getInboundMessageTransport always returns a null value

Brent Putman putmanb at
Tue May 26 18:06:00 EDT 2015

On 5/26/15 11:49 AM, Mark McCoy wrote:
> We are trying to add a check on the user’s IP address to determine
> whether or not the user is coming from on or off campus.
> In a scripted attribute, I’ve tried to use the following calls to get
> the user’s IP address.

For the record, on what type of SAML request flow do you see it not
working correctly:  SAML 1 vs 2?  Front-channel vs back-channel
attribute query?  Everything?

> Every call results in the getInboundMessageTransport() returning a
> null value, which obviously causes the getPeerAddress() call to fail.
> Other calls to methods contained within the requestContext succeed
> (example, the getEntityId() call works fine).

Well, I tested the basic SAML 2 front-channel authN request flow case,
and it worked ok for me.  I just did some logging of various bits:


logger = LoggerFactory.getLogger("BRENT.script-test");

logger.debug("Inbound message issuer: {}",
logger.debug("Peer entityID: {}", requestContext.getPeerEntityId());
logger.debug("Inbound message transport: {}",
logger.debug("Inbound transport peer address: {}",

The inbound transport was as expected an instance of the servlet request
adapter, and the peerAddress was available:

17:51:54.208 - DEBUG [BRENT.script-test:-2] - Inbound message issuer:
17:51:54.211 - DEBUG [BRENT.script-test:-2] - Peer entityID:
17:51:54.212 - DEBUG [BRENT.script-test:-2] - Inbound message transport: at 4eae78e5
17:51:54.212 - DEBUG [BRENT.script-test:-2] - Inbound transport peer

>     try {
>        var ipAddress =
>     requestContext.getInboundMessageTransport().getPeerAddress();
>     } catch (err) {
>        var ipAddress = 'unavailable'
>        logger.warn(pre + err);
>     }
>     logger.debug(pre + "ipAddress = " + ipAddress);

Off-hand I don't spot any typos etc there, but I'd double-check what you
actually have in the script.

> Any suggestions?

Nothing other than just checking for typos, making sure you've restarted
after making all changes, etc.   I don't think that the
inboundMessageTransport property on the context can ever be null. 
That's fundamentally how the HttpServletRequest is accessed and
processed.  So I think you have something else amiss here.  Maybe try
copy/pasting my above logging code directly, and see what results you get.

I suppose it could be some sort of weird scripting bug we haven't
encountered yet. Actually, I note you said you're using OpenJDK  We have had reports of various weird bugs that went away when
OpenJDK was switched out for Oracle JDK ,etc.  So I guess you might try


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list