On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamed <[email protected]>
wrote:
> Noticed that the below error[1] was getting printed when I was trying out
> SAML SSO with IS 5.3.0.
>
> This error is coming when trying to insert the assertion[2] in
> IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile
> implementation.
>
> This is only required if we are using this feature. But by default we have
> changed the SAMLAssertionBuilder from
> "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder". This
> also this means that we are doing a DB insert everytime we build an
> assertion which is not required if we don't use SAML Attribute Query
> profile at all.
>
> Any specific reason why we decided to have the ExtendedDefaultAssertionBuilder
> as our default assertion builder implementation?
>
1. To improve OOTB experience for users minimize configuration changes to
setup a feature.
2. Turn on features as much as possible so that developers can identify
errors early/easily as possible - exactly the case in this scenario.
>
>
> [1]
> [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso.
> saml.builders.assertion.ExtendedDefaultAssertionBuilder} - Error while
> writing data
> org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION
> VARCHAR(4096)": "STRINGDECODE('<?xml version=\""1.0\""
> encoding=\""UTF-8\""?>\n<saml2:Assertion
> ID=\""_34d56ef1f5ec3af39bb21cd41909184c\""
> IssueInstant... (4678)"; SQL statement:
> INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT,
> SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES
> (?,?,?,?,?,?) [22001-175]
> at org.h2.message.DbException.getJdbcSQLException(DbException.java:332)
> at org.h2.message.DbException.get(DbException.java:172)
> at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317)
> at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713)
> at org.h2.command.dml.Insert.insertRows(Insert.java:152)
> at org.h2.command.dml.Insert.update(Insert.java:115)
> at org.h2.command.CommandContainer.update(CommandContainer.java:79)
> at org.h2.command.Command.executeUpdate(Command.java:253)
> at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc
> PreparedStatement.java:154)
> at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared
> Statement.java:140)
> at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende
> dDefaultAssertionBuilder.buildAssertion(ExtendedDefault
> AssertionBuilder.java:87)
> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML
> Assertion(SAMLSSOUtil.java:695)
> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu
> ilder.buildResponse(DefaultResponseBuilder.java:68)
> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR
> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167)
> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat
> e(SAMLSSOService.java:164)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide
> rServlet.java:713)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.handleRequest(SAMLSSOProviderServlet.java:179)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.doGet(SAMLSSOProviderServlet.java:96)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se
> rvice(ContextPathServletAdaptor.java:37)
> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
> n.service(ServletRegistration.java:61)
> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
> ssAlias(ProxyServlet.java:128)
> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
> ce(ProxyServlet.java:60)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
> (DelegationServlet.java:68)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:303)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt
> er(CaptchaFilter.java:76)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte
> r(HttpHeaderSecurityFilter.java:120)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte
> r(CharacterSetFilter.java:61)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte
> r(HttpHeaderSecurityFilter.java:120)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
> dWrapperValve.java:218)
> at org.apache.catalina.core.StandardContextValve.invoke(Standar
> dContextValve.java:122)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
> uthenticatorBase.java:505)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
> stValve.java:169)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
> rtValve.java:103)
> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext
> RewriteValve.invoke(TenantContextRewriteValve.java:72)
> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.
> invoke(AuthorizationValve.java:91)
> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo
> ke(AuthenticationValve.java:60)
> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv
> ocation(CompositeValve.java:99)
> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke
> (CarbonTomcatValve.java:47)
> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena
> ntLazyLoaderValve.java:57)
> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok
> eValves(TomcatValveContainer.java:47)
> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp
> ositeValve.java:62)
> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection
> Valve.invoke(CarbonStuckThreadDetectionValve.java:159)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa
> lve.java:958)
> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.
> invoke(CarbonContextCreatorValve.java:57)
> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
> EngineValve.java:116)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
> apter.java:452)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs
> tractHttp11Processor.java:1087)
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler
> .process(AbstractProtocol.java:637)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
> (NioEndpoint.java:1756)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(
> NioEndpoint.java:1715)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
> Executor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
> lExecutor.java:617)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.
> run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
>
>
> [2] https://github.com/wso2-extensions/identity-inbound-auth
> -saml/blob/183307fac8ae4e4fba139e2449961996c9e1ddf7/
> components/org.wso2.carbon.identity.sso.saml/src/main/
> java/org/wso2/carbon/identity/sso/saml/builders/assertion/Ex
> tendedDefaultAssertionBuilder.java#L85-L85
>
>
>
> Thanks,
> Farasath.
>
>
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 <https://twitter.com/farazath619>
> <http://wso2.com/signature>
>
>
>
--
Thanks & Regards,
*Johann Dilantha Nallathamby*
Technical Lead & Product Lead of WSO2 Identity Server
Governance Technologies Team
WSO2, Inc.
lean.enterprise.middleware
Mobile - *+94777776950*
Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
