getInboundMessageTransport always returns a null value

Mark McCoy Mark.McCoy at utsa.edu
Wed May 27 13:00:18 EDT 2015 

I’ll try switching to Oracle’s JDK instead of OpenJDK and let everyone know if I see a difference.

Thanks,
Mark


From: users on behalf of Brent Putman
Reply-To: Shib Users
Date: Tuesday, May 26, 2015 at 5:06 PM
To: "users at shibboleth.net<mailto:users at shibboleth.net>"
Subject: Re: getInboundMessageTransport always returns a null value



On 5/26/15 11:49 AM, Mark McCoy wrote:
We are trying to add a check on the user’s IP address to determine whether or not the user is coming from on or off campus.


In a scripted attribute, I’ve tried to use the following calls to get the user’s IP address.


For the record, on what type of SAML request flow do you see it not working correctly:  SAML 1 vs 2?  Front-channel vs back-channel attribute query?  Everything?


Every call results in the getInboundMessageTransport() returning a null value, which obviously causes the getPeerAddress() call to fail. Other calls to methods contained within the requestContext succeed (example, the getEntityId() call works fine).

Well, I tested the basic SAML 2 front-channel authN request flow case, and it worked ok for me.  I just did some logging of various bits:

importPackage(Packages.org.slf4j);

logger = LoggerFactory.getLogger("BRENT.script-test");

logger.debug("Inbound message issuer: {}", requestContext.getInboundMessageIssuer());
logger.debug("Peer entityID: {}", requestContext.getPeerEntityId());
logger.debug("Inbound message transport: {}", requestContext.getInboundMessageTransport());
logger.debug("Inbound transport peer address: {}", requestContext.getInboundMessageTransport().getPeerAddress());



The inbound transport was as expected an instance of the servlet request adapter, and the peerAddress was available:

17:51:54.208 - DEBUG [BRENT.script-test:-2] - Inbound message issuer: https://www.test.middleware.georgetown.edu/shibboleth
17:51:54.211 - DEBUG [BRENT.script-test:-2] - Peer entityID: https://www.test.middleware.georgetown.edu/shibboleth
17:51:54.212 - DEBUG [BRENT.script-test:-2] - Inbound message transport: org.opensaml.ws.transport.http.HttpServletRequestAdapter at 4eae78e5
17:51:54.212 - DEBUG [BRENT.script-test:-2] - Inbound transport peer address: 10.212.128.228




try {
   var ipAddress = requestContext.getInboundMessageTransport().getPeerAddress();
} catch (err) {
   var ipAddress = 'unavailable'
   logger.warn(pre + err);
}
logger.debug(pre + "ipAddress = " + ipAddress);


Off-hand I don't spot any typos etc there, but I'd double-check what you actually have in the script.





Any suggestions?



Nothing other than just checking for typos, making sure you've restarted after making all changes, etc.   I don't think that the inboundMessageTransport property on the context can ever be null.  That's fundamentally how the HttpServletRequest is accessed and processed.  So I think you have something else amiss here.  Maybe try copy/pasting my above logging code directly, and see what results you get.

I suppose it could be some sort of weird scripting bug we haven't encountered yet. Actually, I note you said you're using OpenJDK 1.7.0.75.  We have had reports of various weird bugs that went away when OpenJDK was switched out for Oracle JDK ,etc.  So I guess you might try that.

--Brent


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150527/419767e3/attachment.html>

More information about the users mailing list