•  11-10-2022
  •  | 
  •  

Question

I'm currently testing the WSO2 Identity Server and I'm running on an issue.

I currently run two SSO (SAML2) enabled apps on my local tomcat on localhost and name app1 and app2.

The behavior of the applications is to redirect to login panel when the user is trying to access the applications.

Since it is SSO enabled, it redirects to WSO2IS login panel.

If both application are not logged in and redirected to the SSO login page of WSO2IS. The first one to login works great.

However, the second one to login (the other app already logged in but I'm still on the SSO login page of WSO2IS for the second app) crash in WSO2IS.

Anyone has any idea?

Thanks

Here is the stack:

url: https://wso2identity:9443/commonauth

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error that prevented it from fulfilling this request.

exception

java.lang.NullPointerException org.wso2.carbon.identity.application.authentication.framework.CommonApplicationAuthenticationServlet.sendResponseToCaller(CommonApplicationAuthenticationServlet.java:223) org.wso2.carbon.identity.application.authentication.framework.CommonApplicationAuthenticationServlet.doPost(CommonApplicationAuthenticationServlet.java:186) javax.servlet.http.HttpServlet.service(HttpServlet.java:755) javax.servlet.http.HttpServlet.service(HttpServlet.java:848) org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60) javax.servlet.http.HttpServlet.service(HttpServlet.java:848) org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)

Note: The full stack trace of the root cause is available in the Apache Tomcat/7.0.34 logs.

Was it helpful?

Solution

Usual SSO flow is, you login to one application. Then if you try to login to another application it, login page should be bypassed and you should able to login without providing your credentials again.

I believe your problem is similar to the scenario reported in here.

But at it seems what you do is,

  1. Goto your first app, click on login then it will redirect to WSO2 Identity Server's SSO login page.
  2. Instead of you enter your credential and login to the first app, if you go to second app and click on login then the second app also redirect you to login page of WSO2 Identity Server's SSO page. Now you have two tabs in your browser which have same login page.
  3. Now you enter credential on one login page, then it login without a issue.
  4. Then you enter same credential on the other login page, then it throws the above exception.

I would say its a poor way of doing SSO. And yet, yes it is a bug and it should fixed on a upcoming release.

HTH,

DarRay

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top