Skip to content

Do not show exception if expected OIDC claims are not sent

Description

In openDesk we allow users the access to the applications based on group membership(s). If a group membership is not given, the claims required by an application are not granted and thus not provided to the application

Steps to reproduce

  • Login to openDesk as Administrator
  • You don't see the portal tile to XWiki as you are not member of the group to access XWiki.
  • Despite that, open the wiki subdomain the browser.

Expected result: Do not show the exception (this is not allowed due to IT Grundschutz requirements anyway), but show a proper message saying that the login was not successful and that the user might not be authorized to access XWiki.

Actual result: You get to see an exception:

HTTP ERROR 500 javax.servlet.ServletException: Failed to handle Resource Reference [path = authenticator/callback, endpoint = authenticator, pathSegments = [callback]]
URI: /oidc/authenticator/callback
STATUS: 500
MESSAGE: javax.servlet.ServletException: Failed to handle Resource Reference [path = authenticator/callback, endpoint = authenticator, pathSegments = [callback]]
SERVLET: default
CAUSED BY: javax.servlet.ServletException: Failed to handle Resource Reference [path = authenticator/callback, endpoint = authenticator, pathSegments = [callback]]
CAUSED BY: org.xwiki.resource.ResourceReferenceHandlerException: Failed to handle the OIDC endpoint
CAUSED BY: java.lang.IllegalArgumentException: An Entity Reference name cannot be null or empty
Caused by:
javax.servlet.ServletException: Failed to handle Resource Reference [path = authenticator/callback, endpoint = authenticator, pathSegments = [callback]]
[..]
... 70 more
Caused by: java.lang.IllegalArgumentException: An Entity Reference name cannot be null or empty
at org.xwiki.model.reference.EntityReference.setName(EntityReference.java:214)
at org.xwiki.model.reference.EntityReference.<init>(EntityReference.java:156)
at org.xwiki.model.reference.AbstractLocalizedEntityReference.<init>(AbstractLocalizedEntityReference.java:76)
at org.xwiki.model.reference.DocumentReference.<init>(DocumentReference.java:177)
at org.xwiki.contrib.oidc.auth.internal.OIDCUserManager.getNewUserDocument(OIDCUserManager.java:771)
at org.xwiki.contrib.oidc.auth.internal.OIDCUserManager.updateUser(OIDCUserManager.java:345)
at org.xwiki.contrib.oidc.auth.internal.endpoint.CallbackOIDCEndpoint.handle(CallbackOIDCEndpoint.java:251)
at org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:138)
at org.xwiki.contrib.oidc.provider.internal.OIDCResourceReferenceHandler.handle(OIDCResourceReferenceHandler.java:110)
... 73 more
Powered by Jetty:// 10.0.24

Affected Versions

All openDesk versions.