Handle NPE in SLO request flow

wso2-extensions · Jan 3, 2024 · ea69e72 · ea69e72
1 parent d2dc915
commit ea69e72
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/...entity/application/authenticator/samlsso/logout/processor/SAMLLogoutRequestProcessor.java b/...entity/application/authenticator/samlsso/logout/processor/SAMLLogoutRequestProcessor.java
@@ -124,7 +124,7 @@ public FrameworkLogoutResponse.FrameworkLogoutResponseBuilder process(IdentityRe
                 populateContextWithSessionDetails(samlMessageContext, logoutRequest);
             }
 
-            if (!Boolean.parseBoolean(samlMessageContext.getFedIdPConfigs().get(IdentityApplicationConstants.
+            if (!Boolean.parseBoolean((String) samlMessageContext.getFedIdPConfigs().get(IdentityApplicationConstants.
                     Authenticator.SAML2SSO.IS_SLO_REQUEST_ACCEPTED))) {
                 throw new SAMLLogoutException("Single logout requests from the federated IdP: "
                         + samlMessageContext.getFederatedIdP().getIdentityProviderName() + " are not accepted");

diff --git a/...rg/wso2/carbon/identity/application/authenticator/samlsso/logout/util/SAMLLogoutUtil.java b/...rg/wso2/carbon/identity/application/authenticator/samlsso/logout/util/SAMLLogoutUtil.java
@@ -198,10 +198,10 @@ public static LogoutResponse buildResponse(SAMLMessageContext samlMessageContext
             doBootstrap();
             String issuerID = (String) samlMessageContext.getFedIdPConfigs().get(SP_ENTITY_ID);
             String acsUrl = (String) samlMessageContext.getFedIdPConfigs().get(SSO_URL);
-            boolean isResponseSigned = Boolean.parseBoolean(samlMessageContext.getFedIdPConfigs().
-                    get(IS_AUTHN_RESP_SIGNED).toString());
-            boolean isIncludeCert = Boolean.parseBoolean(samlMessageContext.getFedIdPConfigs().
-                    get(INCLUDE_CERT).toString());
+            boolean isResponseSigned = Boolean.parseBoolean((String) samlMessageContext.getFedIdPConfigs().
+                    get(IS_AUTHN_RESP_SIGNED));
+            boolean isIncludeCert = Boolean.parseBoolean((String) samlMessageContext.getFedIdPConfigs().
+                    get(INCLUDE_CERT));
 
             LogoutResponse logoutResp = new LogoutResponseBuilder().buildObject();
             logoutResp.setID(createID());

diff --git a/.../identity/application/authenticator/samlsso/logout/validators/LogoutRequestValidator.java b/.../identity/application/authenticator/samlsso/logout/validators/LogoutRequestValidator.java
@@ -167,7 +167,7 @@ private void isSubjectValid(LogoutRequest logoutRequest) throws SAMLLogoutExcept
      */
     private void isValidLogoutReqSignature(LogoutRequest logoutRequest) throws SAMLLogoutException {
 
-        if (Boolean.parseBoolean(samlMessageContext.getFedIdPConfigs().get(IS_LOGOUT_REQ_SIGNED).toString()) &&
+        if (Boolean.parseBoolean((String) samlMessageContext.getFedIdPConfigs().get(IS_LOGOUT_REQ_SIGNED)) &&
                 (!SAMLLogoutUtil.isValidSignature(logoutRequest, samlMessageContext))) {
             String notification = "Signature validation failed for logout request with issuer: "
                     + logoutRequest.getIssuer().getValue();