Loading...

Details

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 2.19.6
Component/s: Authenticator
Labels:
None
Environment:
XWiki 17.10.2

Difficulty:
Unknown
Similar issues:

Description

OIDC backchannel logout does not work.

[http-nio-8080-exec-3 - http://<xwiki>/oidc/authenticator/backchannel_logout] DEBUG i.OIDCResourceReferenceHandler - ServletRequest: org.xwiki.container.servlet.ServletRequest@58e35b7e
[http-nio-8080-exec-3 - http://<xwiki>/oidc/authenticator/backchannel_logout] DEBUG i.OIDCResourceReferenceHandler - ServletRequest: org.xwiki.container.servlet.ServletSession@2405f9c7
[http-nio-8080-exec-3 - http://<xwiki>/oidc/authenticator/backchannel_logout] DEBUG i.OIDCResourceReferenceHandler - XWikiContext->request: com.xpn.xwiki.web.XWikiServletRequest@6c19ceb2
[http-nio-8080-exec-3 - http://<xwiki>/oidc/authenticator/backchannel_logout] DEBUG i.OIDCResourceReferenceHandler - XWikiContext->request->session: org.xwiki.jakartabridge.servlet.internal.JavaxToJakartaHttpSession@2d3c0a1d 
[http-nio-8080-exec-3 - http://<xwiki>/oidc/authenticator/backchannel_logout] DEBUG i.OIDCResourceReferenceHandler - OIDC: Reference: [path = authenticator/backchannel_logout, endpoint = authenticator, pathSegments = [backchannel_logout]]
[http-nio-8080-exec-3 - http://<xwiki>/oidc/authenticator/backchannel_logout] DEBUG .BackChannelLogoutOIDCEndpoint - OIDC backchannel_logout: starting with request [http://<xwiki>/oidc/authenticator/backchannel_logout]
[http-nio-8080-exec-3 - http://<xwiki>/oidc/authenticator/backchannel_logout] DEBUG .o.a.i.OIDCClientConfiguration - Getting property [oidc.provider] 
[http-nio-8080-exec-3 - http://<xwiki>/oidc/authenticator/backchannel_logout] DEBUG i.OIDCResourceReferenceHandler - Failed to handle the OIDC endpoint
java.lang.NullPointerException: Cannot invoke "javax.servlet.http.HttpSession.getId()" because "httpSession" is null
    at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.getOIDCSession(OIDCClientConfiguration.java:459)
    at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.getSessionAttribute(OIDCClientConfiguration.java:476)
    at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.getProperty(OIDCClientConfiguration.java:559)
    at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.getProvider(OIDCClientConfiguration.java:654)
    at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.getIssuer(OIDCClientConfiguration.java:669)
    at org.xwiki.contrib.oidc.auth.internal.OIDCClientConfiguration.getClientProvider(OIDCClientConfiguration.java:781)
    at org.xwiki.contrib.oidc.auth.internal.endpoint.BackChannelLogoutOIDCEndpoint.handle(BackChannelLogoutOIDCEndpoint.java:95)
    at org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:164)
    at org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:136)
    at org.xwiki.resource.internal.DefaultResourceReferenceHandlerChain.handleNext(DefaultResourceReferenceHandlerChain.java:79)
    at org.xwiki.resource.internal.AbstractResourceReferenceHandlerManager.handle(AbstractResourceReferenceHandlerManager.java:82)
    at org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.handleResourceReference(ResourceReferenceHandlerServlet.java:160)
    at org.xwiki.resource.servlet.ResourceReferenceHandlerServlet.service(ResourceReferenceHandlerServlet.java:90)
    at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
    at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:66)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:610)
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:392)
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:321)
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:266)
    at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:148)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
    at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:212)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
    at org.xwiki.container.servlet.filters.internal.SafeRedirectFilter.doFilter(SafeRedirectFilter.java:106)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
    at org.xwiki.container.servlet.filters.internal.ResolveRelativeRedirectFilter.doFilter(ResolveRelativeRedirectFilter.java:129)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
    at org.xwiki.container.servlet.filters.internal.SourceURLResolverFilter.doFilter(SourceURLResolverFilter.java:177)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
    at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:120)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:138)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:165)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:88)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:113)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:83)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:654)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:72)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:903)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1774)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:973)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:491)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
    at java.base/java.lang.Thread.run(Unknown Source)

Attachments

Issue Links

duplicates

XWIKI-23990 The ServletSession sometimes contains a null HttpSession

In Progress

Failing OIDC backchannel logout in XWiki 17+ in some setups

Details

Description

Attachments

Issue Links

Activity

People

Dates