IBM Support

IJ10831: JAASPRINCIPAL "PROVIDED NAME IS NULL" ERROR IN WINDOWS AZUREAD ENVIRONMENT.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message, as reported by customer:

Customer reports the following error from a test case in their
Windows AzureAD environment:

java.lang.IllegalArgumentException: provided null name in
com.ibm.security.auth.JAASPrincipal.


Stack Trace, if applicable:

Before construct Win64System
No mapping between account names and security IDs was done.
        [JAASLoginModule] succeeded importing info:
            user name = XXYYZZ
            user SID =
S-1-12-1-731028960-1096896208-158070199-1005826882
            user domain = AzureAD
java.lang.IllegalArgumentException: provided null name
after construct Win64System
    at
com.ibm.security.auth.JAASPrincipal.<init>(JAASPrincipal.java:76
)
    at
com.ibm.security.auth.DomainIDPrincipal.<init>(DomainIDPrincipal
.java:65)
    at
com.ibm.security.auth.module.JAASLoginModule.login(JAASLoginModu
le.java:176)
    at Main.main(Main.java:20)
Disconnected from the target VM, address: '127.0.0.1:56788',
transport: 'socket'
getting access token
  [getToken] got user access token
getting user info
  [getUser] Got TokenUser info
  [getUser] userName: XXYYZZ, domainName = AzureAD
  [getUser] userSid:
S-1-12-1-731028960-1096896208-158070199-1005826882
  [getUser] LookupAccountName error: 1332
getting primary group
  [getPrimaryGroup] Got TokenPrimaryGroup info
  [getPrimaryGroup] primaryGroup:
S-1-12-1-731028960-1096896208-158070199-1005826882
getting supplementary groups
  [getGroups] Got TokenGroups info
  [getGroups] group 0: S-1-16-8192
  [getGroups] group 1: S-1-1-0
  [getGroups] group 2:
S-1-5-21-1053931748-2307000595-3209804414-1002
  [getGroups] group 3: S-1-5-32-544
  [getGroups] group 4: S-1-5-32-559
  [getGroups] group 5: S-1-5-32-545
  [getGroups] group 6: S-1-5-4
  [getGroups] group 7: S-1-2-1
  [getGroups] group 8: S-1-5-11
  [getGroups] group 9: S-1-5-15
  [getGroups] group 10: S-1-5-5-0-1315436
  [getGroups] group 11: S-1-2-0
  [getGroups] group 12: S-1-5-64-36
Process finished with exit code 0

Other Error Information, as reported by customer:

N/A

Local fix

  • N/A

Problem summary

  • JAASPrincipal "provided name is null" error in Windows AzureAD
environment.
ERROR DESCRIPTION:
Customer reports the following error from a test case in their
Windows AzureAD environment:
Before construct Win64System
No mapping between account names and security IDs was done.
        [JAASLoginModule] succeeded importing info:
            user name = XXYYZZ
            user SID =
S-1-12-1-731028960-1096896208-158070199-1005826882
            user domain = AzureAD
java.lang.IllegalArgumentException: provided null name
after construct Win64System
    at
com.ibm.security.auth.JAASPrincipal.<init>(JAASPrincipal.java:76
)
    at
com.ibm.security.auth.DomainIDPrincipal.<init>(DomainIDPrincipal
.java:65)
    at
com.ibm.security.auth.module.JAASLoginModule.login(JAASLoginModu
le.java:176)
    at Main.main(Main.java:20)
Disconnected from the target VM, address: '127.0.0.1:56788',
transport: 'socket'
getting access token
  [getToken] got user access token
getting user info
  [getUser] Got TokenUser info
  [getUser] userName: XXYYZZ, domainName = AzureAD
  [getUser] userSid:
S-1-12-1-731028960-1096896208-158070199-1005826882
  [getUser] LookupAccountName error: 1332
getting primary group
  [getPrimaryGroup] Got TokenPrimaryGroup info
  [getPrimaryGroup] primaryGroup:
S-1-12-1-731028960-1096896208-158070199-1005826882
getting supplementary groups
  [getGroups] Got TokenGroups info
  [getGroups] group 0: S-1-16-8192
  [getGroups] group 1: S-1-1-0
  [getGroups] group 2:
S-1-5-21-1053931748-2307000595-3209804414-1002
  [getGroups] group 3: S-1-5-32-544
  [getGroups] group 4: S-1-5-32-559
  [getGroups] group 5: S-1-5-32-545
  [getGroups] group 6: S-1-5-4
  [getGroups] group 7: S-1-2-1
  [getGroups] group 8: S-1-5-11
  [getGroups] group 9: S-1-5-15
  [getGroups] group 10: S-1-5-5-0-1315436
  [getGroups] group 11: S-1-2-0
  [getGroups] group 12: S-1-5-64-36
Process finished with exit code 0JAASPrincipal "provided name
is null" error in Windows AzureAD environment.
ERROR DESCRIPTION:
Customer reports the following error from a test case in their
Windows AzureAD environment:
Before construct Win64System
No mapping between account names and security IDs was done.
        [JAASLoginModule] succeeded importing info:
            user name = XXYYZZ
            user SID = S-1-12-1-731028960-1096896208-158070199-1
            user domain = AzureAD
java.lang.IllegalArgumentException: provided null name
after construct Win64System
    at
com.ibm.security.auth.JAASPrincipal.<init>(JAASPrincipal.java:76
)
    at
com.ibm.security.auth.DomainIDPrincipal.<init>(DomainIDPrincipal
.java:65)
    at
com.ibm.security.auth.module.JAASLoginModule.login(JAASLoginModu
le.java:176)
    at Main.main(Main.java:20)
Disconnected from the target VM, address: '127.0.0.1:56788',
transport: 'socket'
getting access token
  [getToken] got user access token
getting user info
  [getUser] Got TokenUser info
  [getUser] userName: XXYYZZ, domainName = AzureAD
  [getUser] userSid:
S-1-12-1-731028960-1096896208-158070199-1005826882
  [getUser] LookupAccountName error: 1332
getting primary group
  [getPrimaryGroup] Got TokenPrimaryGroup info
  [getPrimaryGroup] primaryGroup:
S-1-12-1-731028960-1096896208-158070199-1005826882
getting supplementary groups
  [getGroups] Got TokenGroups info
  [getGroups] group 0: S-1-16-8192
  [getGroups] group 1: S-1-1-0
  [getGroups] group 2:
S-1-5-21-1053931748-2307000595-3209804414-1002
  [getGroups] group 3: S-1-5-32-544
  [getGroups] group 4: S-1-5-32-559
  [getGroups] group 5: S-1-5-32-545
  [getGroups] group 6: S-1-5-4
  [getGroups] group 7: S-1-2-1
  [getGroups] group 8: S-1-5-11
  [getGroups] group 9: S-1-5-15
  [getGroups] group 10: S-1-5-5-0-1315436
  [getGroups] group 11: S-1-2-0
  [getGroups] group 12: S-1-5-64-36
Process finished with exit code 0

Problem conclusion

  • Updated JAASPrincipal to allow empty name string in constructor
for Windows platforms.
The associated RTC PR is 139554
The associated Austin CMVC defect is N/A
The associated Austin APAR is IJ10831
JVMs affected: Java 7 & 8
The fix was delivered for: Java 7 SR10 FP40 (level
20181106_01), Java 7.1 SR4 FP40 (level 20181106_01), Java 8 SR5
FP30 (level 20181102_04)
The affected jars: rt.jar

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ10831
    • 

  • Reported component name
    JAVA AUTHEN AUT
    • 

  • Reported component ID
    TIVSECJAA
    • 

  • Reported release
    100
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-10-26
    • 

  • Closed date
    2018-11-07
    • 

  • Last modified date
    2018-11-07
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  •    NONE
999

    



Fix information


    

  • Fixed component name
    JAVA AUTHEN AUT
    • 

  • Fixed component ID
    TIVSECJAA
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL43","label":"JAAS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 November 2018
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback