Question

SAMLFeedbackException: Couldnt create session for : Single Sign On unable to create new session: null

3

In case somebody runs into the same issue. We experienced an issue with the 1.6 version of the SAML module. After the user is redirected back to the app the user is created succesfully, but creating the sessions failed. After some debugging we found the following. The exception is raised by the code below in SessionManager.java this.activeSessions.remove(sessionIdTMP); The reason is that sessionIdTMP is null in our case this.activeSessions became a ConcurrentHashMap in version 1.6. A ConcurrentHashMap doesn't allow null keys and will throw a NullPointer when we try to remove using a null key. Before version 1.6 this.activeSessions was a normal HashMap which did allow a null key, so the remove didn't throw an exception. A funny workaround is to set the attribute UseCustomLogicForProvisioning to true. This triggers a piece of code that populates the sessionIdTMP, so it can be removed without an exception.

asked 2016-11-09

Kilian Croese

2 answers

Ronald Catersels · Answer 1 · 2016-11-09

There is a bug in the SAML module. A fix is needed in the Java code. Unfortunately I am not able to sign in to the support portal to get you the code fix (unable to sign in for some reason). But if you call them you probably could get the same fix as I got from Jaap Pulleman.

I have been working with him the last week to solve this bug.

Regards,

Ronald

[EDIT]

The funny part is that the SSO is not working right now in the support portal. Could be the same bug :)

[EDIT2]

I found the code. It is in the SessionManager.java (SAML/implementation/security) Look at line 200 the new code is this:

			UUID sessionIdTMP = samlSession.getSessionId(), sessionId = session.getId();

			// Remove the old sessionId reference from the map
			if (sessionIdTMP!=null){
			this.activeSessions.remove(sessionIdTMP);
			}
			this.activeSessions.put(sessionId, samlSession);
			_logNode.trace("Updating User session: '" + samlSession.getIUser().getName() + "', from SessionId: " + sessionIdTMP + " to " + sessionId);

Jaap Pulleman · Answer 2 · 2016-11-15

Yes, Ronald is correct that this is a known issue. We have just released version 1.6.1 to the AppStore, which should resolve it.