Salt value too short when using NameIDGeneration

Ignacio Amoeiro Bosch ignacio.amoeiro at extern.ibsalut.es
Wed Apr 8 12:06:36 EDT 2020 

We are going to migrate to v4.0 in the short term.

Meanwhile, I  extended ComputedPersistentIdGenerationStrategy class and deployed in a custom jar in the war ( inside edit-webapp).

I Also added the bean in the global.xml.

It worked.

When we migrate to v4, I Will do it as you told me.

Thanks Scott

Regards


-----Mensaje original-----
De: users <users-bounces at shibboleth.net> En nombre de Cantor, Scott
Enviado el: miércoles, 8 de abril de 2020 14:19
Para: Shib Users <users at shibboleth.net>
Asunto: Re: Salt value too short when using NameIDGeneration

On 4/8/20, 2:13 AM, "users on behalf of Ignacio Amoeiro Bosch" <users-bounces at shibboleth.net on behalf of ignacio.amoeiro at extern.ibsalut.es> wrote:

> So I think I have to create a new PersistentIdGenerationStrategy  class without that limitation, right?

You should be using V4, in which case the public interface to implement is net.shibboleth.idp.attribute.PairwiseIdStore and the class to copy is net.shibboleth.idp.attribute.impl.ComputedPairwiseIdStore.

You could also, and were it me I probably would, simply patch that class and build from source for now, and file a RFE to get the equivalent patch added to a future version so you can drop the workaround then. The work to build from source when updating isn't that complex and patches don't come out that often.

> I which file should I define this new bean? In saml-nameid-system.xml is allowed to edit?

No.

> Or there is another place for custom beans?

You add file(s) to the NameIDGeneration service's resource collection in services.xml or just define them in the existing files that are exposed for editing.

-- Scott


-- 
For Consortium Member technical support, see https://ddec1-0-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwiki.shibboleth.net%2fconfluence%2fx%2fcoFAAg&umid=57e5d509-785e-4f6c-8cde-22e672e52144&auth=1c980b950b810d2ebe959a136e6fc6796ec23183-86c1c35ce35c76844cb9039daf4a1d667c881f47
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list