
          <Option Key="ROLE_KEY" Value="Role"/>  <!--  FIXME:  set this value to limit the roles that are found -->
    </Handler>
    <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler"/>
  </Handlers>
</PicketLink>

Environment

  • Red Hat JBoss BPM Suite
    • 6.4.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.