Uploaded image for project: 'OpenId Connect'
  1. OpenId Connect
  2. OIDC-210

Login not working when using object configuration and allowed groups

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 2.13.4
    • Configuration
    • None
    • Unknown

    Description

      When using OIDC Client Configuration in an XObject and defining some allowed groups, users will get a 500 upon login, with the following stack-trace on the server.

      2025-01-28 13:59:21,546 [http-nio-8080-exec-5 - xxxx] ERROR o.x.c.o.a.i.OIDCUserManager    - Failed to perform OIDC RP-initiated log-out. 
java.lang.NullPointerException: Cannot invoke "Object.getClass()" because "def" is null
	at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.getProperty(OIDCClientConfiguration.java:564)
	at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.getLogoutRedirectURL(OIDCClientConfiguration.java:1174)
	at org.xwiki.contrib.oidc.auth.internal.OIDCUserManager.logoutProvider(OIDCUserManager.java:924)
	at org.xwiki.contrib.oidc.auth.internal.OIDCUserManager.logout(OIDCUserManager.java:911)
	at org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl.checkAuthOIDC(OIDCAuthServiceImpl.java:123)
	at org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl.checkAuth(OIDCAuthServiceImpl.java:92)
	at org.xwiki.security.authservice.AbstractXWikiAuthServiceWrapper.checkAuth(AbstractXWikiAuthServiceWrapper.java:50)
	at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:4365)
	at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:238)
	at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:268)
	at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:4388)
	at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:5780)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:548)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:339)
	at com.xpn.xwiki.web.LegacyActionServlet.service(LegacyActionServlet.java:108)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:354)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1684)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:840)
2025-01-28 13:59:21,553 [http-nio-8080-exec-5 - xxxxx] ERROR o.x.c.o.a.OIDCAuthServiceImpl  - Failed to show OpenID Connect login 
java.lang.IllegalStateException: getAttribute: Session already invalidated
	at org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1137)
	at org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:102)
	at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.getOIDCSession(OIDCClientConfiguration.java:418)
	at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.setSessionAttribute(OIDCClientConfiguration.java:461)
	at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.setSessionState(OIDCClientConfiguration.java:840)
	at org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl.authenticate(OIDCAuthServiceImpl.java:236)
	at org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl.showLoginOIDC(OIDCAuthServiceImpl.java:166)
	at org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl.showLogin(OIDCAuthServiceImpl.java:300)
	at org.xwiki.security.authservice.AbstractXWikiAuthServiceWrapper.showLogin(AbstractXWikiAuthServiceWrapper.java:63)
	at org.xwiki.security.authorization.internal.XWikiCachingRightService.showLogin(XWikiCachingRightService.java:219)
	at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:285)
	at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:4388)
	at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:5780)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:548)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:339)
	at com.xpn.xwiki.web.LegacyActionServlet.service(LegacyActionServlet.java:108)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:354)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1684)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:840)

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. OIDC-211 Potential NullPointerException when logout without a xredirect

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              caubin Clément Aubin
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated: