ERROR org.opensaml.storage.impl.JPAStorageService:337

Jarno Huuskonen jarno.huuskonen at uef.fi
Mon Apr 11 05:16:39 EDT 2016 

Hi,

On Fri, Mar 04, Sami Silén wrote:
> Hi,
> 
> did you find any solution for this? 

We just had a case where user couldn't login to one service,
problem turned out to be that they had their consent information
under 'username' but now they we're logging in with 'Username'
->
ERROR [org.opensaml.storage.impl.JPAStorageService:177
] ...
ERROR [net.shibboleth.idp.authn:-2] ... Uncaugh
Uncaught runtime exception
javax.persistence.RollbackException: Error while committing the transaction
        at org.hibernate.jpa.internal.TransactionImpl.commit(TransactionImpl.java:94)
Caused by: javax.persistence.PersistenceException: org.hibernate.HibernateException: identifier of an instance of org.opensaml.storage.impl.JPAStorageRecord was altered from org.opensaml.storage.impl.JPAStorageRecord$RecordId at 25410544 to org.opensaml.storage.impl.JPAStorageRecord$RecordId at 82ce3124
        at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1763)
Caused by: org.hibernate.HibernateException: identifier of an instance of org.opensaml.storage.impl.JPAStorageRecord was altered from org.opensaml.storage.impl.JPAStorageRecord$RecordId at 25410544 to org.opensaml.storage.impl.JPAStorageRecord$RecordId at 82ce3124
        at org.hibernate.event.internal.DefaultFlushEntityEventListener.checkId(DefaultFlushEntityEventListener.java:80)

--> this means that user couldn't login to service at all :(
(idp 3.1.2, but same problem happens with 3.2.1).

Setting id="shibboleth.authn.Password.Lowercase" to TRUE in
authn/password-authn-config.xml seems to be a workaround for this.

We've also seen multiple broken jdbc-connection pools, I've tested
at least Hikari and c3p0 and they both seem to "die" eventually. Also tomcat
filedescriptor usage seems to increase over time, maybe these uncaught jdbc
exceptions leak connections/descriptors ?

-Jarno

> Yesterday I noticed same behavior with same line numbers resulting to breakage of connection pooling and broken IdP.
> I also noticed that user tried to use uppercase username which could have caused this. When I tested login with uppercase username I did get similar error with same line numbers but connection pooling didn't break.
> I think that my next step is to force usernames to lowercase on template.
> 
> I am running IDP3.2.1
> 
> // Sami
> 
> 2016-03-03 15:51:23,213 - ERROR [org.opensaml.storage.impl.JPAStorageService:337] - Error committing transaction
> javax.persistence.RollbackException: Error while committing the transaction
> 	at org.hibernate.jpa.internal.TransactionImpl.commit(TransactionImpl.java:94)
> Caused by: javax.persistence.PersistenceException: org.hibernate.HibernateException: identifier of an instance of org.opensaml.storage.impl.JPAStorageRecord was altered from intercept/attribute-release:<USER wihout capital>:_
> key_idx to intercept/attribute-release:<USER (with capital)>:_key_idx
> 	at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1763)
> Caused by: org.hibernate.HibernateException: identifier of an instance of org.opensaml.storage.impl.JPAStorageRecord was altered from intercept/attribute-release:<USER without capital>:_key_idx to intercept/attribute-release:<USER with capital>:_key_idx
> 	at org.hibernate.event.internal.DefaultFlushEntityEventListener.checkId(DefaultFlushEntityEventListener.java:80)
> 2016-03-03 15:51:38,217 - WARN [org.hibernate.engine.jdbc.spi.SqlExceptionHelper:144] - SQL Error: 0, SQLState: null
> 2016-03-03 15:51:38,218 - ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper:146] - Cannot get a connection, pool error Timeout waiting for idle object
> 2016-03-03 15:51:38,229 - ERROR [org.opensaml.storage.impl.JPAStorageService:443] - Error updating record '<USER without capital>:_key_idx' in context 'intercept/attribute-release'
> javax.persistence.PersistenceException: org.hibernate.exception.GenericJDBCException: Could not open connection
> 
> 
> > No, I don't see the same exception from different line, but
> > sometimes ERROR [org.opensaml.storage.impl.JPAStorageService:323] ...
> > Error reading record 'usernmame:servicename' in context
> > 'intercept/attribute-release' but with these jdbc/mysql also logs
> > com.mysql.jdbc ...
> > Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
> > Communications link failure ...
> > 
> > But all "Caused by: javax.persistence.PersistenceException:
> > org.hibernate.HibernateException: identifier of an instance ..." errors
> > are from org.opensaml.storage.impl.JPAStorageService:337
> > (and no jdbc/mysql exceptions).
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

-- 
Jarno Huuskonen

More information about the users mailing list