Custom Plugin Configured to Use ExecutionStatus.PAUSE Results in java.lang.NullPointerException on Authentication after OAM BP03 Patch Is Applied. (Doc ID 1965002.1)

Last updated on SEPTEMBER 28, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.1.3 and later
Information in this document applies to any platform.

Symptoms

Applying Oracle Access Manager (OAM) 11.1.2.1 BP03 patch causes user login failures when using custom authentication plugin that is configured to use ExecutionStatus.PAUSE state to gather additional credentials for certain users.

User login works as expected if BP03 patch is uninstalled.

ERROR
-----------------------
oam_server1.log and oam_server1-diagnostic.log shows exceptions as below:


STEPS
-----------------------
The issue can be reproduced at will with the following steps:

Configure Custom Authentication Module in oamconsole:

(1) Authentication Steps:


(2) Step Configuration:


UserAuthenticationPlugin:


TestAuthenticationPlugin:


3) Steps Orchestration:

[Name - On Success – On Failure – On Error]


Description of TestAuthenticationPlugin:
After identification and authentication, the user enters the TestAuthenticationPlugin.

PluginExecution Steps:

1) Gathers Username through context from previous plugin if it exists

2) Gathers Password through context from previous plugin if it exists

3) Prints “Username is:” and “Password is:” along with collected values from (1) and (2)

4) Obtains subject through context from previous plugin

5a) If subject exists print out the identity store handle

5b) Otherwise, print the stored and current information about the user from the context available to the TestAuthenticationPlugin.

6) If the boolean value is true, enters ExecutionStatus.PAUSE and sends the user to the redirect URL configured in the “Forgot_Password_URL” configuration parameter for the plugin.

7) If subject ==null, grab any information available from the context and store into the map. Print the identity store handle.


BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, customer is not able to apply the latest bundle patches.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms