SAML null pointer exception in docker

Thu, 17 Nov 2022 07:38:38 -0800 

I'm trying to setup Guacamole with SAML for SSO.  But the extension (1.4.0)
gives an unhandled error and prevents guacamole from functioning.

I have tried with various combinations of the SAML variables.
- Providing only the metadata and callback url,
- Providing all values listed in the docs
- Saml strict on/off

Nothing has worked so far.

Here's my setup

```
version: '3.3'
services:
  guacamole:
    container_name: guacamole
    image: guacamole/guacamole:1.4.0
    restart: unless-stopped
    environment:
      GUACD_HOSTNAME: 'guacd'
      POSTGRES_DATABASE: guacamole
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: 'guacamole'
      POSTGRES_USER: guacamole
      GUACAMOLE_HOME: /data
      GUACD_PORT: '4822'
      EXTENSION_PRIORITY: 'saml'
      SAML_IDP_METADATA_URL: '
https://keycloak.example.com/auth/realms/master/protocol/saml/descriptor'
      SAML_IDP_URL: 'https://keycloak.example.com/auth/realms/master'
      SAML_ENTITY_ID: 'https://keycloak.example.com/auth/realms/master'
      SAML_CALLBACK_URL: 'https://guacamole.example.com/guacamole/'
      SAML_STRICT: 'false'
      SAML_DEBUG: 'true'
      LOGBACK_LEVEL: 'debug'
    ports:
      - '8888:80'
      - '3333:8080'
    depends_on:
      - postgres
      - guacd
    volumes:
      - ./extensions:/data/extensions
  guacd:
    container_name: guacd
    image: guacamole/guacd
    restart: unless-stopped
    ports:
      - '4822:4822'
  postgres:
    container_name: postgres
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole
      POSTGRES_PASSWORD: 'guacamole'
      POSTGRES_USER: guacamole
    ports:
      - '5432:5432'
    image: postgres:13.4-buster
    restart: unless-stopped
    volumes:
      - ./initdb.sql:/docker-entrypoint-initdb.d/initdb.sql
      - pgdata:/var/lib/postgresql/data
volumes:
  pgdata:
```


The error printed in the container logs

```
17-Nov-2022 14:46:24.263 INFO [main]
org.apache.catalina.startup.Catalina.start Server startup in 2676 ms
14:46:29.521 [http-nio-8080-exec-6] WARN
 o.a.g.e.AuthenticationProviderFacade - The "saml" authentication provider
has encountered an internal error which will halt the authentication
process. If this is unexpected or you are the developer of this
authentication provider, you may wish to enable debug-level logging. If
this is expected and you wish to ignore such failures in the future, please
set "skip-if-unavailable: saml" within your guacamole.properties.
14:46:29.522 [http-nio-8080-exec-6] ERROR o.a.g.rest.RESTExceptionMapper -
An internal error occurred, but did not contain an error message. Enable
debug-level logging for details.
14:46:29.523 [http-nio-8080-exec-6] DEBUG o.a.g.rest.RESTExceptionMapper -
Unexpected error in REST endpoint.
java.lang.NullPointerException: null
        at
org.apache.guacamole.auth.saml.conf.ConfigurationService.getSamlSettings(ConfigurationService.java:327)
        at
org.apache.guacamole.auth.saml.AuthenticationProviderService.authenticateUser(AuthenticationProviderService.java:111)
        at
org.apache.guacamole.auth.saml.SAMLAuthenticationProvider.authenticateUser(SAMLAuthenticationProvider.java:77)
        at
org.apache.guacamole.extension.AuthenticationProviderFacade.authenticateUser(AuthenticationProviderFacade.java:190)
        at
org.apache.guacamole.rest.auth.AuthenticationService.authenticateUser(AuthenticationService.java:174)
        at
org.apache.guacamole.rest.auth.AuthenticationService.getAuthenticatedUser(AuthenticationService.java:300)
        at
org.apache.guacamole.rest.auth.AuthenticationService.authenticate(AuthenticationService.java:453)
        at
org.apache.guacamole.rest.auth.TokenRESTService.createToken(TokenRESTService.java:174)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at
com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
        at
com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
        at
com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
        at
com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
        at
com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
        at
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
        at
com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
        at
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1511)
        at
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1442)
        at
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391)
        at
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381)
        at
com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
        at
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
        at
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
        at
com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263)
        at
com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178)
        at
com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
        at
com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62)
        at
com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)
        at
com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
        at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
        at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
        at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
```

Reply via email to