Uploaded image for project: 'SAML for Atlassian Data Center'
  1. SAML for Atlassian Data Center
  2. SAMLDC-109

NullPointerException when username mapping is not found in the list of attributes returned by the IdP

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 4.3.0
    • SSO

      Issue Summary

      Attempting to authenticate using the SAML SSO feature when the value of the username mapping cannot be found in the list of attributes returned by the IdP results in a java.lang.NullPointerException.

      Steps to Reproduce

      1. Create a new SAML single sign-on authentication configuration.
      2. Fill in all the details in the form (e.g. Single sign-on issuer, Identity provider single sign-on URL and etc).
      3. Use an IdP attribute in the username mapping field that doesn't exist e.g. ${Name123}
      4. Attempt to log in with a test user account.

      Expected Results

      The app should catch the exception and provide a meaningful error message explaining why the authentication didn't work.

      Actual Results

      We get an Internal Server Error (500) when attempting to log in using the SAML SSO feature with the following stack trace:

      atlassian-bamboo.log
      Version: 8.1.3
Build: 80110
Build Date: 17 Feb 2022

Request information:

Request URL: http://bamboo.com/500.action
Scheme: https
Server: bamboo.com
Port: 443
URI: /500.action
Context path:
Servlet path: /500.action
Path info:
Query string:
Stack Trace:

java.lang.NullPointerException
	at com.google.common.collect.Iterables.getOnlyElement(Iterables.java:263)
	at com.atlassian.plugins.authentication.sso.web.saml.SamlConsumerServlet.getAttributeOrNameId(SamlConsumerServlet.java:176)
	at com.atlassian.plugins.authentication.sso.web.saml.SamlConsumerServlet.lambda$getUsername$7(SamlConsumerServlet.java:172)
	at java.base/java.util.stream.Collectors.lambda$uniqKeysMapAccumulator$1(Collectors.java:178)
	at java.base/java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169)
	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
	at com.atlassian.plugins.authentication.sso.web.usercontext.impl.jit.mapping.MappingExpression.evaluateWithValues(MappingExpression.java:97)
	at com.atlassian.plugins.authentication.sso.web.saml.SamlConsumerServlet.getUsername(SamlConsumerServlet.java:172)
	at com.atlassian.plugins.authentication.sso.web.saml.SamlConsumerServlet.doPost(SamlConsumerServlet.java:102)
        ...

      Workaround

      Capture the IdP response while logging in with a test user account (How to view SAML responses in your browser for troubleshooting) and check the name of the tag in the SAML assertion response that contains the user's username and use that in the username mapping field.

            [SAMLDC-109] NullPointerException when username mapping is not found in the list of attributes returned by the IdP

            There are no comments yet on this issue.

              Unassigned Unassigned
              brosa Bruno Rosa
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated: