Upgrading the SAML this morning led to the following exception:

 
2022-10-24 08:31:03.508+0000 [id=526] WARNING h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID 103edf1e-38d1-458e-ab40-5582db8168c9
java.lang.NullPointerException
at org.jenkinsci.plugins.saml.SamlFileResource.getUseDiskCache(SamlFileResource.java:62)
at org.jenkinsci.plugins.saml.SamlFileResource.<init>(SamlFileResource.java:40)
at org.jenkinsci.plugins.saml.OpenSAMLWrapper.createSAML2Client(OpenSAMLWrapper.java:99)
at org.jenkinsci.plugins.saml.SamlRedirectActionWrapper.process(SamlRedirectActionWrapper.java:47)
at org.jenkinsci.plugins.saml.SamlRedirectActionWrapper.process(SamlRedirectActionWrapper.java:31)
at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:68)
at org.jenkinsci.plugins.saml.SamlSecurityRealm.doCommenceLogin(SamlSecurityRealm.java:262)
at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:558)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)

It appears to be related to the changes in https://github.com/jenkinsci/saml-plugin/pull/98/files#diff-10e7a06c0704b8510f7704599231ef873f255efdf23f9af6805ef79beacef1c0 which were merged last night.

Specifically, I believe that upgrading plugins do not have anything in the configuration for the field useDiskCache, therefore when when DataBoundSetter is called, it is setting the Boolean object value to null - https://github.com/jenkinsci/saml-plugin/pull/98/files#diff-b755fed02ff5e63cd2f93d180c98ceede35c24c3ebb021981cc2905e7fced6fbR75

This field defaults to false in the class - https://github.com/jenkinsci/saml-plugin/pull/98/files#diff-b755fed02ff5e63cd2f93d180c98ceede35c24c3ebb021981cc2905e7fced6fbR41 , but it must be being overwritten by the current configuration when the plugin is loaded.

The tests include setting this value - https://github.com/jenkinsci/saml-plugin/pull/98/files#diff-10e7a06c0704b8510f7704599231ef873f255efdf23f9af6805ef79beacef1c0R52 , but I suspect if there was a test where this was not set in the configuration file, it too would throw a null pointer exception.

I'm not sure what the correct solution is here, but perhaps getUseDiskCache() should never return null (defaulting to false) https://github.com/jenkinsci/saml-plugin/pull/98/files#diff-b755fed02ff5e63cd2f93d180c98ceede35c24c3ebb021981cc2905e7fced6fbR70 , or alternatively (or as well as) setUseDiskCache() should not set the value of the Boolean object to null https://github.com/jenkinsci/saml-plugin/pull/98/files#diff-b755fed02ff5e63cd2f93d180c98ceede35c24c3ebb021981cc2905e7fced6fbR75.
or the third option is to pass through a default at the appropriate config loading point.

I believe this will affect anyone upgrading the plugin, so I am marking this as critical