- Add new client authentication assertion optionsJOIDCCONF-8Philip Smart
- Add OIDC.SSO.MDDriven profile beanJOIDCCONF-7Henri Mikkonen
- Release 2.2.0JOIDCCONF-6Resolved issue: JOIDCCONF-6Henri Mikkonen
- Separate encryption/decryption and signing/validation in algorithm listsJOIDCCONF-5Henri Mikkonen
- Check include and exclude algorithms are workingJOIDCCONF-4Philip Smart
- Release 2.1.0JOIDCCONF-3Resolved issue: JOIDCCONF-3Henri Mikkonen
- The config module requires either the RP or OP to loadJOIDCCONF-2Henri Mikkonen
- Release 1.0.1 of oidc-configJOIDCCONF-1Resolved issue: JOIDCCONF-1Philip Smart
8 of 8
Re-introduction of https://shibboleth.atlassian.net/browse/IDP-1020 ?
Fixed
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
Environment
Tested with Debian 12 Bookworm, OpenJDK 17, Tomcat 10 and IdP 4.3.1, seems also apply to Debian 11 Bullseye, OpenJDK 11, Tomcat 9 and IdP 4.3.1
Created June 9, 2023 at 8:04 AM
Updated December 3, 2023 at 11:27 AM
Resolved August 11, 2023 at 1:45 PM
Activity
Rod Widdowson December 3, 2023 at 11:27 AM
Rod Widdowson
December 3, 2023 at 11:27 AM
The code has been shipped in V2. No further feedback -> closed
Rod Widdowson August 7, 2023 at 1:23 PM
Rod Widdowson
August 7, 2023 at 1:23 PM
I’ll make that changes as part of this case. Before wednesday
Scott Cantor August 7, 2023 at 12:42 PM
Scott Cantor
August 7, 2023 at 12:42 PM
I think I would leave it, seeing as it really hasn’t come up until now. We do need to apply this same fix to the JDBCPairwiseIdStore in shib-attribute-impl though.
I think that’s about the only other case.
Rod Widdowson August 5, 2023 at 10:43 AM
Rod Widdowson
August 5, 2023 at 10:43 AM
Change made and documented. Leaving open pending question of default
Rod Widdowson August 5, 2023 at 10:29 AM
Rod Widdowson
August 5, 2023 at 10:29 AM
@Scott Cantor Do we want to flip the Transactional level in this release (the think passed to setTransactionIsolation to “Don’t set”?
We have a monitoring script that authenticates itself via an test sp against our IdP every minute . After successful authentication the monitoring request a SLO. This works a few times, then fails with the following errors:
idp-process.log
net.shibboleth.idp.session.SessionException: Exceeded retry attempts while adding to secondary index at net.shibboleth.idp.session.impl.StorageBackedSessionManager.indexBySPSession(StorageBackedSessionManager.java:657)postgres db server:
2023-06-06 14:56:29.345 CEST [485227] tsso@tsso ERROR: duplicate key value violates unique constraint "shibpid_pkey" 2023-06-06 14:56:29.345 CEST [485227] tsso@tsso DETAIL: Key (localentity, peerentity, persistentid)=(http://dummy.com/idp/c101715f-8b05-4eb4-b6f8-4b2084e65598, http://dummy.com/sp/c101715f-8b05-4eb4-b6f8-4b2084e65598, c101715f-8b05-4eb4-b6f8-4b2084e65598) already exists. 2023-06-06 14:56:29.345 CEST [485227] tsso@tsso STATEMENT: INSERT INTO shibpid (localEntity, peerEntity, persistentId, principalName, localId, peerProvidedId, creationDate, deactivationDate) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)Other users despite the monitoring user may still authentifcate against the IdP but it is rather unresponsive.
This seems the exact behavior reported in https://shibboleth.atlassian.net/browse/IDP-1020.
Reverting to JPA StorageService immediately resolves the issue.
Thank you.