Custom Plugin Configured to Use ExecutionStatus.PAUSE Results in java.lang.NullPointerException on Authentication after OAM BP03 Patch Is Applied. (Doc ID 1965002.1)

Last updated on SEPTEMBER 13, 2023

Applies to:

Oracle Access Manager - Version 11.1.2.1.3 and later
Information in this document applies to any platform.

Symptoms

Applying Oracle Access Manager (OAM) 11.1.2.1 BP03 patch causes user login failures when using custom authentication plugin that is configured to use ExecutionStatus.PAUSE state to gather additional credentials for certain users.

User login works as expected if BP03 patch is uninstalled.

ERROR
-----------------------
oam_server1.log and oam_server1-diagnostic.log shows exceptions as below:

STEPS
-----------------------
The issue can be reproduced at will with the following steps:

Configure Custom Authentication Module in oamconsole:

(1) Authentication Steps:

- UserIdentificationPlugin
- UserAuthenticationPlugin
- TestAuthenticationPlugin (custom authentication plugin).

(2) Step Configuration:

- UserIdentificationPlugin:
- KEY_LDAP_FILTER:
- KEY_IDENTITY_STORE_REF: Identity store used by Plugin
- KEY_SEARCH_BASE_URL:

UserAuthenticationPlugin:

- KEY_IDENTITY_STORE_REF: Identity store used by Plugin
- KEY_PROP_AUTHN_EXCEPTION:
- KEY_PROP_AUTHN_LEVEL:

TestAuthenticationPlugin:

- Forgot_Password_URL: URL of redirect during Pause (see note below)

3) Steps Orchestration:

- Initial Step: UserIdentificationPlugin

[Name - On Success – On Failure – On Error]

- UserIdentificationPlugin – UserAuthenticationPlugin – failure – failure
- UserAuthenticationPlugin – TestAuthenticationPlugin – failure – failure
- TestAuthenticationPlugin – Success – failure – failure

Description of TestAuthenticationPlugin:
After identification and authentication, the user enters the TestAuthenticationPlugin.

PluginExecution Steps:

1) Gathers Username through context from previous plugin if it exists

2) Gathers Password through context from previous plugin if it exists

3) Prints “Username is:” and “Password is:” along with collected values from (1) and (2)

4) Obtains subject through context from previous plugin

5a) If subject exists print out the identity store handle

5b) Otherwise, print the stored and current information about the user from the context available to the TestAuthenticationPlugin.

6) If the boolean value is true, enters ExecutionStatus.PAUSE and sends the user to the redirect URL configured in the “Forgot_Password_URL” configuration parameter for the plugin.

7) If subject ==null, grab any information available from the context and store into the map. Print the identity store handle.

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, customer is not able to apply the latest bundle patches.

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Custom Plugin Configured to Use ExecutionStatus.PAUSE Results in java.lang.NullPointerException on Authentication after OAM BP03 Patch Is Applied. (Doc ID 1965002.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!