Re: [Dev] [IS] Error printed on SAML SSO with IS 5.3.0
On Thu, Apr 13, 2017 at 10:48 AM, Omindu Rathnaweerawrote: > Better if we can use something other than VARCHAR to store the assertion > when we are fixing this since the size of the assertion can't be > guaranteed. eg: TEXT in MySQL. [1] > +1. Created a JIRA[1] to track this. [1] https://wso2.org/jira/browse/IDENTITY-5863 > > [1] - http://stackoverflow.com/a/2907484 > > Regards, > Omindu > > On Thu, Apr 13, 2017 at 7:58 AM, Johann Nallathamby > wrote: > >> >> >> On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamed >> wrote: >> >>> Noticed that the below error[1] was getting printed when I was trying >>> out SAML SSO with IS 5.3.0. >>> >>> This error is coming when trying to insert the assertion[2] in >>> IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile >>> implementation. >>> >>> This is only required if we are using this feature. But by default we >>> have changed the SAMLAssertionBuilder from >>> "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder". >>> This also this means that we are doing a DB insert everytime we build an >>> assertion which is not required if we don't use SAML Attribute Query >>> profile at all. >>> >>> Any specific reason why we decided to have the >>> ExtendedDefaultAssertionBuilder >>> as our default assertion builder implementation? >>> >> >> 1. To improve OOTB experience for users minimize configuration changes to >> setup a feature. >> 2. Turn on features as much as possible so that developers can identify >> errors early/easily as possible - exactly the case in this scenario. >> >> >>> >>> >>> [1] >>> [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso. >>> saml.builders.assertion.ExtendedDefaultAssertionBuilder} - Error while >>> writing data >>> org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION >>> VARCHAR(4096)": "STRINGDECODE('>> encoding=\""UTF-8\""?>\n>> ID=\""_34d56ef1f5ec3af39bb21cd41909184c\"" >>> IssueInstant... (4678)"; SQL statement: >>> INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT, >>> SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES >>> (?,?,?,?,?,?) [22001-175] >>> at org.h2.message.DbException.getJdbcSQLException(DbException.java:332) >>> at org.h2.message.DbException.get(DbException.java:172) >>> at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317) >>> at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713) >>> at org.h2.command.dml.Insert.insertRows(Insert.java:152) >>> at org.h2.command.dml.Insert.update(Insert.java:115) >>> at org.h2.command.CommandContainer.update(CommandContainer.java:79) >>> at org.h2.command.Command.executeUpdate(Command.java:253) >>> at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc >>> PreparedStatement.java:154) >>> at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared >>> Statement.java:140) >>> at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende >>> dDefaultAssertionBuilder.buildAssertion(ExtendedDefaultAsser >>> tionBuilder.java:87) >>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML >>> Assertion(SAMLSSOUtil.java:695) >>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >>> ilder.buildResponse(DefaultResponseBuilder.java:68) >>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >>> e(SAMLSSOService.java:164) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >>> rServlet.java:713) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.handleRequest(SAMLSSOProviderServlet.java:179) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.doGet(SAMLSSOProviderServlet.java:96) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>> rvice(ContextPathServletAdaptor.java:37) >>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>> n.service(ServletRegistration.java:61) >>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>> ssAlias(ProxyServlet.java:128) >>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>> ce(ProxyServlet.java:60) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>> (DelegationServlet.java:68) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:303) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>> r.java:52)
Re: [Dev] [IS] Error printed on SAML SSO with IS 5.3.0
On Thu, Apr 13, 2017 at 7:58 AM, Johann Nallathambywrote: > > > On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamed > wrote: > >> Noticed that the below error[1] was getting printed when I was trying out >> SAML SSO with IS 5.3.0. >> >> This error is coming when trying to insert the assertion[2] in >> IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile >> implementation. >> >> This is only required if we are using this feature. But by default we >> have changed the SAMLAssertionBuilder from >> "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder". >> This also this means that we are doing a DB insert everytime we build an >> assertion which is not required if we don't use SAML Attribute Query >> profile at all. >> >> Any specific reason why we decided to have the >> ExtendedDefaultAssertionBuilder >> as our default assertion builder implementation? >> > > 1. To improve OOTB experience for users minimize configuration changes to > setup a feature. > 2. Turn on features as much as possible so that developers can identify > errors early/easily as possible - exactly the case in this scenario. > Sounds fair. As of now we have a workaround to change the AssertionBuilder to " DefaultSAMLAssertionBuilder". Shouldn't we document this somewhere so that people who do not want to use SAML Attribute Query can switch to DefaultSAMLAssertionBuilder? > >> >> >> [1] >> [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso. >> saml.builders.assertion.ExtendedDefaultAssertionBuilder} - Error while >> writing data >> org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION >> VARCHAR(4096)": "STRINGDECODE('> encoding=\""UTF-8\""?>\n> ID=\""_34d56ef1f5ec3af39bb21cd41909184c\"" >> IssueInstant... (4678)"; SQL statement: >> INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT, >> SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES >> (?,?,?,?,?,?) [22001-175] >> at org.h2.message.DbException.getJdbcSQLException(DbException.java:332) >> at org.h2.message.DbException.get(DbException.java:172) >> at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317) >> at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713) >> at org.h2.command.dml.Insert.insertRows(Insert.java:152) >> at org.h2.command.dml.Insert.update(Insert.java:115) >> at org.h2.command.CommandContainer.update(CommandContainer.java:79) >> at org.h2.command.Command.executeUpdate(Command.java:253) >> at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc >> PreparedStatement.java:154) >> at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared >> Statement.java:140) >> at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende >> dDefaultAssertionBuilder.buildAssertion(ExtendedDefaultAsser >> tionBuilder.java:87) >> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML >> Assertion(SAMLSSOUtil.java:695) >> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >> ilder.buildResponse(DefaultResponseBuilder.java:68) >> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >> e(SAMLSSOService.java:164) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >> rServlet.java:713) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleRequest(SAMLSSOProviderServlet.java:179) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.doGet(SAMLSSOProviderServlet.java:96) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >> rvice(ContextPathServletAdaptor.java:37) >> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >> n.service(ServletRegistration.java:61) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >> ssAlias(ProxyServlet.java:128) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >> ce(ProxyServlet.java:60) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >> (DelegationServlet.java:68) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:303) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at
Re: [Dev] [IS] Error printed on SAML SSO with IS 5.3.0
Better if we can use something other than VARCHAR to store the assertion when we are fixing this since the size of the assertion can't be guaranteed. eg: TEXT in MySQL. [1] [1] - http://stackoverflow.com/a/2907484 Regards, Omindu On Thu, Apr 13, 2017 at 7:58 AM, Johann Nallathambywrote: > > > On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamed > wrote: > >> Noticed that the below error[1] was getting printed when I was trying out >> SAML SSO with IS 5.3.0. >> >> This error is coming when trying to insert the assertion[2] in >> IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile >> implementation. >> >> This is only required if we are using this feature. But by default we >> have changed the SAMLAssertionBuilder from >> "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder". >> This also this means that we are doing a DB insert everytime we build an >> assertion which is not required if we don't use SAML Attribute Query >> profile at all. >> >> Any specific reason why we decided to have the >> ExtendedDefaultAssertionBuilder >> as our default assertion builder implementation? >> > > 1. To improve OOTB experience for users minimize configuration changes to > setup a feature. > 2. Turn on features as much as possible so that developers can identify > errors early/easily as possible - exactly the case in this scenario. > > >> >> >> [1] >> [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso. >> saml.builders.assertion.ExtendedDefaultAssertionBuilder} - Error while >> writing data >> org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION >> VARCHAR(4096)": "STRINGDECODE('> encoding=\""UTF-8\""?>\n> ID=\""_34d56ef1f5ec3af39bb21cd41909184c\"" >> IssueInstant... (4678)"; SQL statement: >> INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT, >> SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES >> (?,?,?,?,?,?) [22001-175] >> at org.h2.message.DbException.getJdbcSQLException(DbException.java:332) >> at org.h2.message.DbException.get(DbException.java:172) >> at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317) >> at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713) >> at org.h2.command.dml.Insert.insertRows(Insert.java:152) >> at org.h2.command.dml.Insert.update(Insert.java:115) >> at org.h2.command.CommandContainer.update(CommandContainer.java:79) >> at org.h2.command.Command.executeUpdate(Command.java:253) >> at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc >> PreparedStatement.java:154) >> at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared >> Statement.java:140) >> at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende >> dDefaultAssertionBuilder.buildAssertion(ExtendedDefaultAsser >> tionBuilder.java:87) >> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML >> Assertion(SAMLSSOUtil.java:695) >> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >> ilder.buildResponse(DefaultResponseBuilder.java:68) >> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >> e(SAMLSSOService.java:164) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >> rServlet.java:713) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleRequest(SAMLSSOProviderServlet.java:179) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.doGet(SAMLSSOProviderServlet.java:96) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >> rvice(ContextPathServletAdaptor.java:37) >> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >> n.service(ServletRegistration.java:61) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >> ssAlias(ProxyServlet.java:128) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >> ce(ProxyServlet.java:60) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >> (DelegationServlet.java:68) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:303) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt >>
Re: [Dev] [IS] Error printed on SAML SSO with IS 5.3.0
On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamedwrote: > Noticed that the below error[1] was getting printed when I was trying out > SAML SSO with IS 5.3.0. > > This error is coming when trying to insert the assertion[2] in > IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile > implementation. > > This is only required if we are using this feature. But by default we have > changed the SAMLAssertionBuilder from > "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder". This > also this means that we are doing a DB insert everytime we build an > assertion which is not required if we don't use SAML Attribute Query > profile at all. > > Any specific reason why we decided to have the ExtendedDefaultAssertionBuilder > as our default assertion builder implementation? > 1. To improve OOTB experience for users minimize configuration changes to setup a feature. 2. Turn on features as much as possible so that developers can identify errors early/easily as possible - exactly the case in this scenario. > > > [1] > [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso. > saml.builders.assertion.ExtendedDefaultAssertionBuilder} - Error while > writing data > org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION > VARCHAR(4096)": "STRINGDECODE(' encoding=\""UTF-8\""?>\n ID=\""_34d56ef1f5ec3af39bb21cd41909184c\"" > IssueInstant... (4678)"; SQL statement: > INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT, > SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES > (?,?,?,?,?,?) [22001-175] > at org.h2.message.DbException.getJdbcSQLException(DbException.java:332) > at org.h2.message.DbException.get(DbException.java:172) > at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317) > at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713) > at org.h2.command.dml.Insert.insertRows(Insert.java:152) > at org.h2.command.dml.Insert.update(Insert.java:115) > at org.h2.command.CommandContainer.update(CommandContainer.java:79) > at org.h2.command.Command.executeUpdate(Command.java:253) > at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc > PreparedStatement.java:154) > at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared > Statement.java:140) > at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende > dDefaultAssertionBuilder.buildAssertion(ExtendedDefault > AssertionBuilder.java:87) > at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML > Assertion(SAMLSSOUtil.java:695) > at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu > ilder.buildResponse(DefaultResponseBuilder.java:68) > at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR > equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) > at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat > e(SAMLSSOService.java:164) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide > rServlet.java:713) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.handleRequest(SAMLSSOProviderServlet.java:179) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.doGet(SAMLSSOProviderServlet.java:96) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se > rvice(ContextPathServletAdaptor.java:37) > at org.eclipse.equinox.http.servlet.internal.ServletRegistratio > n.service(ServletRegistration.java:61) > at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce > ssAlias(ProxyServlet.java:128) > at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi > ce(ProxyServlet.java:60) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service > (DelegationServlet.java:68) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:303) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt > er(CaptchaFilter.java:76) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte > r(HttpHeaderSecurityFilter.java:120) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >