Null Error using SAML 2.0 SSO with HTTS

Hello,
I am building a SAML 2.0 SSO application using the java spring libraries based off of the spring sample from the OKTA web site. While developing this on my local eclipse system with Tomcat on localhost:8080 it worked fine with this basic code getting the session information:

	    SAMLCredential credential = null;
	    SecurityContext sc = SecurityContextHolder.getContext();
	    Authentication authentication = sc.getAuthentication();
	    credential = (SAMLCredential) authentication.getCredentials();
	    List<Attribute> attributes = credential.getAttributes();
	    pageContext.setAttribute("credential", credential);
	    pageContext.setAttribute("attributes", attributes);
	    String userName = credential.getNameID().getValue();

The SSO URL resembled:
http://localhost:8080/BOESSO/saml/SSO

The Audience restriction URL resembled:
http://localhost:8080/BOESSO/saml/metadata

I promoted my code to my development web server which runs under HTTPS forced via web.xml confidential transport, and it has a trusted CA certificate not a local certificate so no warnings on untrusted certs when accessing sites.

After promotion, and updating the URLs on my oktapreview app, I was greeted with:

java.lang.NullPointerException: while trying to invoke the method org.springframework.security.core.Authentication.getCredentials() of a null object loaded from local variable ‘authentication’
at org.apache.jsp.index_jsp._jspService(index_jsp.java:155)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

It seems like the SecurityContext authentication is coming back null.

Has anyone run into this type of behavior before?

Thanks,
Nathan

Did you try changing your SAML app on Okta to use your development server’s URLs for the SSO URL and Audience Restriction URL?

Hello,
My okta Dev account to localhost tomcat http works.We then tried or Corp okta to dev https and got the null error.

My next step was my okta dev account to tomcat Dev server on https and it also fails with same null value.

The final step I was in process of doing before I had to shutdown for the day was to install https on localhost tomcat and try dev okta against localhost on https. If it fails hopefully I can debug there.

Thank you,
Nathan

Sorry for the late reply,
4th of July holiday kept me busy,

I was able to replicate the error on my local installation using https.

Setting up tomcat on 8443 using a cert and telling okta to use:
https://localhost:8443/BOESSO/saml/SSO and https://localhost:8443/BOESSO/saml/metadata for the URls, and also braking out some of the code into a try/catch block:

boolean authvalid = true;
SAMLCredential credential = null;
try {
SecurityContext sc = SecurityContextHolder.getContext();
Authentication authentication = sc.getAuthentication();
credential = (SAMLCredential) authentication.getCredentials();
List attributes = credential.getAttributes();
pageContext.setAttribute(“credential”, credential);
pageContext.setAttribute(“attributes”, attributes);
}
catch (Exception e) {
authvalid = false;
out.println(new java.util.Date() + “: error occured establishing credentials:
” + e.getMessage());
}

if (authvalid) {
String userName = credential.getNameID().getValue();
}

I get an error even when it tries to establish the SecurityContext:
SecurityContext sc = SecurityContextHolder.getContext();

org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication

So it returns null authentication instead of passing the Email.
I have specified Name ID Format Unspecified, Application Username: Okta Username.

Should I look into using something else besides SecurityContext for https?

Thanks,
Nathan