On Thu, Apr 13, 2017 at 7:58 AM, Johann Nallathamby <[email protected]> wrote:
> > > On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamed <[email protected]> > wrote: > >> Noticed that the below error[1] was getting printed when I was trying out >> SAML SSO with IS 5.3.0. >> >> This error is coming when trying to insert the assertion[2] in >> IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile >> implementation. >> >> This is only required if we are using this feature. But by default we >> have changed the SAMLAssertionBuilder from >> "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder". >> This also this means that we are doing a DB insert everytime we build an >> assertion which is not required if we don't use SAML Attribute Query >> profile at all. >> >> Any specific reason why we decided to have the >> ExtendedDefaultAssertionBuilder >> as our default assertion builder implementation? >> > > 1. To improve OOTB experience for users minimize configuration changes to > setup a feature. > 2. Turn on features as much as possible so that developers can identify > errors early/easily as possible - exactly the case in this scenario. > Sounds fair. As of now we have a workaround to change the AssertionBuilder to " DefaultSAMLAssertionBuilder". Shouldn't we document this somewhere so that people who do not want to use SAML Attribute Query can switch to DefaultSAMLAssertionBuilder? > >> >> >> [1] >> [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso. >> saml.builders.assertion.ExtendedDefaultAssertionBuilder} - Error while >> writing data >> org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION >> VARCHAR(4096)": "STRINGDECODE('<?xml version=\""1.0\"" >> encoding=\""UTF-8\""?>\n<saml2:Assertion >> ID=\""_34d56ef1f5ec3af39bb21cd41909184c\"" >> IssueInstant... (4678)"; SQL statement: >> INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT, >> SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES >> (?,?,?,?,?,?) [22001-175] >> at org.h2.message.DbException.getJdbcSQLException(DbException.java:332) >> at org.h2.message.DbException.get(DbException.java:172) >> at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317) >> at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713) >> at org.h2.command.dml.Insert.insertRows(Insert.java:152) >> at org.h2.command.dml.Insert.update(Insert.java:115) >> at org.h2.command.CommandContainer.update(CommandContainer.java:79) >> at org.h2.command.Command.executeUpdate(Command.java:253) >> at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc >> PreparedStatement.java:154) >> at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared >> Statement.java:140) >> at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende >> dDefaultAssertionBuilder.buildAssertion(ExtendedDefaultAsser >> tionBuilder.java:87) >> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML >> Assertion(SAMLSSOUtil.java:695) >> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >> ilder.buildResponse(DefaultResponseBuilder.java:68) >> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >> e(SAMLSSOService.java:164) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >> rServlet.java:713) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleRequest(SAMLSSOProviderServlet.java:179) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.doGet(SAMLSSOProviderServlet.java:96) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >> rvice(ContextPathServletAdaptor.java:37) >> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >> n.service(ServletRegistration.java:61) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >> ssAlias(ProxyServlet.java:128) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >> ce(ProxyServlet.java:60) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >> (DelegationServlet.java:68) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:303) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt >> er(CaptchaFilter.java:76) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >> r(HttpHeaderSecurityFilter.java:120) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >> r(CharacterSetFilter.java:61) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >> r(HttpHeaderSecurityFilter.java:120) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >> dWrapperValve.java:218) >> at org.apache.catalina.core.StandardContextValve.invoke(Standar >> dContextValve.java:122) >> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >> uthenticatorBase.java:505) >> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >> stValve.java:169) >> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >> rtValve.java:103) >> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >> RewriteValve.invoke(TenantContextRewriteValve.java:72) >> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >> ke(AuthorizationValve.java:91) >> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >> ke(AuthenticationValve.java:60) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >> ocation(CompositeValve.java:99) >> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >> (CarbonTomcatValve.java:47) >> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >> ntLazyLoaderValve.java:57) >> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >> eValves(TomcatValveContainer.java:47) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >> ositeValve.java:62) >> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >> lve.java:958) >> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >> invoke(CarbonContextCreatorValve.java:57) >> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >> EngineValve.java:116) >> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >> apter.java:452) >> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >> tractHttp11Processor.java:1087) >> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >> .process(AbstractProtocol.java:637) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >> (NioEndpoint.java:1756) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >> ioEndpoint.java:1715) >> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >> Executor.java:1142) >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >> lExecutor.java:617) >> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >> un(TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:745) >> >> >> [2] https://github.com/wso2-extensions/identity-inbound-auth >> -saml/blob/183307fac8ae4e4fba139e2449961996c9e1ddf7/componen >> ts/org.wso2.carbon.identity.sso.saml/src/main/java/org/ >> wso2/carbon/identity/sso/saml/builders/assertion/ExtendedDef >> aultAssertionBuilder.java#L85-L85 >> >> >> >> Thanks, >> Farasath. >> >> >> Farasath Ahamed >> Software Engineer, WSO2 Inc.; http://wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
