Versions Compared

Old Version 4

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 5

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

$ /opt/shibboleth-idp/bin/plugin.sh -i http://shibboleth.net/downloads/identity-provider/plugins/pluginName/version/URL

Switching from JPAStorageService

If you are currently running with the JPAStorageService you can reconfigure to use the JDBCStorageService relatively easily

  • Locate the configuration (search for the class name org.opensaml.storage.impl.JPAStorageService

  • Remove the EntityManageFactory bean, taking note of the dataSource property.

  • Change the StorageService bean

    • Replace class="org.opensaml.storage.impl.JPAStorageService" with parent="shibboleth.JDBCStorageService"

    • Remove the constructor parameter and instead add a pointer to the dataSource you noted above p:dataSource-ref="...."

At this stage you should be able to test the configuration.

Once it works you can change bean names appropriately and add any extra configuration as detail below.

Database Preparation

If you are not upgrading from a JPAStorageService configuration you need to:

...

Expand
titleBehavioral Options

The behavior of the Storage Service is controlled by the following options

Option Property Name

Default

Description

dataSource

Required

The DataSource to use

cleanupInterval

0

The time between one cleanup and another. A value of 0 indicates that no cleanup will be performed.

retryableErrors

A comma separate list of SQL errors which will cause a failed transaction to be retried (a maximum of transactionRetry times)

transactionIsolation

8 (Connection.TRANSACTION_SERIALIZABLE)

The level of transactional isolation required as described for the Connection Interface

transactionRetrytransactionRetries

3

Number of retries if insertion fails due to database transaction bugs

verify

true

Whether to verify the database connection on startup

localLocking

false

Whether to do thread level locking to arbitrate access (for this IdP) to the the database. This can be useful in high contention situations when multiple transaction retries are happening.

...

Code Block
    <bean id="my.dataSource" class="org.apache.commons.dbcp2.BasicDataSource" destroy-method="close" lazy-init="true"
       p:driverClassName="......"
       p:url="jdbc:hsqldb:mem:StorageService"
       p:username="shibboleth"
       p:retryableErrors="4001, 4002"
       p:password="%{JDBCPassword}" />

    <bean id="JDBCStorageService" parent="shibboleth.JDBCStorageService"
          p:dataSource-ref="dataSource"
          p:transactionIsolation="4"
          p:retryableErrors="40001"
     />

Example conversion from JPAStorageService

Expand
titleOld JPA Configuration

Code Block
<bean id="shibboleth.JPAStorageService"
        class="org.opensaml.storage.impl.JPAStorageService"
        p:cleanupInterval="%{idp.storage.cleanupInterval:PT10M}"
        c:factory-ref="shibboleth.JPAStorageService.EntityManagerFactory" />

<bean id="shibboleth.JPAStorageService.EntityManagerFactory"
    class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
    <property name="persistenceUnitName" value="storageservice" />
    <property name="packagesToScan" value="org.opensaml.storage.impl" />
    <property name="dataSource" ref="shibboleth.JPAStorageService.DataSource" />
    <property name="jpaVendorAdapter" ref="shibboleth.JPAStorageService.JPAVendorAdapter" />
    <property name="jpaDialect">
        <bean class="org.springframework.orm.jpa.vendor.HibernateJpaDialect" />
    </property>
</bean>

Expand
titleAfter Initial conversion
Code Block
<bean id="shibboleth.JPAStorageService" parent="shibboleth.JDBCStorageService"
    p:cleanupInterval="%{idp.storage.cleanupInterval:PT10M}"
    p:dataSource-ref="shibboleth.JPAStorageService.DataSource"/>