Reset password for SAML and LDAP users results in a NPE #12582
Description
problem
Reset password for SAML and LDAP users results in a NPE
versions
ACS 4.20.x and 4.22
The steps to reproduce the bug
-
As a admin Create a LDAP or SAML based Users
-
Enable the global setting "user.password.reset.enabled"
-
Click on Forgot password and provide the LDAP or saml account details
-
No mail is sent
2026-02-04 04:46:12,292 ERROR [c.c.a.ApiServlet] (qtp1390913202-16:[ctx-ab5a7a2c]) (logid:84bb83de) unknown exception writing api response java.lang.NullPointerException: Cannot invoke "javax.servlet.http.HttpSession.invalidate()" because "session" is null
at com.cloud.api.ApiServlet.invalidateHttpSession(ApiServlet.java:656)
at com.cloud.api.auth.DefaultForgotPasswordAPIAuthenticatorCmd.authenticate(DefaultForgotPasswordAPIAuthenticatorCmd.java:120)
at com.cloud.api.ApiServlet.processRequestInContext(ApiServlet.java:304)
at com.cloud.api.ApiServlet$1.run(ApiServlet.java:190)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:187)
at com.cloud.api.ApiServlet.doPost(ApiServlet.java:146)
What to do about it?
Since the SAML and LDAP authentication and password changes happens outside cloudstack we should not reset the password
Thrown an exception meessage saying reset password is not supported for SAML and LDAP user account