Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 393236

Summary: NPE in OpenidConsumer.verifyResponse
Product: [ECD] Orion Reporter: John Arthorne <john.arthorne>
Component: ServerAssignee: John Arthorne <john.arthorne>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3    
Version: unspecified   
Target Milestone: 2.0 M1   
Hardware: PC   
OS: Windows 7   
Whiteboard:

Description John Arthorne CLA 2012-10-31 09:46:46 EDT 
Build: 1.0 on orionhub.org

I am seeing lots of these in the log on orionhug:

2012-10-19 17:31:04.277 [qtp1187530440-58] ERROR o.o.consumer.ConsumerManager - Verification failed for: https://www.google.com/accounts/
o8/id?id=AItOawle_HPgfaStlrEcQia-97RtzW3D7foptu8 reason: Direct signature verification failed.
2012-10-19 17:31:04.282 [qtp1187530440-58] WARN  o.e.jetty.servlet.ServletHandler - /login/openid
java.lang.NullPointerException: null
        at org.eclipse.orion.server.authentication.openid.OpenidConsumer.verifyResponse(OpenidConsumer.java:132) ~[na:na]
        at org.eclipse.orion.server.authentication.openid.OpenIdHelper.handleOpenIdReturnAndLogin(OpenIdHelper.java:106) ~[na:na]
        at org.eclipse.orion.server.authentication.formopenid.FormOpenIdLoginServlet.doPost(FormOpenIdLoginServlet.java:117) ~[na:na]
        at org.eclipse.orion.server.authentication.formopenid.FormOpenIdLoginServlet.doGet(FormOpenIdLoginServlet.java:203) ~[na:na]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:735) ~[javax.servlet_3.0.0.v201112011016.jar:na]
Comment 1 John Arthorne CLA 2012-10-31 14:41:10 EDT 
This can happen if the session state expired since the openid handshake started. Added null check and logged when this happens:

http://git.eclipse.org/c/orion/org.eclipse.orion.server.git/commit/?id=ba7686bc0d27ddb3fe74de87ce71e9c6307e0ed5