Exception during SAML global logout if session expired ------------------------------------------------------ Key: GTNSSO-25 URL: https://issues.jboss.org/browse/GTNSSO-25 Project: GateIn SSO Issue Type: Bug Affects Versions: 1.3.2.Final Reporter: Marek Posolda Assignee: Marek Posolda Fix For: 1.3.3.Final Steps to reproduce: 1) Setup from https://docs.jboss.org/author/display/GTNPORTAL36/SAML2 with "Portal as SAML2 SP and SAML2 IDP" 2) Let session expire on www.sp.com (For example delete JSESSIONID cookie in browser) 3) Click SignOut . We will end with exception in server.log like: {code} 12:21:22,080 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http-www.sp.com-192.168.2.7-8080-1) An exception or error occurred in the container during the request processing: java .lang.RuntimeException: PLFED000146: Error during processing the SAML Handler Chain. at org.picketlink.identity.federation.PicketLinkLoggerImpl.samlHandlerChainProcessingError(PicketLinkLoggerImpl.java:1113) at org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor.process(ServiceProviderBaseProcessor.java:182) at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.generalUserRequest(AbstractSPFormAuthenticator.java:567) at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:293) at org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator.authenticate(AbstractSPFormAuthenticator.java:253) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.13.Final.jar:] at org.gatein.sso.integration.SSODelegateValve.invoke(SSODelegateValve.java:155) [sso-integration-1.3.3.CR03-SNAPSHOT.jar:1.3.3.CR03-SNAPSHOT] at org.gatein.portal.security.jboss.PortalClusteredSSOSupportValve.invoke(PortalClusteredSSOSupportValve.java:88) [exo.portal.component.web.security-jboss-3.6.0.Beta02-SNAPSHOT. jar:3.6.0.Beta02-SNAPSHOT] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:] at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_32] Caused by: org.picketlink.identity.federation.core.exceptions.ProcessingException: PLFED000022: Principal Not Found at org.picketlink.identity.federation.PicketLinkLoggerImpl.samlHandlerPrincipalNotFoundError(PicketLinkLoggerImpl.java:1036) at org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler$SPLogOutHandler.generateSAMLRequest(SAML2LogOutHandler.java:359) at org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler.generateSAMLRequest(SAML2LogOutHandler.java:89) at org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor.process(ServiceProviderBaseProcessor.java:176) ... 15 more {code} This is picketlink bug, but we can handle it in gatein-sso as well