SAML2AttributeHandler and Global logout
mksplg May 15, 2012 5:50 AMHi,
I am using the SAML2AttributeHandler to send the email, firstname and lastname from the IDP to a SP. When I try to logout by adding "?GLO=true" to the current URL, the SAML2AttributeHandler throws an exception Assertion not found in the handler request on the SP side.
11:41:56,801 ERROR [org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator] (http-localhost-127.0.0.1-8080-1) Server Exception:: java.lang.RuntimeException: PL00092: Null Value:Assertion not found in the handler request:{CONFIGURATION=org.picketlink.identity.federation.core.config.SPType@60b24245}
at org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler.handleIDPResponse(SAML2AttributeHandler.java:175) [picketlink-fed-2.0.3.Final.jar:2.0.3.Final]
at org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler.handleStatusResponseType(SAML2AttributeHandler.java:146) [picketlink-fed-2.0.3.Final.jar:2.0.3.Final]
at org.picketlink.identity.federation.web.process.SAMLHandlerChainProcessor.callHandlerChain(SAMLHandlerChainProcessor.java:72) [picketlink-fed-2.0.3.Final.jar:2.0.3.Final]
at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:174) [picketlink-fed-2.0.3.Final.jar:2.0.3.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator.handleSAMLResponse(SPRedirectFormAuthenticator.java:264) [picketlink-bindings-2.0.3.Final.jar:2.0.3.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator.authenticate(SPRedirectFormAuthenticator.java:170) [picketlink-bindings-2.0.3.Final.jar:2.0.3.Final]
at org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator.authenticate(SPRedirectFormAuthenticator.java:121) [picketlink-bindings-2.0.3.Final.jar:2.0.3.Final]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.10.Final.jar:]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:154) [jboss-as-web-7.1.0.Final.jar:7.1.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.10.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.10.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.10.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.10.Final.jar:]
at java.lang.Thread.run(Thread.java:679) [rt.jar:1.6.0_23]
Do you know what could cause this problem. Maybe this happens because the user got logged out by the SAML2LogoutHandler before the AttributeHandler was called.
Please let me know, if you need any other information.
Cheers,
Markus