There was an Exception doing the forward/redirect error and SAML2 authentication fails when redirecting with a SAML2 JSP page in OpenAM 13.0
The purpose of this article is to provide assistance if you see the following "ERROR: LoginViewBean.forwardTo(): There was an Exception doing the forward/redirect org.apache.jasper.JasperException: java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.String" and SAML2 authentication fails when redirecting with a SAML2 JSP page (such as a SP initiated SSO) in OpenAM 13.0. This issue only affects redirects that include the realm or where you are using a realm DNS alias.
1 reader recommends this article
Archived
This article has been archived and is no longer maintained by ForgeRock.
Symptoms
The following error is shown in the browser when SAML authentication fails:
An internal authentication error has occurred.The following error is shown in the Authentication debug log:
amLoginViewBean:10/06/2016 14:57:01:782 PM GMT: Thread[catalina-exec-11,5,main]: TransactionId[b390ea18-c60b-4e13-acc0-a81aeb7e809d-51] ERROR: LoginViewBean.forwardTo(): There was an Exception doing the forward/redirect org.apache.jasper.JasperException: java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.String at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:555) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:476) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:396) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:340) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ... Caused by: java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.StringRecent Changes
Upgraded to, or installed OpenAM 13.0.
Causes
Recent changes to the SAML2 JSP pages that included a new call to retrieve the realm caused a mismatch in what was sent versus what was expected. These changes caused authentication to fail in this way when redirecting with a SAML2 JSP page that included a realm parameter or a realm DNS alias is used.
Solution
This issue can be resolved by upgrading to OpenAM 13.5 or later; you can download this version from BackStage.
See Also
N/A
Related Training
N/A
Related Issue Tracker IDs
OPENAM-8192 (spSSOInit with IDP proxy gives null pointer exception)