newbie question on error from call to

anthony.hollingsworth

We are evaluating Fusion Auth to provide a basic user login process for our system.

We have created:

A tenant with the following settings:
Multi-Factor -> Policies -> On login -> Enabled
Authenticator Settings -> Enabled: true

An application associated with the tenant with just SAML setup.

With Multi-factor on as above, the user is prompted to setup MFA when they first attempt to login after setting their password. MFA setup goes fine, however, on completion of the setup the following call is made and returns a 500 error.

https://fa-dev.elateral-dev.io/oauth2/two-factor-enable-complete

With the following message

We're sorry, your request was malformed or was unable to be completed for some reason. Try hitting the back button and restarting the process to see if it fixes the problem.

When we test with Multi-factor turned off, the user is invited and can update their password and then proceed to login successfully.

Any ideas on what is causing the 500 error or where we might look to get a better description of the error would be much appreciated

anthony.hollingsworth

@mark-robustelli Hi

Just to provide an update. We resolved the situation after finding this identical issue posted since I created my ticket

https://github.com/FusionAuth/fusionauth-issues/issues/2474

So we did the same workaround of turning on Require Registration and creating a registration for our users

mark.robustelli

@anthony-hollingsworth Have you tried turning on debugging to see if anything shows up in the logs?

https://fusionauth.io/docs/v1/tech/core-concepts/applications#saml

Anything interesting there?

anthony.hollingsworth

@mark-robustelli Hi, thanks for the suggestion, I turned on debug for the application but I don't see anything in the logs with error, they all appear to be debug entries relatig to the saml passing to and fro. Still scratching my head

mark.robustelli

@anthony-hollingsworth hmm.... Sorry, without much more information, it will be difficult to figure out. Can you use something like a network monitor to see what is being sent back and forth over the wire? That may help.

anthony.hollingsworth

@mark-robustelli Hi
Finally realised I had access to the logs for the pod that the service is being hosted in. So the error we get for the https://fa-dev.elateral-dev.io/oauth2/two-factor-enable-complete call is

2023-09-15 03:03:57.925 PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
java.lang.NullPointerException: Cannot read field "verified" because "<local1>" is null
at io.fusionauth.app.action.oauth2.BaseOAuthAction.next(BaseOAuthAction.java:923)
at io.fusionauth.app.action.oauth2.TwoFactorEnableCompleteAction.post(TwoFactorEnableCompleteAction.java:42)
at jdk.internal.reflect.GeneratedMethodAccessor317.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:443)
at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.execute(DefaultActionInvocationWorkflow.java:77)
at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.perform(DefaultActionInvocationWorkflow.java:60)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:50)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:45)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:60)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:49)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:74)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:58)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:92)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:50)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:113)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:65)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.cors.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:65)
at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:108)
at org.primeframework.mvc.PrimeMVCRequestHandler.handle(PrimeMVCRequestHandler.java:72)
at io.fusionauth.http.server.HTTPWorker.run(HTTPWorker.java:50)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)

mark.robustelli

@anthony-hollingsworth said in newbie question on error from call to:

Cannot read field "verified" because "<local1>" is null

Does this mean anything to you? Seems like something is not being set when it is sent to FusionAuth.

anthony.hollingsworth

@mark-robustelli
Hi,
I don't recognise that as a placeholder for us, would you have any idea what end point that might be calling in our saml integration or what field in the application is being used. The thing that puzzles me is that we have not got oauth2 enabled as far as I know, we are doing a pure saml2 integration so I'm not sure what that complete call back is doing

anthony.hollingsworth

@mark-robustelli Hi

Just to provide an update. We resolved the situation after finding this identical issue posted since I created my ticket

https://github.com/FusionAuth/fusionauth-issues/issues/2474

So we did the same workaround of turning on Require Registration and creating a registration for our users

mark.robustelli

@anthony-hollingsworth apologies, but I have been away from the forum for a while. Thanks for following up and am glad you found a solution. Thanks for sharing.