Unable to authenticate in SPNEGO Login Module with NullPointerException

Environment

• Red Hat JBoss Enterprise Application Platform (EAP)
  • 6.3.2
  • 6.4.3, 6.4.4, 6.4.5, 6.4.6

Issue

• Getting NullPointerException (NPE) in SPNEGO Login Module .
• After deploying the application on a JBoss Server , where we are using the SPNEGO Module for Single Sign On, and where architecture includes two Application Servers behind a network load balancer which assures session persistence based on the Jsession ID such that, all requests bound to a user session will always land on one backend, the configuration with SPNEGO will works fine, however, from time to time the authentication fails:-
  • This happens very rarely (20 times in a day on a system where about 50 users are working) and it is extremely hard to reproduce.
  • We have already looked into the AD Logs for authentication, but we see there no errors.
  • The following is the error.

ERROR (HTTP-341) [UID=,REQ=#,APP=,MODULE=] [org.jboss.security.auth.spi.AbstractServerLoginModule] Unable to authenticate: java.lang.NullPointerException
        at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:420)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:356)

Resolution

Apply JBoss EAP 6.4 Cumulative Patch (CP) 7 or later

Root Cause

This content is not included.bug-1236606: (6.4.z) Unable to authenticate in SPNEGO Login Module with NullPointerException
Content from issues.jboss.org is not included. SECURITY-897: Unable to authenticate in SPNEGO Login Module with NullPointerException

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.