Sunday, January 15, 2017

Adaptive Authentication Plugin fails with java.lang.NullPointerException

Out of the box Adaptive Authentication Plugin in OAM fails with java.lang.NullPointerException during the execution. As a result, multi factor authentication fails due to failure of Plugin initialization.

Environment:
  • OAM 11.1.2.3 BP07 (11.1.2.3.160719)
  • RHEL6/OEL 6
Error:

OAM Logs complaining  java.lang.NullPointerException during the initialization of Adaptive authentication Plugin.  Below is the full stack trace of exception reported in OAM Logs.

<Jan 15, 2017 12:40:59 AM EDT> <Error> <oracle.oam.plugin> <BEA-000000> <oracle.security.am.sfa.plugin.AbstractOAMSFAPluginprocess
java.lang.NullPointerException
        at java.lang.String.<init>(String.java:168)
        at oracle.security.am.sfa.messenger.UMSMessengerBase.getMessagingClient(UMSMessengerBase.java:227)
        at oracle.security.am.sfa.messenger.UMSMessengerBase.sendMessage(UMSMessengerBase.java:287)
        at oracle.security.am.sfa.messenger.UMSMessengerBase.send(UMSMessengerBase.java:259)
        at oracle.security.am.sfa.processor.SFAEmailProcessor.send(SFAEmailProcessor.java:194)
        at oracle.security.am.sfa.plugin.AbstractOAMSFAPlugin.process(AbstractOAMSFAPlugin.java:287)
        at oracle.security.am.engine.authn.internal.executor.PlugInExecutor.execute(PlugInExecutor.java:204)
        at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:113)
        at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:269)
        at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:986)
        at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:341)
        at oracle.security.am.controller.MasterController.processEvent(MasterController.java:596)
        at oracle.security.am.controller.MasterController.processRequest(MasterController.java:788)
        at oracle.security.am.controller.MasterController.process(MasterController.java:708)
        at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)
        at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)
        at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
        at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:222)
        at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:178)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
        at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
......................


Cause:

This is due to failure during initialization of Plugin. If you observe the log message carefully, it actually failed during the message client initialization because of missing umsKey configuration which is used for establishing connection with SOA UMS server. This message client is required for sending the One Time Pin through email/sms.

Solution: 

Add the umsKey credentials in OAM credential store using the below WLST command.  Follow the below steps to add umsKey to credential store.
  • On OAM server, change directory to <Oralce_IDM>/common/bin 
  • Execute ./wlst.sh as shown in below screenshot
  • Run the following command to add umsKey to OAM crednetial store as shown in screenshot. Provide the 'weblogic' password of SOA domain according to your environment
    • createCred(map="OAM_CONFIG", key="umsKey", user="weblogic", password="password")


  • Once the above command is executed, you should see the umsKey credentials added in OAM Credential store through EM console of OAM domain.
That't it guys. Now this should be able to establish connection with SOA UMS server successfully and initialize the plugin withtout any issues.

For more information about configurations and issues related to AdaptiveAuthenticationPlugin in OAM, you can also refer to following links.
Thank you for visiting.