Attribute value reset when used a dataconnector?

Mohamed Lrhazi lrhazi at cua.edu
Fri Jun 1 21:06:08 EDT 2018 

and by commenting out the following from my config, I can login as expected
to the SP, which requires the employeeID to be released.

<AttributeDefinition id="isMember" xsi:type="Mapped"
sourceAttributeID="eduPersonAffiliation">
    <Dependency ref="sqliteConnector"/>
    <DefaultValue>false</DefaultValue>
    <ValueMap>
        <ReturnValue>true</ReturnValue>
        <SourceValue>member</SourceValue>
    </ValueMap>
</AttributeDefinition>
<AttributeDefinition id="isLawMember" xsi:type="Mapped"
sourceAttributeID="eduPersonScopedAffiliation">
    <Dependency ref="sqliteConnector"/>
    <DefaultValue>false</DefaultValue>
    <ValueMap>
        <ReturnValue>true</ReturnValue>
        <SourceValue partialMatch="true" ignoreCase="true">law_</SourceValue>
    </ValueMap>
</AttributeDefinition>

...

<DataConnector id="sqliteConnector" xsi:type="RelationalDatabase"
readOnlyConnection="false">
    <ApplicationManagedConnection
        jdbcDriver="org.sqlite.JDBC"
jdbcURL="jdbc:sqlite:/data/cua-eduPerson.db"
poolAcquireRetryAttempts="1"/>
    <Dependency ref="employeeID" />
    <QueryTemplate>
        <![CDATA[
        select * from accounts where employeeID='$employeeID.get(0)';
        ]]>
    </QueryTemplate>
    <Column columnName="eduPersonAffiliation"
attributeID="eduPersonAffiliation" />
    <Column columnName="eduPersonPrimaryAffiliation"
attributeID="eduPersonPrimaryAffiliation" />
    <Column columnName="eduPersonScopedAffiliation"
attributeID="eduPersonScopedAffiliation" />
</DataConnector>



On Fri, Jun 1, 2018 at 8:57 PM Mohamed Lrhazi <lrhazi at cua.edu> wrote:

> turns out the issue is still there, I was testing the prod instances
> instead of the test env...
>
> so, I do see in the log that the employeeID got a value from the ldap
> connector, but later, in the log, after the sql connector, it seems to say
> that there are no attributes to release... but it is supposed to release
> employeeID.
>
> 2018-06-01T20:39:16.190790-04:00 idp-prod-1.cua 6d8855831853[1243]:  2018-06-01 20:39:16,186 - lv=DEBUG [net.shibboleth.idp.attribute.resolver.AbstractDataConnector:139] js=1pn4zbp6ic4tzixy8n91w9sab c=10.2.0.215 -  Data Connector 'adLdapConnector': produced the following 6 attributes during resolution [employeeID, memberOf, sn, cn, mail, entryDN]
>
> 2018-06-01T20:39:16.190790-04:00 idp-prod-1.cua 6d8855831853[1243]:  2018-06-01 20:39:16,186 - lv=DEBUG [net.shibboleth.idp.attribute.resolver.AbstractDataConnector:143] js=1pn4zbp6ic4tzixy8n91w9sab c=10.2.0.215 -  Data Connector 'adLdapConnector': Attribute 'employeeID': Values '[StringAttributeValue{value=1600000}]'
>
>
> ...
>
> 2018-06-01T20:39:16.206280-04:00 idp-prod-1.cua 6d8855831853[1243]:  2018-06-01 20:39:16,204 - lv=DEBUG [net.shibboleth.idp.attribute.resolver.dc.rdbms.impl.TemplatedExecutableStatementBuilder:169] js=1pn4zbp6ic4tzixy8n91w9sab c=10.2.0.215 -  Template text select * from accounts where employeeID='$employeeID.get(0)'; yields select * from accounts where employeeID='1600000';
>
> 2018-06-01T20:39:16.224584-04:00 idp-prod-1.cua 6d8855831853[1243]:  Jun 01, 2018 8:39:16 PM com.mchange.v2.c3p0.impl.AbstractPoolBackedDataSource getPoolManager
>
> 2018-06-01T20:39:16.224675-04:00 idp-prod-1.cua 6d8855831853[1243]:  INFO: Initializing c3p0 pool... com.mchange.v2.c3p0.ComboPooledDataSource [ acquireIncrement -> 3, acquireRetryAttempts -> 1, acquireRetryDelay -> 5000, autoCommitOnClose -> false, automaticTestTable -> null, breakAfterAcquireFailure -> true, checkoutTimeout -> 0, connectionCustomizerClassName -> null, connectionTesterClassName -> com.mchange.v2.c3p0.impl.DefaultConnectionTester, dataSourceName -> 1bqq1hf9v1goyvf81wkagy7|67bd351e, debugUnreturnedConnectionStackTraces -> false, description -> null, driverClass -> org.sqlite.JDBC, factoryClassLocation -> null, forceIgnoreUnresolvedTransactions -> false, identityToken -> 1bqq1hf9v1goyvf81wkagy7|67bd351e, idleConnectionTestPeriod -> 180, initialPoolSize -> 3, jdbcUrl -> jdbc:sqlite:/data/cua-eduPerson.db, maxAdministrativeTaskTime -> 0, maxConnectionAge -> 0, maxIdleTime -> 600, maxIdleTimeExcessConnections -> 0, maxPoolSize -> 50, maxStatements -> 0, maxStatementsPerConnection -> 0, minPoolSize -> 2, numHelperThreads -> 3, preferredTestQuery -> null, properties -> {}, propertyCycle -> 0, statementCacheNumDeferredCloseThreads -> 0, testConnectionOnCheckin -> false, testConnectionOnCheckout -> false, unreturnedConnectionTimeout -> 0, userOverrides -> {}, usesTraditionalReflectiveProxies -> false ]
>
> 2018-06-01T20:39:16.251131-04:00 idp-prod-1.cua 6d8855831853[1243]:  2018-06-01 20:39:16,249 - lv=ERROR [net.shibboleth.idp.profile.impl.ResolveAttributes:299] js=1pn4zbp6ic4tzixy8n91w9sab c=10.2.0.215 -  Profile Action ResolveAttributes: Error resolving attributes
>
> 2018-06-01T20:39:16.251131-04:00 idp-prod-1.cua 6d8855831853[1243]:  net.shibboleth.idp.attribute.resolver.ResolutionException: Data Connector 'sqliteConnector': Unable to execute SQL query
>
> 2018-06-01T20:39:16.251131-04:00 idp-prod-1.cua 6d8855831853[1243]:  #011at net.shibboleth.idp.attribute.resolver.dc.rdbms.impl.RDBMSDataConnector.retrieveAttributes(RDBMSDataConnector.java:173)
>
> 2018-06-01T20:39:16.251131-04:00 idp-prod-1.cua 6d8855831853[1243]:  Caused by: org.sqlite.SQLiteException: [SQLITE_ERROR] SQL error or missing database (no such table: accounts)
>
> 2018-06-01T20:39:16.251131-04:00 idp-prod-1.cua 6d8855831853[1243]:  #011at org.sqlite.core.DB.newSQLException(DB.java:909)
>
> 2018-06-01T20:39:16.264150-04:00 idp-prod-1.cua 6d8855831853[1243]:  2018-06-01 20:39:16,262 - lv=DEBUG [net.shibboleth.idp.profile.impl.FilterAttributes:270] js=1pn4zbp6ic4tzixy8n91w9sab c=10.2.0.215 -  Profile Action FilterAttributes: No attribute context, no attributes to filter
>
> ...
>
>
> On Fri, Jun 1, 2018 at 8:20 PM Cantor, Scott <cantor.2 at osu.edu> wrote:
>
>> > Thanks a lot. I broke a rule of debugging and made multiple changes at
>> once...
>> > now I cannot reproduce the "No attributes available" issue...
>>
>> I would expect if you put the database offline and try it, you should get
>> that result, per my last note.
>>
>> -- Scott
>>
>> --
>> For Consortium Member technical support, see
>> https://wiki.shibboleth.net/confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
>
> --
> Thanks,
> Mohamed.
>


-- 
Thanks,
Mohamed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180601/976ec554/attachment.html>

More information about the users mailing list