issue with Salesforce and memcache storageservice

Manuel Haim haim at hrz.uni-marburg.de
Thu Jan 29 04:39:11 EST 2015 

Hi Liam,

I've just read your private mail, but will answer here, as it seems to
be of general interest.

Indeed, memcached has a maximum key size of 250 chars, and the
spymemcached library itself raises an error if the key is longer than
250 chars. There may be other implementations which just cut off
characters, or hash longer keys.

Hashing longer keys within the IdP Memcached StorageService may help in
most cases, though there might be a slight chance of hash collisions
(i.e. different keys which result in the same hash value). However, I
will add this as an option and inform you when the new version is
available for download.

Kind regards,
Manuel




Am 29.01.2015 um 03:16 schrieb Kasa, Nubli:
> Liam,
> 
>  
> 
>    We actually ran into this issue recently. Basically, Salesforce
> “Authn Request message ID” they are sending is way too long and they
> have no way of shortening it. I ended up modifying the code and created
> a prototype for the memcache storageservice plugin by hashing the key if
> the key is longer than 250. Let me know if you need further detail.
> 
>  
> 
> -Nubli
> 
> Indiana University
> 
>  
> 
>  
> 
> *From:*users-bounces at shibboleth.net
> [mailto:users-bounces at shibboleth.net] *On Behalf Of *Liam Hoekenga
> *Sent:* Tuesday, January 27, 2015 12:06 PM
> *To:* Shib Users
> *Subject:* issue with Salesforce and memcache storageservice
> 
>  
> 
> Hey folks -
> 
>  
> 
> We're using IdP 2.4.3 and the memcache storageservice plugin
> (unimr-memcached-idp-2.4-rev218.jar + spymemcached-2.7.jar).
> 
>  
> 
> We're running into an issue where the session key being issued is too
> long for the spy memcache implementation:
> 
>  
> 
> 11:53:07.995 - XXX.XXX.XXX.XXX - DEBUG
> [unimr.shib2.UniMrMemcachedStorageService:133] - storageService.get(
> replay,
> https://example.my.salesforce.com_2yXH_BiHmM6_STHvAyHiYsM8z6yLR4HP_lA94lj5IXktcoEq2dWTsKnS6iaJCKk1MPWSgcGpKraOAuPiOeMwNFQ2Rqdcy3exaDZSZAj8DodV7BnAt6ea8PJaEjEdblkhtsOQjMfvBDEBreKjFb7I3bIBKPPKdhpVhu3kdzZlagX7BTxDFY0s2B8lJsULn6jgfBhj9cq9epgOSIookTzaKlADAZfCFow)
> called.
> 
> 11:53:08.012 - XXX.XXX.XXX.XXX - ERROR
> [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88]
> - Error occurred while processing request
> 
> java.lang.IllegalArgumentException: Key is too long (maxlen = 250)
> 
>  
> 
> I'll poke the people at DFN-AAI, but I was wondering if anyone has run
> into this before?  Can Salesforce be configured to use shorter keys? 
> Can the keys be reduced in length (via hashing?) before they're sent to
> the storage service?
> 
>  
> 
> Liam
> 
> 
>

More information about the users mailing list