Problems with StoredID data source
Nikolaos Milas
nmilas at noa.gr
Mon Mar 10 11:46:29 EDT 2014
Hi,
We have a production server running Shibboleth Idp v2.1.5 (Grnet
Federation, Greece) under CentOS 5.9 x86_64 with Tomcat 5 and Java 1.6.
We are planning an upgrade but, for now, we have been asked to publish
asap an "eduPersonTargetedID" attribute, as demonstrated here:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPPersistentNameIdentifier
and
https://www.switch.ch/aai/docs/shibboleth/SWITCH/latest/idp/deployment/#shibboleth-idp
So, until a full upgrade, I installed mysql-connector-java
(mysql-connector-java-5.1.12.jar) and re-built war, then restarted tomcat5.
However, when I define a new storedID Data Connector and I use this Data
Connector, I receive the following error in idp-process.log (the last
four lines -see below- repeating endlessly) and the service fails:
13:41:12.898 - INFO [Shibboleth-Access:73] -
20140310T114112Z|195.251.204.221|login.noa.gr:443|/profile/SAML2/Redirect/SSO|
13:41:13.247 - INFO [Shibboleth-Access:73] -
20140310T114113Z|195.251.204.221|login.noa.gr:443|/profile/SAML2/Redirect/SSO|
13:41:13.750 - ERROR
[edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88]
- Error occured while processing request
java.lang.StackOverflowError: null
at
org.opensaml.xml.util.ValueTypeIndexedMap.subMap(ValueTypeIndexedMap.java:211)
[xmltooling-1.2.1.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext.getResolvedAttributeDefinitions(ShibbolethResolutionContext.java:73)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveAttribute(ShibbolethAttributeResolver.java:282)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveDependencies(ShibbolethAttributeResolver.java:379)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveDataConnector(ShibbolethAttributeResolver.java:342)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveDependencies(ShibbolethAttributeResolver.java:377)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveAttribute(ShibbolethAttributeResolver.java:303)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveDependencies(ShibbolethAttributeResolver.java:379)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveDataConnector(ShibbolethAttributeResolver.java:342)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.resolveDependencies(ShibbolethAttributeResolver.java:377)
[shibboleth-common-1.1.4.jar:na]
...
I can't see an obvious problem with xmltooling-1.2.1.jar and
shibboleth-common-1.1.4.jar (both are installed and available).
So, what does it complain for ?
Other relevant packages used:
# /usr/local/shibboleth-idp/bin/version.sh
shibboleth-identityprovider version 2.1.5
and:
mysql-5.5.36-1.el5.remi
mysql-connector-odbc-3.51.26r1127-2.el5
mysql-libs-5.5.36-1.el5.remi
mysql-server-5.5.36-1.el5.remi
mysqlclient15-5.0.67-1.el5.remi
mysql-connector-java-5.1.12-2.el5
java-1.6.0-openjdk-1.6.0.0-4.1.13.1.el5_10
java-1.4.2-gcj-compat-1.4.2.0-40jpp.115
tzdata-java-2013i-2.el5
java-1.6.0-openjdk-devel-1.6.0.0-4.1.13.1.el5_10
tomcat5-jasper-5.5.23-0jpp.40.el5_9
tomcat5-common-lib-5.5.23-0jpp.40.el5_9
tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9
tomcat5-server-lib-5.5.23-0jpp.40.el5_9
tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9
tomcat5-5.5.23-0jpp.40.el5_9
=====================================================================================================
Failing configuration (in attribute-resolver.xml):
=====================================================================================================
...
<resolver:AttributeDefinition id="eduPersonTargetedID"
xsi:type="Simple"
xmlns="urn:mace:shibboleth:2.0:resolver:ad"
sourceAttributeID="storedID">
<resolver:Dependency ref="myStoredId"/>
<resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
<resolver:AttributeEncoder xsi:type="SAML2StringNameID"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
</resolver:AttributeDefinition>
...
<!-- StoredID (persistentID) Connector -->
<resolver:DataConnector id="myStoredId"
xsi:type="dc:StoredId"
sourceAttributeID="eduPersonTargetedID"
salt="mystrangesaltstring">
<resolver:Dependency ref="eduPersonTargetedID" />
<dc:ApplicationManagedConnection
jdbcDriver="com.mysql.jdbc.Driver"
jdbcURL="jdbc:mysql://localhost:3306/shibboleth?autoReconnect=true"
jdbcUserName="dbuser"
jdbcPassword="dbpassword" />
</resolver:DataConnector>
...
<resolver:PrincipalConnector xsi:type="pc:StoredId"
id="saml2Persistent"
nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
storedIdDataConnectorRef="myStoredId" />
=====================================================================================================
Can you please advise me on how to resolve this issue?
I know little about java, tomcat and shibboleth, but this is a service
we have to maintain.
Thanks in advance,
Nick
More information about the users
mailing list