Open
Description
Describe the bug
When integration test org.zowe.apiml.integration.zaas.ZosmfTokensTest.WhenGeneratingZosmfTokens_returnValidZosmfToken#givenX509Certificate
is executed in negative scenario - with a client certificate that is trusted, but not mapped to a user, a NPE occurs resulting in 500 return code.
Steps to Reproduce
- Prepare a trusted certificate, that is not mapped to a user.
- Update the environment configuration to use trusted, but unmapped certificate
- Run the integration test
Expected behavior
401 is expected
Logs
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.JwtAuthSourceService)) Getting JWT token from request.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.JwtAuthSourceService)) JWT token not found in request.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.PATAuthSourceService)) Getting JWT token from request.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.PATAuthSourceService)) JWT token not found in request.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.OIDCAuthSourceService)) Getting JWT token from request.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.OIDCAuthSourceService)) JWT token not found in request.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) Getting X509 client certificate from custom attribute 'client.auth.X509Certificate'.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) Validating X509 client certificate.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) X509 client certificate found in request.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.DefaultAuthSourceService)) Authentication request towards the southbound service /zaas/scheme/zosmf using the auth source CLIENT_CERT
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) Parsing X509 client certificate.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-
0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) Validating X509 client certificate.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.m.NativeMapper)) CertificateResponse(userId=, rc=-1, errno=143, errno2=318833740)
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.s.s.X509AuthSourceService)) Validating X509 client certificate.
2025-01-13 12:38:14.775 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.s.s.w.FilterChainProxy)) Secured POST /zaas/scheme/zosmf
2025-01-13 12:38:14.776 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.l.Providers)) z/OSMF registered with the Discovery Service and propagated to ZAAS: true
2025-01-13 12:38:14.776 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.TokenCreationService)) ZOSMF is available and used. Attempt to authenticate with PassTicket
2025-01-13 12:38:14.776 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.s.s.TokenCreationService)) Generating PassTicket for user: null and ZOSMF applid: IZUDFLT
2025-01-13 12:38:14.776 <ZWEAZS1:https-jsse-nio-0.0.0.0-10018-exec-2:67174549> �[35mZWESVUSR�[0;39m �[36mDEBUG�[0;39m ((o.z.a.z.z.ZaasExceptionHandler)) Unexpected internal error
java.lang.NullPointerException: Cannot invoke "java.lang.String.toUpperCase()" because "userId" is null
at org.zowe.apiml.passticket.PassTicketService.generate(PassTicketService.java:50)
at org.zowe.apiml.zaas.security.service.TokenCreationService.generatePassTicket(TokenCreationService.java:105)
at org.zowe.apiml.zaas.security.service.TokenCreationService.createZosmfTokensWithoutCredentials(TokenCreationService.java:76)
at org.zowe.apiml.zaas.security.service.zosmf.ZosmfService.exchangeAuthenticationForZosmfToken(ZosmfService.java:244)
at jdk.internal.reflect.GeneratedMethodAccessor85.invoke(Unknown Source)
Details
- Version and build number: v3
- Test environment: miniplex
Additional context
Found during miniplex setup for integration tests
Metadata
Assignees
Type
Projects
Status
Unplanned Bugs
Activity