character limit on REMOTE_USER

5 views
Skip to first unread message

Andrew Petro

unread,
Jan 24, 2020, 11:10:29 AM1/24/20
to uPortal Community
Hi,

Anyone aware of a character limit on REMOTE_USER in a uPortal context?

Here's what happened: MyUW serves all of UW System. There's a new IdP in the Wisconsin Federation, with namespace @uwss.wisconsin.edu . That new IdP issues EPPNs with prefixes firstname.lastname . So I'd be something like andrew...@uwss.wisconsin.edu .

In a my.wisconsin.edu context we use EPPN as REMOTE_USER.

So we suddenly have unprecedently long REMOTE_USER in some cases.

It's looking like users with 35-characters-or-fewer EPPN works fine, but with 36-characters-or-more it doesn't work.

I think it's REMOTE_USER that's implicated because when the problem happens, via Snooper, it's REMOTE_USER that's not set. EPPN is there, at least as a header.

I haven't proven this is the problem, but it's a strong working hypothesis at this point.

Running uPortal 4.2.1-ish.

Anyone seen anything like this?

-Andrew

Andrey Postoyanets

unread,
Jan 24, 2020, 11:21:26 AM1/24/20
to uporta...@apereo.org

Hi Andrew,

 

Our campus might be moving into this direction (federated logins with longer namespaces). Pretty sure, we will encounter something similar.

 

With best regards,

Andrey P, CUNY / Brooklyn College

 

From: 'Andrew Petro' via uPortal Community [mailto:uporta...@apereo.org]
Sent: Friday, January 24, 2020 11:10 AM
To: uPortal Community
Subject: [uportal-user] character limit on REMOTE_USER

 

CAUTION: This email is from outside BC, so examine it closely before opening attachments or clicking on links

 

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uportal-user...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/dc616761-ccef-4551-beff-5a56a4dd409d%40apereo.org.

Andrew Petro

unread,
Jan 24, 2020, 4:17:00 PM1/24/20
to uPortal Community
Resolved:

It turns out in MyUW's local uPortal implementation UP_USER.USER_NAME was a VARCHAR(35);

I think that's shorter width than uPortal 4.2.1 out of the box would generate -- maybe it was inherited from some older version in our local environment and that detail of the schema wasn't updated on upgrade. Dunno.

Anyway, in practice, 35 characters was enough. Until it wasn't. uPortal couldn't create entries for these "new" users in its user table so they couldn't fully log in.

Resolution was to widen that column. I doubled it to 70 characters. (I also widened the corresponding column in UP_PERSONDIR, for good measure, but that may not have been necessary.) Testing and initial reports from affected users suggest this fixed it.

Andrew

PS: The command: alter table UP_USER modify USER_NAME VARCHAR2(70 char);
Reply all
Reply to author
Forward
0 new messages