Duplicate entry for SAML2_ATTRIBUTE_QUERY_TICKETS raised

[Roger Yerbanga]

Hello all,

With Cas 5.3.4.

Has someone already gotten something like this :

Hibernate:
    insert
    into
        SAML2_ATTRIBUTE_QUERY_TICKETS
        (NUMBER_OF_TIMES_USED, CREATION_TIME, EXPIRATION_POLICY, EXPIRED, LAST_TIME_USED, PREVIOUS_LAST_TIME_USED, object, relyingParty, SERVICE, ticketGrantingTicket_ID, TYPE, ID)
    values
        (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'SATQ', ?)
2018-10-19 16:46:56,395 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] - <(conn=3232) Duplicate entry 'SATQ-oG9xzSjwFzlCyugfCdoRxugEKCU=' for key 'PRIMARY'>
2018-10-19 16:46:56,398 ERROR [org.hibernate.internal.ExceptionMapperStandardImpl] - <HHH000346: Error during managed flush [org.hibernate.exception.ConstraintViolationException: could not execute statement]>
2018-10-19 16:46:56,400 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: could not execute statement; SQL [n/a]; constraint [PRIMARY]; nested exception is org.hibernate.exception.ConstraintViolationException: could not execute statement
ACTION: SAML2_RESPONSE_FAILED
APPLICATION: CAS
WHEN: Fri Oct 19 16:46:56 EDT 2018
CLIENT IP ADDRESS: 132.207.22.127
SERVER IP ADDRESS: 132.207.6.41
=============================================================

>
2018-10-19 16:46:56,411 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/cas] threw exception [Request processing failed; nested exception is org.springframework.dao.DataIntegrityViolationException: could not execute statement; SQL [n/a]; constraint [PRIMARY]; nested exception is org.hibernate.exception.ConstraintViolationException: could not execute statement] with root cause>
java.sql.SQLException: Duplicate entry 'SATQ-oG9xzSjwFzlCyugfCdoRxugEKCU=' for key 'PRIMARY'
Query is: insert into SAML2_ATTRIBUTE_QUERY_TICKETS (NUMBER_OF_TIMES_USED, CREATION_TIME, EXPIRATION_POLICY, EXPIRED, LAST_TIME_USED, PREVIOUS_LAST_TIME_USED, object, relyingParty, SERVICE, ticketGrantingTicket_ID, TYPE, ID) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'SATQ', ?), parameters [0,'2018-10-19 16:46:56.381',<Stream>,0,'2018-10-19 16:46:56.381',<null>,'<?xml version="1.0" encoding="UTF-8"?><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_4057543231534213152" IssueInstant="2018-10-19T20:46:56.364Z" Version="2.0"><saml2:Issuer>https://testcas5.yerbynet.com/cas/idp</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://sp.testshib.org/shibboleth-sp" SPNameQualifier="https://sp.testshib.org/shibboleth-sp">oG9xzSjwFzlCyugfCdoRxugEKCU=</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_ede3d6158ee3a460014ae3900455b674" NotOnOrAfter="2018...
    at org.mariadb.jdbc.internal.util.LogQueryTool.exceptionWithQuery(LogQueryTool.java:153) ~[mariadb-java-client-2.2.4.jar!/:?]
    at org.mariadb.jdbc.internal.protocol.AbstractQueryProtocol.executeQuery(AbstractQueryProtocol.java:254) ~[mariadb-java-client-2.2.

I have just tried to connect twice to https://sp.testshib.org/ with the same browser and the same credentials. Then I get this after authentication.

Why does it generate the same ID twice ?

Roger

[Roger Yerbanga]

Fixed by putting this parameter to false :

cas.authn.samlIdp.attributeQueryProfileEnabled=false

I don't know why, and how, but since then, it works.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/89823a89-566a-435f-a845-258a55724f59%40apereo.org.

--

! roger
-- www.yerbynet.com --
Un ordinateur sans connexion Internet, c'est un peu comme une télévision sans antenne :)

[Andy Ng]

Hi Roger,

attributeQueryProfile is actually needed to connect to some of the SAML sp / idp out there (I forget what and which one)

So... If your SAML implementation needs to connect to some external vendor you might need to be a aware that you disabled attributeQueryProfile

As of why your SQL bug happends in the first place, I have no idea...

Cheers!

- Andy

[Maksim Kopeyka]

Same problem with CAS 6.0.3 and JPA ticket registry.

And yes, I have this property: cas.authn.samlIdp.attributeQueryProfileEnabled=true

[Roger Yerbanga]

So change it to false and let us know if it works.

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3992136-f15d-43f5-8574-4360518daf26%40apereo.org.

[Maksim Kopeyka]

It doesn't make sense for me, see Andy's answer above.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3992136-f15d-43f5-8574-4360518daf26%40apereo.org.