Hi all

In specific situations opening metadata URL on IDP server causes HTTP 500 Internal error.

If you configure SAML2 SP with custom signing/encryption certificates you can get SP specific metadata with url:
Code:
https://<IDP server>/nidp/saml2/metadata?PID=<SP entityID>
If you also configure SAML2 Identity Provider, opening that URL will produce java.io.NotSerializableException

If I remove or just disable SAML2 Identity Provider, URL works again.

I've tried that on NAM 4.3.1 and 4.3.2.

Has anybody else experienced that?

regs s

IDP log:
Code:
<amLogEntry> 2017-06-30T14:32:18Z DEBUG NIDS Application: 
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: http-nio-<IDP server IP>-8443-exec-3
****** HttpServletRequest Information:
Method: GET
Scheme: https
Context Path: /nidp
Servlet Path: /saml2
Query String: PID=<SP entityID>
Path Info: /metadata
Server Name: <IDP server DNS>
Server Port: 443
Content Length: -1
Content Type: null
Auth Type: null
Request URL: https://<IDP server DNS>/nidp/saml2/metadata
Host IP Address: <IDP server IP>
Remote Client IP Address: <client IP>
Cookie: (0 of 1): JSESSIONID, b75e38e82ee9365bd77153db60c7abf19103ef8bf418a73857bd1525aba81e2b
Header: Name: host, Value: <IDP server DNS>
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
Header: Name: accept, Value: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Header: Name: accept-language, Value: en-US,en;q=0.5
Header: Name: accept-encoding, Value: gzip, deflate, br
Header: Name: connection, Value: keep-alive
Header: Name: upgrade-insecure-requests, Value: 1
Session Id: b75e38e82ee9365bd77153db60c7abf19103ef8bf418a73857bd1525aba81e2b
Session Last Accessed Time: 1498833013702
 </amLogEntry>

<amLogEntry> 2017-06-30T14:32:18Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: http-nio-<IDP server IP>-8443-exec-3

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@104b9e3 from cache session succeeded using key b75e38e82ee9365bd77153db60c7abf19103ef8bf418a73857bd1525aba81e2b.  Cache size is 1
 </amLogEntry>

<amLogEntry> 2017-06-30T14:32:18Z DEBUG NIDS Application: AM#600105011: AMDEVICEID#ECB0390B960F3DA2: AMAUTHID#b75e38e82ee9365bd77153db60c7abf19103ef8bf418a73857bd1525aba81e2b:  IDP saml2 handler to process request received for /nidp/saml2 </amLogEntry>

<amLogEntry> 2017-06-30T14:32:18Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: http-nio-<IDP server IP>-8443-exec-3

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@104b9e3 from cache session succeeded using key b75e38e82ee9365bd77153db60c7abf19103ef8bf418a73857bd1525aba81e2b.  Cache size is 1
 </amLogEntry>

<amLogEntry> 2017-06-30T14:32:18Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2017-06-30T14:32:18Z SEVERE NIDS Application: Exception message: "java.io.NotSerializableException: com.novell.nam.common.ldap.jndi.JNDIUserStore"
     SerializationUtils.java, Line: 111, Method: serialize
     SerializationUtils.java, Line: 133, Method: serialize
     SerializationUtils.java, Line: 80, Method: clone
     y, Line: 1818, Method: A
     y, Line: 2402, Method: S
     y, Line: 545, Method: handleMetadata
     y, Line: 1134, Method: handleRequest
     y, Line: 733, Method: handleRequest
     y, Line: 2505, Method: myDoGet
     y, Line: 21, Method: doGet
     HttpServlet.java, Line: 622, Method: service
     HttpServlet.java, Line: 729, Method: service
     ApplicationFilterChain.java, Line: 292, Method: internalDoFilter
     ApplicationFilterChain.java, Line: 207, Method: doFilter
     WsFilter.java, Line: 52, Method: doFilter
     ApplicationFilterChain.java, Line: 240, Method: internalDoFilter
     ApplicationFilterChain.java, Line: 207, Method: doFilter
     FilterChainInvocation.java, Line: 66, Method: doFilter
     FilterDefinition.java, Line: 168, Method: doFilter
     FilterChainInvocation.java, Line: 58, Method: doFilter
     ManagedFilterPipeline.java, Line: 118, Method: dispatch
     GuiceFilter.java, Line: 113, Method: doFilter
     ApplicationFilterChain.java, Line: 240, Method: internalDoFilter
     ApplicationFilterChain.java, Line: 207, Method: doFilter
     y, Line: 1070, Method: doFilter
     ApplicationFilterChain.java, Line: 240, Method: internalDoFilter
     ApplicationFilterChain.java, Line: 207, Method: doFilter
     HttpHeaderSecurityFilter.java, Line: 120, Method: doFilter
     ApplicationFilterChain.java, Line: 240, Method: internalDoFilter
     ApplicationFilterChain.java, Line: 207, Method: doFilter
     y, Line: 2652, Method: doFilter
     ApplicationFilterChain.java, Line: 240, Method: internalDoFilter
     ApplicationFilterChain.java, Line: 207, Method: doFilter
     StandardWrapperValve.java, Line: 212, Method: invoke
     StandardContextValve.java, Line: 106, Method: invoke
     AuthenticatorBase.java, Line: 502, Method: invoke
     StandardHostValve.java, Line: 141, Method: invoke
     ErrorReportValve.java, Line: 79, Method: invoke
     StandardEngineValve.java, Line: 88, Method: invoke
     CoyoteAdapter.java, Line: 509, Method: service
     AbstractHttp11Processor.java, Line: 1104, Method: process
     AbstractProtocol.java, Line: 684, Method: process
     NioEndpoint.java, Line: 1520, Method: doRun
     NioEndpoint.java, Line: 1476, Method: run
     ThreadPoolExecutor.java, Line: 1142, Method: runWorker
     ThreadPoolExecutor.java, Line: 617, Method: run
     TaskThread.java, Line: 61, Method: run
     Thread.java, Line: 745, Method: run
 </amLogEntry>