[
https://issues.apache.org/jira/browse/KNOX-1152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16300479#comment-16300479
]
Larry McCay commented on KNOX-1152:
-----------------------------------
This looks good - one nit...
I think the message can probably indicate a bit more for diagnostics.
Perhaps, tell them to ensure that the authentication/federation provider is
configured correctly?
It is a general requirement that each authn/federation provider normalize their
authentication results into a standard Java Subject with the expected
principals. Not doing so may result in a null Subject or a Subject that does
not contain the expected principals.
> Guard Against Missing Subject in Identity Assertion
> ---------------------------------------------------
>
> Key: KNOX-1152
> URL: https://issues.apache.org/jira/browse/KNOX-1152
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.11.0, 0.12.0, 0.13.0, 0.14.0
> Reporter: Rick Kellogg
> Assignee: Rick Kellogg
> Priority: Minor
> Fix For: 1.0.0, 0.14.1
>
> Attachments: KNOX-1152.patch
>
>
> Within the CommonIdentityAssertionFilter class, it is possible the evaluation
> of the Subject can return null. A check should be added for this, error
> logged and IllegalStateException exception thrown.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
