IdP 2.3.1 unable to connect to PostgreSQL DB
349 views
Skip to first unread message
Berthet Jérémy
Jul 22, 2011, 11:37:24 AM7/22/11
to us...@shibboleth.net
Hello everyone,
First, I saw in the mailing-list archives that someone got the same problem (unresolved), but since I'm new to the mailing-list, I don't know how to answer directly to his thread. So, sorry for creating a similar one.
We are curently building a Shibboleth IdP 2.3.1 to join the SWITCH AAI federation. We want to use our main PostgreSQL 8.4 (we could migrate to PostgreSQL 9 if mandatory ...) for persistent ID and attribute storage.
For the moment, Shibboleth is unable to connect to the PostgreSQL database.
This is the log we get from Shibboleth in DEBUG mode:
We made several connexion tests from the IDP server to the DB server:
- Using psql, everything is OK
- Using a simple Java program to test our JDBC driver, everything is OK
I post it if it could help us ...
For testing purpose, we built the full IdP stack with a local MySQL database to store persistent ID and attributes on the IdP. Everything work fine in this case, so the Postgres stuff is the only part we have to resolve.
Thank you for any help.
-- First, I saw in the mailing-list archives that someone got the same problem (unresolved), but since I'm new to the mailing-list, I don't know how to answer directly to his thread. So, sorry for creating a similar one.
We are curently building a Shibboleth IdP 2.3.1 to join the SWITCH AAI federation. We want to use our main PostgreSQL 8.4 (we could migrate to PostgreSQL 9 if mandatory ...) for persistent ID and attribute storage.
For the moment, Shibboleth is unable to connect to the PostgreSQL database.
This is the log we get from Shibboleth in DEBUG mode:
11:10:39.205 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore:225] - Selecting persistent ID entry based on prepared sql statement: SELECT * FROM shibpid WHERE persistentId = ? AND deactivationDate IS NULLOn the Postgres side, we don't see the request incoming in the log.
11:10:39.541 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:187] - Configuration was not loaded for shibboleth.AttributeResolver service, error creating components. The root cause of this error was: edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException: Unable to connect to persistent ID store.
We made several connexion tests from the IDP server to the DB server:
- Using psql, everything is OK
- Using a simple Java program to test our JDBC driver, everything is OK
I post it if it could help us ...
public static void main(String args[]) {So, we think the problem is maybe in our Shibboleth connector configuration:
Connection db;
DatabaseMetaData dbmd;
int queryTimeout = 3;
try {
Class.forName("org.postgresql.Driver");
db = DriverManager.getConnection("jdbc:postgresql://db_server_ip/postgres",
"aai-idp", "secret_password");
dbmd = db.getMetaData();
System.out.println("Connection à "+dbmd.getDatabaseProductName()+" "+
dbmd.getDatabaseProductVersion()+" réussie.\n");
db.close();
}
catch (Exception ex) {
System.out.println("EXCEPTION: " + ex);
ex.printStackTrace();
}
<resolver:DataConnector id="myStoredId"Does someone see anything wrong for this DataConnector ?
xsi:type="dc:StoredId"
generatedAttributeID="persistentID"
sourceAttributeID="swissEduPersonUniqueID"
salt="bd5f/pUK2wfmRsreq1/T/oBvxn50ync1TInIi8yYnJiDGeZX">
<resolver:Dependency ref="swissEduPersonUniqueID" />
<dc:ApplicationManagedConnection
jdbcDriver="org.postgresql.Driver"
jdbcURL="jdbc:postgresql://db_server_ip/postgres"
jdbcUserName="aai-idp"
jdbcPassword="secret_password" />
</resolver:DataConnector>
For testing purpose, we built the full IdP stack with a local MySQL database to store persistent ID and attributes on the IdP. Everything work fine in this case, so the Postgres stuff is the only part we have to resolve.
Thank you for any help.
--
Jérémy Berthet
Chargé de projets
jeremy....@hepl.ch
Direct: +41 21 316 95 65 — Fax: +41 21 316 33 97
Haute école pédagogique
Unité Informatique
Avenue de Cour 33 — 1014 Lausanne
www.hepl.ch
Chargé de projets
jeremy....@hepl.ch
Direct: +41 21 316 95 65 — Fax: +41 21 316 33 97
Haute école pédagogique
Unité Informatique
Avenue de Cour 33 — 1014 Lausanne
www.hepl.ch
To unsubscribe from this group, send email to
users+un...@shibboleth.net
Chad La Joie
Jul 22, 2011, 11:46:42 AM7/22/11
to us...@shibboleth.net
Grüezi Jérémy,
There should be more to the error message than what you have there. Can
you paste in the full stackstrace? Most of the time this type of DB
issue is just that you forgot to add the JDBC driver to the IdP's classpath.
Chad La Joie
http://itumi.biz
trusted identities, delivered
There should be more to the error message than what you have there. Can
you paste in the full stackstrace? Most of the time this type of DB
issue is just that you forgot to add the JDBC driver to the IdP's classpath.
http://itumi.biz
trusted identities, delivered
Berthet Jérémy
Jul 22, 2011, 12:26:15 PM7/22/11
to us...@shibboleth.net
Grüezi Chad,
(I'm from french speaking switzerland anyway ^^)
I used the aacli.sh script to get a full java stack trace with the CLASSPATH correctly configured for the Postgres JDBC driver.
Jérémy Berthet
(I'm from french speaking switzerland anyway ^^)
I used the aacli.sh script to get a full java stack trace with the CLASSPATH correctly configured for the Postgres JDBC driver.
[root@idp bin]# ./aacli.sh --configDir /opt/shibboleth-idp/conf/ --principal testuser --requester=https://aai-rr.switch.ch/shibbolethIf I make the wrong setup for my CLASSPATH, I got another error:
Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.AttributeResolver': Invocation of init method failed; nested exception is edu.internet2.middleware.shibboleth.common.service.ServiceException: Configuration was not loaded for shibboleth.AttributeResolver service, error creating components.
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1338)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
at edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI.loadConfigurations(AttributeAuthorityCLI.java:198)
at edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI.main(AttributeAuthorityCLI.java:89)
Caused by: edu.internet2.middleware.shibboleth.common.service.ServiceException: Configuration was not loaded for shibboleth.AttributeResolver service, error creating components.
at edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:191)
at edu.internet2.middleware.shibboleth.common.config.BaseReloadableService.initialize(BaseReloadableService.java:147)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1414)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1375)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335)
... 14 more
Caused by: edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException: Unable to connect to persistent ID store.
at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDDataConnector.validate(StoredIDDataConnector.java:148)
at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.validateDataConnector(ShibbolethAttributeResolver.java:173)
at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.validate(ShibbolethAttributeResolver.java:145)
at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.onNewContextCreated(ShibbolethAttributeResolver.java:532)
at edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:173)
... 22 more
[root@idp bin]# ./aacli.sh --configDir /opt/shibboleth-idp/conf/ --principal testuser --requester=https://aai-rr.switch.ch/shibbolethThank you for your help.
Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.AttributeResolver': Invocation of init method failed; nested exception is edu.internet2.middleware.shibboleth.common.service.ServiceException: Configuration was not loaded for shibboleth.AttributeResolver service, error creating components.
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1338)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
at edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI.loadConfigurations(AttributeAuthorityCLI.java:198)
at edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI.main(AttributeAuthorityCLI.java:89)
Caused by: edu.internet2.middleware.shibboleth.common.service.ServiceException: Configuration was not loaded for shibboleth.AttributeResolver service, error creating components.
at edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:191)
at edu.internet2.middleware.shibboleth.common.config.BaseReloadableService.initialize(BaseReloadableService.java:147)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1414)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1375)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335)
... 14 more
Caused by: org.springframework.beans.factory.BeanCreationException: Unable to create relational database connector, JDBC driver can not be found on the classpath
at edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.RDBMSDataConnectorBeanDefinitionParser.buildApplicationManagedConnection(RDBMSDataConnectorBeanDefinitionParser.java:148)
at edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.RDBMSDataConnectorBeanDefinitionParser.processConnectionManagement(RDBMSDataConnectorBeanDefinitionParser.java:91)
at edu.internet2.middleware.shibboleth.common.config.attribute.resolver.dataConnector.RDBMSDataConnectorBeanDefinitionParser.doParse(RDBMSDataConnectorBeanDefinitionParser.java:64)
at edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser.doParse(AbstractResolutionPlugInBeanDefinitionParser.java:67)
at org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser.parseInternal(AbstractSingleBeanDefinitionParser.java:84)
at org.springframework.beans.factory.xml.AbstractBeanDefinitionParser.parse(AbstractBeanDefinitionParser.java:56)
at edu.internet2.middleware.shibboleth.common.config.BaseSpringNamespaceHandler.parse(BaseSpringNamespaceHandler.java:91)
at edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils.createBeanDefinition(SpringConfigurationUtils.java:176)
at edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils.parseCustomElement(SpringConfigurationUtils.java:149)
at edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils.parseCustomElements(SpringConfigurationUtils.java:228)
at edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils.parseCustomElements(SpringConfigurationUtils.java:208)
at edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AttributeResolverBeanDefinitionParser.parse(AttributeResolverBeanDefinitionParser.java:52)
at edu.internet2.middleware.shibboleth.common.config.BaseSpringNamespaceHandler.parse(BaseSpringNamespaceHandler.java:91)
at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1297)
at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1287)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:141)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:92)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:507)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:398)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:342)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:310)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
at edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils.populateRegistry(SpringConfigurationUtils.java:84)
at edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:169)
... 22 more
Jérémy Berthet
Cantor, Scott E.
Jul 22, 2011, 12:30:51 PM7/22/11
to us...@shibboleth.net
Dunno if it's helpful, but my extremely minimal experience with postgres
is that it has some damn confusing authentication setup options, and there
might be something missing there preventing you from actually logging in
via the JVM, even if your command line test happens to work.
is that it has some damn confusing authentication setup options, and there
might be something missing there preventing you from actually logging in
via the JVM, even if your command line test happens to work.
Certainly appears to be failing at a network/basic level.
-- Scott
Chad La Joie
Jul 22, 2011, 12:33:43 PM7/22/11
to us...@shibboleth.net
On 7/22/11 12:26 PM, Berthet Jérémy wrote:
> Grüezi Chad,
>
> (I'm from french speaking switzerland anyway ^^)
Eh, I gotta show off about the only word I managed to learn when I lived
there.
> I used the aacli.sh script to get a full java stack trace with the
> CLASSPATH correctly configured for the Postgres JDBC driver.
That does *not* use the same classpath as the WAR (it will in v3). So
that doesn't really indicate whether the IdP's classpath is correct.
If you do a 'jar -tf $IDP_HOME/war/idp.war' do you see the postgres JDBC
library in listed in the output?
--
Chad La Joie
http://itumi.biz
trusted identities, delivered
--
Berthet Jérémy
Jul 25, 2011, 3:34:53 AM7/25/11
to us...@shibboleth.net
Hello,
Cantor, Scott E. wrote:
Cantor, Scott E. wrote:
Dunno if it's helpful, but my extremely minimal experience with postgres
is that it has some damn confusing authentication setup options, and there
might be something missing there preventing you from actually logging in
via the JVM
We think about that too. I tried several authentication option in
the pg_hba.conf without success. Actually, for the tests, we are
at the trust level, which is the less secure setup
options.
Chad La Joie wrote:
Chad La Joie wrote:
That does *not* use the same classpath as the WAR (it will in v3). So
that doesn't really indicate whether the IdP's classpath is correct.If you do a 'jar -tf $IDP_HOME/war/idp.war' do you see the postgres JDBC
library in listed in the output?
You are right, I don't see the Postgres JDBC in the output. If I
want it inside, I should put the ".jar" in the "/lib" directory of
Shibboleth installer, right ?
Anyway, I don't understand why MySQL works on our test installation, since the MySQL JDBC lib isn't in the "idp.war" ?
Thank you,
Jérémy Berthet
Anyway, I don't understand why MySQL works on our test installation, since the MySQL JDBC lib isn't in the "idp.war" ?
Thank you,
Jérémy Berthet
Chad La Joie
Jul 25, 2011, 7:18:03 AM7/25/11
to us...@shibboleth.net
On 7/25/11 3:34 AM, Berthet Jérémy wrote:
> Chad La Joie wrote:
>>
>> That does *not* use the same classpath as the WAR (it will in v3). So
>> that doesn't really indicate whether the IdP's classpath is correct.
>>
>> If you do a 'jar -tf $IDP_HOME/war/idp.war' do you see the postgres JDBC
>> library in listed in the output?
>>
>
> You are right, I don't see the Postgres JDBC in the output. If I want it
> inside, I should put the ".jar" in the "/lib" directory of Shibboleth
> installer, right ?
distribution /lib directory and then run the install script. That'll
make sure it gets to the right spots.
> Anyway, I don't understand why MySQL works on our test installation,
> since the MySQL JDBC lib isn't in the "idp.war" ?
don't recommend using that mechanisms in the general case because it
"pollutes" the container classpath and forces all web apps to use the
same version of the JDBC driver.
Berthet Jérémy
Jul 25, 2011, 9:35:41 AM7/25/11
to us...@shibboleth.net
Hello Chad,
Le 25.07.11 13:18, Chad La Joie a écrit :
Le 25.07.11 13:18, Chad La Joie a écrit :
On 7/25/11 3:34 AM, Berthet Jérémy wrote:Chad La Joie wrote:That does *not* use the same classpath as the WAR (it will in v3). So that doesn't really indicate whether the IdP's classpath is correct. If you do a 'jar -tf $IDP_HOME/war/idp.war' do you see the postgres JDBC library in listed in the output?You are right, I don't see the Postgres JDBC in the output. If I want it inside, I should put the ".jar" in the "/lib" directory of Shibboleth installer, right ?Any time you want to add a JAR to the IdP you need to put the JAR in the distribution /lib directory and then run the install script. That'll make sure it gets to the right spots.
We added the Postgres JDBC ".jar" and rerun the install script. I
checked that the ".jar" was in the "idp.war" and everything looks
OK. Anyway, we've got the same error when trying to bring up the
IDP.
I can give you the full stack trace:
I can give you the full stack trace:
15:29:46.774 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore:225] - Selecting persistent ID entry based on prepared sql statement: SELECT * FROM shibpid WHERE persistentId = ? AND deactivationDate IS NULL
15:29:47.101 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:187] - Configuration was not loaded for shibboleth.AttributeResolver service, error creating components. The root cause of this error was: edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException: Unable to connect to persistent ID store.
15:29:47.108 - TRACE [edu.internet2.middleware.shibboleth.common.config.BaseService:190] - Full stacktrace is:
edu.internet2.middleware.shibboleth.common.service.ServiceException: shibboleth.AttributeResolver configuration is not valid, retaining old configuration
at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.onNewContextCreated(ShibbolethAttributeResolver.java:537) ~[shibboleth-common-1.3.0.jar:na]
at edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:173) ~[shibboleth-common-1.3.0.jar:na]
at edu.internet2.middleware.shibboleth.common.config.BaseReloadableService.initialize(BaseReloadableService.java:147) [shibboleth-common-1.3.0.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_26]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_26]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_26]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_26]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1414) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1375) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_26]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429) [spring-beans-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728) [spring-context-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380) [spring-context-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255) [spring-web-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199) [spring-web-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45) [spring-web-2.5.6.SEC02.jar:2.5.6.SEC02]
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4205) [catalina.jar:6.0.32]
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4704) [catalina.jar:6.0.32]
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799) [catalina.jar:6.0.32]
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779) [catalina.jar:6.0.32]
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601) [catalina.jar:6.0.32]
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:675) [catalina.jar:6.0.32]
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:601) [catalina.jar:6.0.32]
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502) [catalina.jar:6.0.32]
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1315) [catalina.jar:6.0.32]
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324) [catalina.jar:6.0.32]
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142) [catalina.jar:6.0.32]
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1061) [catalina.jar:6.0.32]
at org.apache.catalina.core.StandardHost.start(StandardHost.java:840) [catalina.jar:6.0.32]
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) [catalina.jar:6.0.32]
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463) [catalina.jar:6.0.32]
at org.apache.catalina.core.StandardService.start(StandardService.java:525) [catalina.jar:6.0.32]
at org.apache.catalina.core.StandardServer.start(StandardServer.java:754) [catalina.jar:6.0.32]
at org.apache.catalina.startup.Catalina.start(Catalina.java:595) [catalina.jar:6.0.32]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_26]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_26]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_26]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_26]
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) [bootstrap.jar:6.0.32]
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) [bootstrap.jar:6.0.32]
Caused by: edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException: Unable to connect to persistent ID store.
at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDDataConnector.validate(StoredIDDataConnector.java:148) ~[shibboleth-common-1.3.0.jar:na]
at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.validateDataConnector(ShibbolethAttributeResolver.java:173) ~[shibboleth-common-1.3.0.jar:na]
at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.validate(ShibbolethAttributeResolver.java:145) ~[shibboleth-common-1.3.0.jar:na]
at edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.onNewContextCreated(ShibbolethAttributeResolver.java:532) ~[shibboleth-common-1.3.0.jar:na]
... 48 common frames omitted
Anyway, I don't understand why MySQL works on our test installation, since the MySQL JDBC lib isn't in the "idp.war" ?Check the Servlet container's lib directory it's probably in there. I don't recommend using that mechanisms in the general case because it "pollutes" the container classpath and forces all web apps to use the same version of the JDBC driver.
Ok, thank you for the tips. In fact, we've both the PostgreSQL and
the MySQL driver in the Tomcat (I suppose this is what you call
"Servlet container's" ?) lib directory.
Berthet Jérémy
Jul 28, 2011, 9:13:37 AM7/28/11
to us...@shibboleth.net
Hello everyone,
I had a look at the IdP source code to see if I could get the real exception message instead of the Shibboleth AttributeResolutionException: Unable to connect to persistent ID store.
I modified the file "StoredIDDataConnector.java" from the common library: Line 142 to 155
The problem come from the Postgres JDBC driver:
I tried several other version of the driver with the same result :(
Which driver version people who works with PostgreSQL use ?
I had a look at the IdP source code to see if I could get the real exception message instead of the Shibboleth AttributeResolutionException: Unable to connect to persistent ID store.
I modified the file "StoredIDDataConnector.java" from the common library: Line 142 to 155
public void validate() throws AttributeResolutionException {
if (getDependencyIds() == null || getDependencyIds().size() != 1) {
log.error("Stored ID " + getId() + " data connectore requires exactly one dependency");
throw new AttributeResolutionException("Computed ID " + getId()
+ " data connectore requires exactly one dependency");
}
try {
pidStore.getActivePersistentIdEntry("1");
} catch (SQLException e) {
log.debug(e.getMessage());
throw new AttributeResolutionException("Unable to connect to persistent ID store.");
}
}
The problem come from the Postgres JDBC driver:
14:50:14.645 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDDataConnector:152] - Method org.postgresql.jdbc4.Jdbc4PreparedStatement.setQueryTimeout(int) is not yet implemented.
14:50:14.645 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:188] - Configuration was not loaded for shibboleth.AttributeResolver service, error creating components. The root cause of this error was: edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException: Unable to connect to persistent ID store.
I tried several other version of the driver with the same result :(
Which driver version people who works with PostgreSQL use ?
Thank you for any help.
Jérémy
Le 25.07.11 15:35, Berthet Jérémy a écrit :
Le 25.07.11 15:35, Berthet Jérémy a écrit :
Jim Fox
Jul 28, 2011, 12:16:43 PM7/28/11
to us...@shibboleth.net
>
> Which driver version people who works with PostgreSQL use ?
>
We use the RelationalDatabase connector instead of StoredId,
with this:
<ApplicationManagedConnection jdbcDriver="org.postgresql.Driver"
poolAcquireRetryAttempts="1"
poolAcquireRetryDelay="1"
poolBreakAfterAcquireFailure="false"
jdbcURL="jdbc:postgresql://localhost/idp"
jdbcUserName="shib"
jdbcPassword="zzzzzzzzz" />
I've used this with all versions through 2.3.0
Haven't tried 2.3.1 yet.
Jim
Berthet Jérémy
Jul 29, 2011, 5:27:23 AM7/29/11
to us...@shibboleth.net
Hello Jim,
Thank your for the answer. Unfortunately, the problem is still the same with the suggested driver version.
After having a look at the setQueryTimeout() in the last driver sources, I saw this:
So, the solution was so simple ... I added a queryTimeout="0" attribute to my DataConnectors and everything is working perfectly now !
I think someone should add that to the Shib IdP documentation. Something like this on this page: https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverRDBMSDataConnector)
-------------------
-------------------
Thank you for all your help guys !
Jérémy
Le 28.07.11 18:16, Jim Fox a écrit :
Thank your for the answer. Unfortunately, the problem is still the same with the suggested driver version.
After having a look at the setQueryTimeout() in the last driver sources, I saw this:
public void setQueryTimeout(int seconds) throws SQLException
{
checkClosed();
if (seconds < 0)
throw new PSQLException(GT.tr("Query timeout must be a value greater than or equals to 0."),
PSQLState.INVALID_PARAMETER_VALUE);
if (seconds > 0)
throw Driver.notImplemented(this.getClass(), "setQueryTimeout(int)");
timeout = seconds;
}
So, the solution was so simple ... I added a queryTimeout="0" attribute to my DataConnectors and everything is working perfectly now !
I think someone should add that to the Shib IdP documentation. Something like this on this page: https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverRDBMSDataConnector)
-------------------
PostgreSQL users warning: You have to set the
"queryTimeout" attribute to "0" as this feature is not
supported by the PostgreSQL JDBC driver.-------------------
Thank you for all your help guys !
Jérémy
Le 28.07.11 18:16, Jim Fox a écrit :
Chad La Joie
Jul 29, 2011, 6:01:59 AM7/29/11
to us...@shibboleth.net
If you feel that way, why don't you add it?
On 7/29/11 5:27 AM, Berthet Jérémy wrote:
> I think someone should add that to the Shib IdP documentation. Something
> like this on this page:
> https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverRDBMSDataConnector)
On 7/29/11 5:27 AM, Berthet Jérémy wrote:
> I think someone should add that to the Shib IdP documentation. Something
> like this on this page:
> https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverRDBMSDataConnector)
Reply all
Reply to author
Forward
0 new messages