Rank: #41
Hi Tiago,
That's an issue on the component side due the namespaces of your saml message. We need to search for the Issuer regardless if it's "inside" a namespace or not.
To fix it set the XPathString input to : "*[local-name() = 'Issuer']"
Regards.
Rank: #41
Hi Tiago,
On the first error that's the whole stack error? The remaining stack is needed to check if it was while checking the logout request or logout response.
The error itself it's due it cannot retrieve the Issuer from the message. In the saml message logs the messages are all without error?
Also the Logout is initiated by the IdP connector or IdP server?
Regards
Hello Telmo,
It is the complete stack error that Service Center logs show me; there is another placte to get a full version?
In the saml message logs there is no error; I can see a logout request and logout response, both valid.
The logout is initiated by SP, in this case, the IdP connector.
Best regards
Rank: #41
Hi Tiago,
Ok, in that case only through debug on that action it will be possible to understand what's causing that, and on which screen flow are we.
Regards
Hi Telmo,
I got back to this error, make a debug and could identify the follow:
The exception occurs in RetrieveMessageIDsFromSamlMessage action when it calls XmlElement_SelectSingleNode method with "Issuer" value for XPathString parameter; the output is used as input parameter in the next action XmlElement_GetInnerText, but it is not available and the exception occurs.
In saml logout responses I can find Issuer node, and its value match with IdP Server Issuer/Entity ID configuration:
<samlp:LogoutResponse
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="se323f8ecdf939fd27e6a68f9128cfed309615737"
Version="2.0"
IssueInstant="2019-04-03T20:23:34Z"
Destination="//appdev.unimedbh.com.br/IdP/SLO.aspx"
InResponseTo="id_9ac3a16a26e5429b842d948d30be6d27">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">UnimedBHIdP</saml:Issuer>
<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status>
</samlp:LogoutResponse>
Configuration hint says that this value should be a URL, but our IdP server already exists, so we have to use this way. This could be cause XmlElement_SelectSingleNode not identify the node in xml? Can you see another problem in the response that could generate this problem?
This flow's part is executed because RetrieveMessageIDsFromSamlMessage is called with input parameter GetIssuer as True;
Can you see any side effects in changing its value to default (False)? I see that in Login flow it is called this way...
Thanks in advance.
Tiago
Rank: #41
Hi Tiago,
That's an issue on the component side due the namespaces of your saml message. We need to search for the Issuer regardless if it's "inside" a namespace or not.
To fix it set the XPathString input to : "*[local-name() = 'Issuer']"
Regards.
Hi Telmo,
I modified XPathString's values and it works. Thank you.
Note: We are using IdP Connector with Forge Rock OpenAM as IdP server; if you want to include it in component description.
Regards,
Tiago
An Object is an instance of a Class , it is stored some where in memory. A reference is what is used to describe the pointer to the memory location where the Object resides. The message "object reference not set to an instance of an object" means that you are referring to an object the does not exist or was deleted or cleaned up. It's usually better to avoid a NullReferenceException than to handle it after it occurs. To prevent the error, objects that could be null should be tested for null before being used.
if (mClass != null)
{
// Go ahead and use mClass
mClass.property = ...
}
else
{
// Attempting to use mClass here will result in NullReferenceException
}