Device Fingerprint Rule Breaks after Migration to 5 (SBA)

Wondering if anyone has seen this problem.  I just did a migration of a NAM 4.5.4 SBA cluster to 5.0.1.2.  It actually worked pretty well, no really issues during the process. However, at this site I'm using RBA policies to make a 2FA decision and one of the rules is a Device Fingerprint rule.  After the upgrade users couldn't login, they were getting this error on the IdP login page:

"Error Communicating with the Identity Server"

So I started investigating and I found this in the IdP logs:

2022 Jun 10 13:15:31 EDT DEBUG RiskService_core <tenantID> NAM_DEFAULT_TENANT <Method> RiskConfigurationEndpoint.getPolicyMetadata <Thread> http-nio-127.0.0.1-8088-exec-1 : Incoming request | Remote IP - 127.0.0.1

2022 Jun 10 13:15:31 EDT DEBUG RiskService_core <tenantID> NAM_DEFAULT_TENANT <Method> RiskConfigurationEndpoint.getPolicyMetadata <Thread> http-nio-127.0.0.1-8088-exec-1 : java.lang.NullPointerException

That's where the login fails.

I started testing creating new RBA class, method, contract, rules, etc. until I finally figured out what was causing it. It is the Device Fingerprint rule.  If I pulled it out of the policy, everything works fine.  I tried removing it and re-creating it, no difference.  It's pretty basic, just using the browser cookie, no external database.  I did also upgrade to 5.0.2.0 and 5.0.2.1, but that didn't fix it. I also have an SBA in my test lab, so I tried adding a device fingerprint rule in an RBA policy and it worked fine.  So it has to be related to the upgrade/migration.  Has anyone seen this? Any ideas on how to fix it?  Thanks.

Matt

  • I found a defect that was fixed in 5.0.2 that appears similar, although may not be the same issue. I didn't find the exception, only the lines below matched yours and the fact they migrated from 4.5.4.  If it is the same issue than the upgrade path would probably matter as it wasn't fixed until 5.0.2.  Anyway if you haven't already I would suggest to open a case so we can open a defect.  

    2021 Nov 05 07:42:41 CET DEBUG RiskService_core <Method> AuditLogger.configureWebappModeLogger <Thread> http-nio-127.0.0.1-8088-exec-1 : Logging initialized for this component.

    2021 Nov 05 07:43:17 CET DEBUG RiskService_core <tenantID> NAM_DEFAULT_TENANT <Method> RiskConfigurationEndpoint.getPolicyMetadata <Thread> http-nio-127.0.0.1-8088-exec-1 : Incoming request | Remote IP - 127.0.0.1

  • I did open a case back on June 10th and supplied all the logs on June 29th and June 30th (took some time to get access back into the environment) and haven't heard a peep from support since.  I asked for an update several days ago, and nothing.  Any ideas on how to get action on this?  Or how to fix it?  Case number is 02321562.  

  • Okay I looked at the case and opened a defect.   I did a search for exception and found 2 entries. Those are the only 2 exceptions in the log and the times are not close so I am not sure what it means right now. It looks like you just took an excerpt of the log while reproducing the issue so I'm wondering why the times are so different.

    <amLogEntry> 2022-06-10T17:42:10Z DEBUG NIDS Application:
    Method: NIDPServletContext.goJSP
    Thread: ajp-nio-127.0.0.1-9019-exec-7
    Unable to forward to JSP: DeviceRecon
    Exception message: "Cannot forward after response has been committed"
    ApplicationDispatcher.java, Line: 324, Method: doForward
    ApplicationDispatcher.java, Line: 313, Method: forward
    y, Line: 62, Method: goJSP
    y, Line: 3565, Method: showPage
    y, Line: 2073, Method: fingerprintDevice
    y, Line: 258, Method: initiateDeviceFingerprint
    y, Line: 2864, Method: handleSessionAssurance
    y, Line: 2478, Method: sessionAssuranceInitiationCheck
    y, Line: 2008, Method: handleRequest
    y, Line: 1051, Method: myDoGet
    y, Line: 2809, Method: doGet
    y, Line: 2674, Method: doPost
    HttpServlet.java, Line: 681, Method: service
    HttpServlet.java, Line: 764, Method: service
    ApplicationFilterChain.java, Line: 227, Method: internalDoFilter
    ApplicationFilterChain.java, Line: 162, Method: doFilter
    WsFilter.java, Line: 53, Method: doFilter
    ApplicationFilterChain.java, Line: 189, Method: internalDoFilter
    ApplicationFilterChain.java, Line: 162, Method: doFilter
    FilterChainInvocation.java, Line: 66, Method: doFilter
    FilterDefinition.java, Line: 168, Method: doFilter
    FilterChainInvocation.java, Line: 58, Method: doFilter
    ManagedFilterPipeline.java, Line: 118, Method: dispatch
    GuiceFilter.java, Line: 113, Method: doFilter
    ApplicationFilterChain.java, Line: 189, Method: internalDoFilter
    ApplicationFilterChain.java, Line: 162, Method: doFilter
    y, Line: 1013, Method: doFilter
    ApplicationFilterChain.java, Line: 189, Method: internalDoFilter
    ApplicationFilterChain.java, Line: 162, Method: doFilter
    HttpHeaderSecurityFilter.java, Line: 126, Method: doFilter
    ApplicationFilterChain.java, Line: 189, Method: internalDoFilter
    ApplicationFilterChain.java, Line: 162, Method: doFilter
    y, Line: 3229, Method: doFilter
    ApplicationFilterChain.java, Line: 189, Method: internalDoFilter
    ApplicationFilterChain.java, Line: 162, Method: doFilter
    y, Line: 2973, Method: doFilter
    ApplicationFilterChain.java, Line: 189, Method: internalDoFilter
    ApplicationFilterChain.java, Line: 162, Method: doFilter
    SetCharacterEncodingFilter.java, Line: 109, Method: doFilter
    ApplicationFilterChain.java, Line: 189, Method: internalDoFilter
    ApplicationFilterChain.java, Line: 162, Method: doFilter
    StandardWrapperValve.java, Line: 197, Method: invoke
    StandardContextValve.java, Line: 97, Method: invoke
    AuthenticatorBase.java, Line: 540, Method: invoke
    StandardHostValve.java, Line: 135, Method: invoke
    ErrorReportValve.java, Line: 92, Method: invoke
    StandardEngineValve.java, Line: 78, Method: invoke
    CoyoteAdapter.java, Line: 357, Method: service
    NAMAjpProcessor.java, Line: 418, Method: service
    AbstractProcessorLight.java, Line: 65, Method: process
    AbstractProtocol.java, Line: 895, Method: process
    NioEndpoint.java, Line: 1722, Method: doRun
    SocketProcessorBase.java, Line: 49, Method: run
    ThreadPoolExecutor.java, Line: 1191, Method: runWorker
    ThreadPoolExecutor.java, Line: 659, Method: run
    TaskThread.java, Line: 61, Method: run
    Thread.java, Line: 748, Method: run



    2022 Jun 10 13:42:24 EDT DEBUG RiskService_core <correlation Id> ec937ba190307e3b54a94b04f5f576cb212284b7cd7d1230fa1e4101a5be280f#1654881986508 <tenantID> NAM_DEFAULT_TENANT <Method> RiskConfigurationEndpoint.getPolicyMetadata <Thread> http-nio-127.0.0.1-8088-exec-3 : java.lang.NullPointerException