[Shib-Users] IDP Memcached StorageService implementation

131 views
Skip to first unread message

Rui Silva

unread,
Dec 16, 2010, 1:02:40 PM12/16/10
to shibbole...@internet2.edu
(This message was sent initially to the dev mailing list, but I have
found a similar topic (unsolved) at the users mailing list, so I think
the audience for this issue may well be here at the Users Mailing List.
Sorry for sending to both mailing lists)

Hi,

I am trying to write a Memcached based implementation of an IDP
StorageService, to be able to run idp in 2 servers, without using Terracota.

I am running into trouble after the user authenticates successfully,
right after attribute filtering:

11:55:19.784 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:101]
- Removing attribute from return set, no more values: eduPersonPrincipalName
11:55:19.784 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:101]
- Removing attribute from return set, no more values: principal_name
11:55:19.784 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:106]
- Filtered attributes for principal x...@testing.pt. The following
attributes remain: [mail, transientID, name, logoutURL, contactMail,
primaryid]
11:55:19.793 - ERROR
[edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88]
- Error occured while processing request
java.lang.NullPointerException: null
at
edu.internet2.middleware.shibboleth.idp.authn.LoginContext.getAuthenticationMethod(LoginContext.java:176)
[shibboleth-identityprovider-2.1.5-slo7.jar:na]

If in the internal.xml i change from my Storage Service to the
EventingMapBasedStorageService, everything works ok. So the problem is
with my implementation of the StorageService. Maybe some object I am
persisting on memcache is not serializable.

Have anyone tried something similar? With success? Is there any other
way to have two idp using a StorageService that stores data in a central
repository?

Rui Silva

Gavin Alexander

unread,
Dec 16, 2010, 8:19:56 PM12/16/10
to shibbole...@internet2.edu
Hi,

I've had a look at this previously as I thought I could just implement
my own storage service as well.
After a bit of investigation, you'll see why Terracotta is needed.

As Terracotta allows you to get a reference to an object, you can
retrieve the session from the storage service, update it and be
confident that your changes will be propagated to all cluster members.
Using a decoupled storage services like memcache, or even a RDBMS
means that after you retrieve and update a session you must "sync" it
back to the persistence/storage layer.

Anyway, you need to modify updateUserSession() to "sync" the session
with the storage service in AuthenticationEngine.java to get it to
work correctly. However, I'm not confident that other things won't
break as a result of this....

I opted not to modify the core IdP codebase, and instead wrote a
servlet filter to grab the session after its gone through the IdP and
sync it to something like memcache (I'm using MongoDB)

Hope this helps.

/gav

Rui Silva

unread,
Dec 17, 2010, 6:30:48 AM12/17/10
to shibbole...@internet2.edu
Hi Gavin,

Thanks for the explinations. I Will try the Servlet Filter approach.

Rui Silva

Reply all
Reply to author
Forward
0 new messages