Re: [Dev] [IS] Error printed on SAML SSO with IS 5.3.0

2017-04-12 Thread Farasath Ahamed 
On Thu, Apr 13, 2017 at 10:48 AM, Omindu Rathnaweera 
wrote:

> Better if we can use something other than VARCHAR to store the assertion
> when we are fixing this since the size of the assertion can't be
> guaranteed. eg: TEXT in MySQL. [1]
>

+1. Created a JIRA[1] to track this.


[1] https://wso2.org/jira/browse/IDENTITY-5863




>
> [1] - http://stackoverflow.com/a/2907484
>
> Regards,
> Omindu
>
> On Thu, Apr 13, 2017 at 7:58 AM, Johann Nallathamby 
> wrote:
>
>>
>>
>> On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamed 
>> wrote:
>>
>>> Noticed that the below error[1] was getting printed when I was trying
>>> out SAML SSO with IS 5.3.0.
>>>
>>> This error is coming when trying to insert the assertion[2] in
>>> IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile
>>> implementation.
>>>
>>> This is only required if we are using this feature. But by default we
>>> have changed the SAMLAssertionBuilder from
>>> "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder".
>>> This also  this means that we are doing a DB insert everytime we build an
>>> assertion which is not required if we don't use SAML Attribute Query
>>> profile at all.
>>>
>>> Any specific reason why we decided to have the 
>>> ExtendedDefaultAssertionBuilder
>>> as our default assertion builder implementation?
>>>
>>
>> 1. To improve OOTB experience for users minimize configuration changes to
>> setup a feature.
>> 2. Turn on features as much as possible so that developers can identify
>> errors early/easily as possible - exactly the case in this scenario.
>>
>>
>>>
>>>
>>> [1]
>>> [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso.
>>> saml.builders.assertion.ExtendedDefaultAssertionBuilder} -  Error while
>>> writing data
>>> org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION
>>> VARCHAR(4096)": "STRINGDECODE('>> encoding=\""UTF-8\""?>\n>> ID=\""_34d56ef1f5ec3af39bb21cd41909184c\""
>>> IssueInstant... (4678)"; SQL statement:
>>> INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT,
>>> SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES
>>> (?,?,?,?,?,?) [22001-175]
>>> at org.h2.message.DbException.getJdbcSQLException(DbException.java:332)
>>> at org.h2.message.DbException.get(DbException.java:172)
>>> at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317)
>>> at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713)
>>> at org.h2.command.dml.Insert.insertRows(Insert.java:152)
>>> at org.h2.command.dml.Insert.update(Insert.java:115)
>>> at org.h2.command.CommandContainer.update(CommandContainer.java:79)
>>> at org.h2.command.Command.executeUpdate(Command.java:253)
>>> at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc
>>> PreparedStatement.java:154)
>>> at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared
>>> Statement.java:140)
>>> at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende
>>> dDefaultAssertionBuilder.buildAssertion(ExtendedDefaultAsser
>>> tionBuilder.java:87)
>>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML
>>> Assertion(SAMLSSOUtil.java:695)
>>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu
>>> ilder.buildResponse(DefaultResponseBuilder.java:68)
>>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR
>>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167)
>>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat
>>> e(SAMLSSOService.java:164)
>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide
>>> rServlet.java:713)
>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>>> vlet.handleRequest(SAMLSSOProviderServlet.java:179)
>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>>> vlet.doGet(SAMLSSOProviderServlet.java:96)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se
>>> rvice(ContextPathServletAdaptor.java:37)
>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
>>> n.service(ServletRegistration.java:61)
>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
>>> ssAlias(ProxyServlet.java:128)
>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
>>> ce(ProxyServlet.java:60)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
>>> (DelegationServlet.java:68)
>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>> lter(ApplicationFilterChain.java:303)
>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>> licationFilterChain.java:208)
>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte
>>> r.java:52)

Re: [Dev] [IS] Error printed on SAML SSO with IS 5.3.0

2017-04-12 Thread Farasath Ahamed 
On Thu, Apr 13, 2017 at 7:58 AM, Johann Nallathamby  wrote:

>
>
> On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamed 
> wrote:
>
>> Noticed that the below error[1] was getting printed when I was trying out
>> SAML SSO with IS 5.3.0.
>>
>> This error is coming when trying to insert the assertion[2] in
>> IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile
>> implementation.
>>
>> This is only required if we are using this feature. But by default we
>> have changed the SAMLAssertionBuilder from
>> "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder".
>> This also  this means that we are doing a DB insert everytime we build an
>> assertion which is not required if we don't use SAML Attribute Query
>> profile at all.
>>
>> Any specific reason why we decided to have the 
>> ExtendedDefaultAssertionBuilder
>> as our default assertion builder implementation?
>>
>
> 1. To improve OOTB experience for users minimize configuration changes to
> setup a feature.
> 2. Turn on features as much as possible so that developers can identify
> errors early/easily as possible - exactly the case in this scenario.
>

Sounds fair.

As of now we have a workaround to change the AssertionBuilder to  "
DefaultSAMLAssertionBuilder". Shouldn't we document this somewhere so that
people who do not want to use SAML Attribute Query can switch to
DefaultSAMLAssertionBuilder?


>
>>
>>
>> [1]
>> [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso.
>> saml.builders.assertion.ExtendedDefaultAssertionBuilder} -  Error while
>> writing data
>> org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION
>> VARCHAR(4096)": "STRINGDECODE('> encoding=\""UTF-8\""?>\n> ID=\""_34d56ef1f5ec3af39bb21cd41909184c\""
>> IssueInstant... (4678)"; SQL statement:
>> INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT,
>> SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES
>> (?,?,?,?,?,?) [22001-175]
>> at org.h2.message.DbException.getJdbcSQLException(DbException.java:332)
>> at org.h2.message.DbException.get(DbException.java:172)
>> at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317)
>> at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713)
>> at org.h2.command.dml.Insert.insertRows(Insert.java:152)
>> at org.h2.command.dml.Insert.update(Insert.java:115)
>> at org.h2.command.CommandContainer.update(CommandContainer.java:79)
>> at org.h2.command.Command.executeUpdate(Command.java:253)
>> at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc
>> PreparedStatement.java:154)
>> at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared
>> Statement.java:140)
>> at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende
>> dDefaultAssertionBuilder.buildAssertion(ExtendedDefaultAsser
>> tionBuilder.java:87)
>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML
>> Assertion(SAMLSSOUtil.java:695)
>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu
>> ilder.buildResponse(DefaultResponseBuilder.java:68)
>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR
>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167)
>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat
>> e(SAMLSSOService.java:164)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide
>> rServlet.java:713)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.handleRequest(SAMLSSOProviderServlet.java:179)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.doGet(SAMLSSOProviderServlet.java:96)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se
>> rvice(ContextPathServletAdaptor.java:37)
>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
>> n.service(ServletRegistration.java:61)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
>> ssAlias(ProxyServlet.java:128)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
>> ce(ProxyServlet.java:60)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
>> (DelegationServlet.java:68)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:303)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:241)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:208)
>> at

Re: [Dev] [IS] Error printed on SAML SSO with IS 5.3.0

2017-04-12 Thread Omindu Rathnaweera 
Better if we can use something other than VARCHAR to store the assertion
when we are fixing this since the size of the assertion can't be
guaranteed. eg: TEXT in MySQL. [1]

[1] - http://stackoverflow.com/a/2907484

Regards,
Omindu

On Thu, Apr 13, 2017 at 7:58 AM, Johann Nallathamby  wrote:

>
>
> On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamed 
> wrote:
>
>> Noticed that the below error[1] was getting printed when I was trying out
>> SAML SSO with IS 5.3.0.
>>
>> This error is coming when trying to insert the assertion[2] in
>> IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile
>> implementation.
>>
>> This is only required if we are using this feature. But by default we
>> have changed the SAMLAssertionBuilder from
>> "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder".
>> This also  this means that we are doing a DB insert everytime we build an
>> assertion which is not required if we don't use SAML Attribute Query
>> profile at all.
>>
>> Any specific reason why we decided to have the 
>> ExtendedDefaultAssertionBuilder
>> as our default assertion builder implementation?
>>
>
> 1. To improve OOTB experience for users minimize configuration changes to
> setup a feature.
> 2. Turn on features as much as possible so that developers can identify
> errors early/easily as possible - exactly the case in this scenario.
>
>
>>
>>
>> [1]
>> [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso.
>> saml.builders.assertion.ExtendedDefaultAssertionBuilder} -  Error while
>> writing data
>> org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION
>> VARCHAR(4096)": "STRINGDECODE('> encoding=\""UTF-8\""?>\n> ID=\""_34d56ef1f5ec3af39bb21cd41909184c\""
>> IssueInstant... (4678)"; SQL statement:
>> INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT,
>> SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES
>> (?,?,?,?,?,?) [22001-175]
>> at org.h2.message.DbException.getJdbcSQLException(DbException.java:332)
>> at org.h2.message.DbException.get(DbException.java:172)
>> at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317)
>> at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713)
>> at org.h2.command.dml.Insert.insertRows(Insert.java:152)
>> at org.h2.command.dml.Insert.update(Insert.java:115)
>> at org.h2.command.CommandContainer.update(CommandContainer.java:79)
>> at org.h2.command.Command.executeUpdate(Command.java:253)
>> at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc
>> PreparedStatement.java:154)
>> at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared
>> Statement.java:140)
>> at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende
>> dDefaultAssertionBuilder.buildAssertion(ExtendedDefaultAsser
>> tionBuilder.java:87)
>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML
>> Assertion(SAMLSSOUtil.java:695)
>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu
>> ilder.buildResponse(DefaultResponseBuilder.java:68)
>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR
>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167)
>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat
>> e(SAMLSSOService.java:164)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide
>> rServlet.java:713)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.handleRequest(SAMLSSOProviderServlet.java:179)
>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
>> vlet.doGet(SAMLSSOProviderServlet.java:96)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se
>> rvice(ContextPathServletAdaptor.java:37)
>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
>> n.service(ServletRegistration.java:61)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
>> ssAlias(ProxyServlet.java:128)
>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
>> ce(ProxyServlet.java:60)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
>> (DelegationServlet.java:68)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:303)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:241)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:208)
>> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt
>>

Re: [Dev] [IS] Error printed on SAML SSO with IS 5.3.0

2017-04-12 Thread Johann Nallathamby 
On Wed, Apr 12, 2017 at 11:24 PM, Farasath Ahamed 
wrote:

> Noticed that the below error[1] was getting printed when I was trying out
> SAML SSO with IS 5.3.0.
>
> This error is coming when trying to insert the assertion[2] in
> IDN_SAML2_ASSERTION_STORE which is used by SAML Attribute Query Profile
> implementation.
>
> This is only required if we are using this feature. But by default we have
> changed the SAMLAssertionBuilder from
> "DefaultSAMLAssertionBuilder" to "ExtendedDefaultAssertionBuilder".  This
> also  this means that we are doing a DB insert everytime we build an
> assertion which is not required if we don't use SAML Attribute Query
> profile at all.
>
> Any specific reason why we decided to have the ExtendedDefaultAssertionBuilder
> as our default assertion builder implementation?
>

1. To improve OOTB experience for users minimize configuration changes to
setup a feature.
2. Turn on features as much as possible so that developers can identify
errors early/easily as possible - exactly the case in this scenario.


>
>
> [1]
> [2017-04-12 22:49:14,441] ERROR {org.wso2.carbon.identity.sso.
> saml.builders.assertion.ExtendedDefaultAssertionBuilder} -  Error while
> writing data
> org.h2.jdbc.JdbcSQLException: Value too long for column "SAML2_ASSERTION
> VARCHAR(4096)": "STRINGDECODE(' encoding=\""UTF-8\""?>\n ID=\""_34d56ef1f5ec3af39bb21cd41909184c\""
> IssueInstant... (4678)"; SQL statement:
> INSERT INTO IDN_SAML2_ASSERTION_STORE(SAML2_ID,SAML2_ISSUER,SAML2_SUBJECT,
> SAML2_SESSION_INDEX, SAML2_AUTHN_CONTEXT_CLASS_REF ,SAML2_ASSERTION) VALUES
> (?,?,?,?,?,?) [22001-175]
> at org.h2.message.DbException.getJdbcSQLException(DbException.java:332)
> at org.h2.message.DbException.get(DbException.java:172)
> at org.h2.table.Column.validateConvertUpdateSequence(Column.java:317)
> at org.h2.table.Table.validateConvertUpdateSequence(Table.java:713)
> at org.h2.command.dml.Insert.insertRows(Insert.java:152)
> at org.h2.command.dml.Insert.update(Insert.java:115)
> at org.h2.command.CommandContainer.update(CommandContainer.java:79)
> at org.h2.command.Command.executeUpdate(Command.java:253)
> at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(Jdbc
> PreparedStatement.java:154)
> at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPrepared
> Statement.java:140)
> at org.wso2.carbon.identity.sso.saml.builders.assertion.Extende
> dDefaultAssertionBuilder.buildAssertion(ExtendedDefault
> AssertionBuilder.java:87)
> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.buildSAML
> Assertion(SAMLSSOUtil.java:695)
> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu
> ilder.buildResponse(DefaultResponseBuilder.java:68)
> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR
> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167)
> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat
> e(SAMLSSOService.java:164)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide
> rServlet.java:713)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.handleRequest(SAMLSSOProviderServlet.java:179)
> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer
> vlet.doGet(SAMLSSOProviderServlet.java:96)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se
> rvice(ContextPathServletAdaptor.java:37)
> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
> n.service(ServletRegistration.java:61)
> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
> ssAlias(ProxyServlet.java:128)
> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
> ce(ProxyServlet.java:60)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service
> (DelegationServlet.java:68)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:303)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt
> er(CaptchaFilter.java:76)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:208)
> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte
> r(HttpHeaderSecurityFilter.java:120)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>