Version Affected: IdP 8.2 - 19.07.01
Description:
The Forms POST begin site generates the following error or just a blank page:
Error: Object reference not set to an instance of an object
Cause:
The default Forms POST begin site doesn't have any handling for incorrect or missing variables being passed to it, e.g. Missing Mode, or incorrect Password etc.
Resolution:
A modified version of the begin site is available with the following improvements:
- Prevents "Error: Object reference not set to an instance of an object" if UserID or Mode variables are not supplied
- Prevents blank page on authentication failure, redirects to restart.aspx or generates a 404 instead.
- Defaults to PUBLIC mode if the Mode Variable is missing.
- Better logging, now logs failures too.
1. Configure the begin site as per this article:
2. Download the attached ZIP for a modified version that allows either a redirect back to restart.aspx or to respond with a 404.
3. Extract the FormPostCustom.aspx and FormPostCustom.aspx.vb files that are appropriate for the version of IdP and copy them to the root of the respective realm just like the non-modified versions.
4. On the Workflow tab change the Begin Site dropdown to Custom and type the name of the Begin site like this:
5. The realm is now prepared. When testing, don't forget to change your testing HTML file to use the new begin site URL:
6. The modified Begin Site VB is easy to understand. It's currently set up to return a 404 if the authentication fails or if the browser lands on the begin site without POSTing a UserID. To change this so it redirects to restart.aspx uncomment the highlighted line and comment out the 4 lines following it that start with Response.XXXX then save the file.:
Note there are 2 sections where you can chose to redirect to restart.aspx or respond with a 404.
Special Considerations (optional as needed):
Missing SharedSecret (If required in the workflow tab) or missing password (again if required in the workflow tab) will still trigger Error: Object reference not set to an instance of an object.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Thanks Tyler but those changes will point it back to using the DLL. If you want the updated behaviour as described above then the VB file needs to be used instead. If the file is not producing the results you expect or as described above then please feel free to open a support ticket and I'll be happy to help.
Simon - I just deleted my earlier comment based on your response as to not confuse others.
My dev was initially receiving a 404, but we weren't supplying a username in the form post - my expectation was the ASPX page itself was not being served. I see 404 is intended response behavior (as indicated above and in the code, as well.)
Feel free to delete this comment as well. Thanks for the response!
Please sign in to leave a comment.