Handling empty LDAP connection pools on IdP start-up

Simone Lanzarini s.lanzarini at cineca.it
Fri Mar 30 09:45:09 EDT 2018 

Hi All,
I would like to use
validatorRef="shibboleth.NonFailFastValidator"
also in a RelationalDatabase connector, as documented here:
 
https://wiki.shibboleth.net/confluence/display/IDP30/RelationalDatabaseConnector#RelationalDatabaseConnector-Attributes

This configuration on the LDAP connector works for me:

    <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
        baseDN="%{idp.attribute.resolver.LDAP.baseDN}" 
        principal="%{idp.attribute.resolver.LDAP.bindDN}"
       
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
        connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
        responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
        validatorRef="shibboleth.NonFailFastValidator" >
        <FilterTemplate>
            
        </FilterTemplate>
        <ConnectionPool
            minPoolSize="%{idp.pool.LDAP.minSize:3}"
            maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
            blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
           
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
            validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
            expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"
            failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}"
/>
    </DataConnector>

if I change che ldap password with a fake one, and I try to restart the IDP,
the IDP application starts "successfully" (obviously showing invalid
credentials errors).

If I try to do the same on the RelationalDatabase connector and I change the
db address with a fake one (the same if I modify the password), the IDP
application doesn't start.

this is the config: 

       
        <DataConnector id="myDB" xsi:type="RelationalDatabase" 
                validatorRef="shibboleth.NonFailFastValidator">
                <ContainerManagedConnection
resourceName="java:comp/env/jdbc/ESSE3" />
                <QueryTemplate>
                        
                </QueryTemplate>
                <Column columnName="USERNAME" attributeID="uid" />
        </DataConnector>

an
2018-03-30 15:34:40,853 - ERROR
[net.shibboleth.idp.attribute.resolver.spring.dc.impl.ManagedConnectionParser:261]
- Managed data source 'java:comp/env/jdbc/ESSE3' could not be found
javax.naming.NamingException: IO Error: The Network Adapter could not
establish the connection
	at org.apache.naming.NamingContext.lookup(NamingContext.java:865)
2018-03-30 15:34:40,887 - WARN
[net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:549]
- Exception encountered during context initialization - cancelling refresh
attempt: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'myDB': Error setting property values; nested
exception is org.springframework.beans.PropertyBatchUpdateException; nested
PropertyAccessExceptions (1) are:
PropertyAccessException 1:
org.springframework.beans.MethodInvocationException: Property 'DataSource'
threw exception; nested exception is
net.shibboleth.utilities.java.support.logic.ConstraintViolationException:
JDBC data source can not be null
2018-03-30 15:34:40,907 - ERROR
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:181]
- Service 'shibboleth.AttributeResolverService': Initial load failed
net.shibboleth.utilities.java.support.service.ServiceException:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'myDB': Error setting property values; nested exception is
org.springframework.beans.PropertyBatchUpdateException; nested
PropertyAccessExceptions (1) are:
PropertyAccessException 1:
org.springframework.beans.MethodInvocationException: Property 'DataSource'
threw exception; nested exception is
net.shibboleth.utilities.java.support.logic.ConstraintViolationException:
JDBC data source can not be null
	at
net.shibboleth.ext.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:336)
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'myDB': Error setting property values; nested
exception is org.springframework.beans.PropertyBatchUpdateException; nested
PropertyAccessExceptions (1) are:
PropertyAccessException 1:
org.springframework.beans.MethodInvocationException: Property 'DataSource'
threw exception; nested exception is
net.shibboleth.utilities.java.support.logic.ConstraintViolationException:
JDBC data source can not be null
	at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1518)
Caused by: org.springframework.beans.PropertyBatchUpdateException: Failed
properties: Property 'DataSource' threw exception; nested exception is
net.shibboleth.utilities.java.support.logic.ConstraintViolationException:
JDBC data source can not be null
	at
org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:121)
2018-03-30 15:34:40,908 - INFO
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:183]
- Service 'shibboleth.AttributeResolverService': Continuing to poll
configuration
2018-03-30 15:34:40,909 - INFO
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:199]
- Service 'shibboleth.AttributeResolverService': Reload time set to: 900000,
starting refresh thread
2018-03-30 15:34:41,815 - ERROR
[net.shibboleth.idp.saml.metadata.impl.AttributeMappingNodeProcessor:144] -
Requested Attributes Mapper: Invalid Attribute resolver configuration.

Anyone have experienced the same behaviour?

thank you
Simone




--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html

More information about the users mailing list