On Thu, Apr 13, 2017 at 10:48 AM, Omindu Rathnaweera <omi...@wso2.com> wrote:
> Better if we can use something other than VARCHAR to store the assertion > when we are fixing this since the size of the assertion can't be > guaranteed. eg: TEXT in MySQL. [1] > +1. Created a JIRA[1] to track this. [1] https://wso2.org/jira/browse/IDENTITY-5863 > > [1] - http://stackoverflow.com/a/2907484 > > Regards, > Omindu > > On Thu, Apr 13, 2017 at 7:58 AM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> >> >> On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamed <farasa...@wso2.com> >> wrote: >> >>> Noticed that the below error[1] was getting printed when I was trying >>> out SAML SSO with IS 5.3.0. >>> >>> This error is coming when trying to insert the assertion[2] in >>> IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile >>> implementation. >>> >>> This is only required if we are using this feature. But by default we >>> have changed the SAMLAssertionBuilder from >>> "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder". >>> This also this means that we are doing a DB insert everytime we build an >>> assertion which is not required if we don't use SAML Attribute Query >>> profile at all. >>> >>> Any specific reason why we decided to have the >>> ExtendedDefaultAssertionBuilder >>> as our default assertion builder implementation? >>> >> >> 1. To improve OOTB experience for users minimize configuration changes to >> setup a feature. >> 2. Turn on features as much as possible so that developers can identify >> errors early/easily as possible - exactly the case in this scenario. >> >> >>> >>> >>> [1] >>> [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso. >>> saml.builders.assertion.ExtendedDefaultAssertionBuilder} - Error while >>> writing data >>> org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION >>> VARCHAR(4096)": "STRINGDECODE('<?xml version=\""1.0\"" >>> encoding=\""UTF-8\""?>\n<saml2:Assertion >>> ID=\""_34d56ef1f5ec3af39bb21cd41909184c\"" >>> IssueInstant... (4678)"; SQL statement: >>> INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT, >>> SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES >>> (?,?,?,?,?,?) [22001-175] >>> at org.h2.message.DbException.getJdbcSQLException(DbException.java:332) >>> at org.h2.message.DbException.get(DbException.java:172) >>> at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317) >>> at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713) >>> at org.h2.command.dml.Insert.insertRows(Insert.java:152) >>> at org.h2.command.dml.Insert.update(Insert.java:115) >>> at org.h2.command.CommandContainer.update(CommandContainer.java:79) >>> at org.h2.command.Command.executeUpdate(Command.java:253) >>> at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc >>> PreparedStatement.java:154) >>> at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared >>> Statement.java:140) >>> at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende >>> dDefaultAssertionBuilder.buildAssertion(ExtendedDefaultAsser >>> tionBuilder.java:87) >>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML >>> Assertion(SAMLSSOUtil.java:695) >>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >>> ilder.buildResponse(DefaultResponseBuilder.java:68) >>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >>> e(SAMLSSOService.java:164) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >>> rServlet.java:713) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.handleRequest(SAMLSSOProviderServlet.java:179) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.doGet(SAMLSSOProviderServlet.java:96) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>> rvice(ContextPathServletAdaptor.java:37) >>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>> n.service(ServletRegistration.java:61) >>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>> ssAlias(ProxyServlet.java:128) >>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>> ce(ProxyServlet.java:60) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>> (DelegationServlet.java:68) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:303) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>> r.java:52) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt >>> er(CaptchaFilter.java:76) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>> r(HttpHeaderSecurityFilter.java:120) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>> r(CharacterSetFilter.java:61) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>> r(HttpHeaderSecurityFilter.java:120) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>> dWrapperValve.java:218) >>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>> dContextValve.java:122) >>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>> uthenticatorBase.java:505) >>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>> stValve.java:169) >>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>> rtValve.java:103) >>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>> RewriteValve.invoke(TenantContextRewriteValve.java:72) >>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>> ke(AuthorizationValve.java:91) >>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>> ke(AuthenticationValve.java:60) >>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>> ocation(CompositeValve.java:99) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>> (CarbonTomcatValve.java:47) >>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>> ntLazyLoaderValve.java:57) >>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>> eValves(TomcatValveContainer.java:47) >>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>> ositeValve.java:62) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>> lve.java:958) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>> invoke(CarbonContextCreatorValve.java:57) >>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>> EngineValve.java:116) >>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>> apter.java:452) >>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>> tractHttp11Processor.java:1087) >>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>> .process(AbstractProtocol.java:637) >>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>> (NioEndpoint.java:1756) >>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>> ioEndpoint.java:1715) >>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>> Executor.java:1142) >>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>> lExecutor.java:617) >>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>> un(TaskThread.java:61) >>> at java.lang.Thread.run(Thread.java:745) >>> >>> >>> [2] https://github.com/wso2-extensions/identity-inbound-auth >>> -saml/blob/183307fac8ae4e4fba139e2449961996c9e1ddf7/componen >>> ts/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/ >>> carbon/identity/sso/saml/builders/assertion/ExtendedDefaultA >>> ssertionBuilder.java#L85-L85 >>> >>> >>> >>> Thanks, >>> Farasath. >>> >>> >>> Farasath Ahamed >>> Software Engineer, WSO2 Inc.; http://wso2.com >>> Mobile: +94777603866 >>> Blog: blog.farazath.com >>> Twitter: @farazath619 <https://twitter.com/farazath619> >>> <http://wso2.com/signature> >>> >>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > Omindu Rathnaweera > Senior Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 <+94%2077%20119%207211> >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
