Search code examples
postgresqljavabeansspring-webflowshibboleth

Invalid connector configuration using Shibboleth IdP 3.3.2 with Postgres


I am using DataConnector in attribute-resolver.xml to connect to database and fetch attributes.

When i connect to local postgres using the below configuration it works, means i am able to go to Unsolicited idp link idp/profile/SAML2/Unsolicited, authenticate and fetch the attributes and generate Saml2 assertion and send it to SP.

    <DataConnector id="myDatabase" xsi:type="RelationalDatabase">
   <ApplicationManagedConnection 
       jdbcDriver="org.postgresql.Driver" jdbcURL="jdbc:postgresql://localhost:5432/postgres"
       jdbcUserName="postgres" jdbcPassword="postgresql" />
<QueryTemplate>
       <![CDATA[
          SELECT password, 12345 as EmployeeID, 'Nilesh' as FirstName, 'Lulla' as LastName from users where username='$requestContext.principalName'
       ]]>
   </QueryTemplate>
   <Column columnName="password" attributeID="password" />
   <Column columnName="employeeid" attributeID="EmployeeID" />
   <Column columnName="firstname" attributeID="FirstName" />
   <Column columnName="lastname" attributeID="LastName" />
</DataConnector>

When i use the postgres server url and connection string it gives error, Shibboleth is not starting at all. Status page is also not opening. https://idp.abc.com/idp/status

    <DataConnector id="myDatabase" xsi:type="RelationalDatabase">
   <ApplicationManagedConnection 
       jdbcDriver="org.postgresql.Driver" jdbcURL="jdbc:postgresql://TPA1238.enterprise.org:5444/cpe_admin"
       jdbcUserName="admin_temp" jdbcPassword="temp2018" />
   <QueryTemplate>
       <![CDATA[
          SELECT panelist_id, first_name, last_name from user_details where user_id='$requestContext.principalName'
       ]]>
   </QueryTemplate>

   <Column columnName="panelist_id" attributeID="EmployeeID" />
   <Column columnName="first_name" attributeID="FirstName" />
   <Column columnName="last_name" attributeID="LastName" />
</DataConnector>

I am getting the following errors:

2018-02-02 21:24:44,530 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:568] - Retrieved dependent beans for bean '(inner bean)#1c33e528': [eduPersonPrincipalName]
2018-02-02 21:24:44,530 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name '(inner bean)#53d2d002'
2018-02-02 21:24:44,531 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name '(inner bean)#5b39a3e6'
2018-02-02 21:24:44,531 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML2ScopedStringAttributeEncoder#0'
2018-02-02 21:24:44,532 - DEBUG [org.springframework.beans.factory.support.DisposableBeanAdapter:337] - Invoking destroy method 'destroy' on bean with name 'net.shibboleth.idp.saml.attribute.encoding.impl.SAML1ScopedStringAttributeEncoder#0'
2018-02-02 21:24:44,542 - ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:181] - Service 'shibboleth.AttributeResolverService': Initial load failed
net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDatabase': Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myDatabase': Invalid connector configuration
    at net.shibboleth.ext.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:336)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDatabase': Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myDatabase': Invalid connector configuration
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
Caused by: net.shibboleth.utilities.java.support.component.ComponentInitializationException: Data Connector 'myDatabase': Invalid connector configuration
    at net.shibboleth.idp.attribute.resolver.dc.rdbms.impl.RDBMSDataConnector.doInitialize(RDBMSDataConnector.java:141)
Caused by: net.shibboleth.idp.attribute.resolver.dc.ValidationException: Invalid connector configuration
    at net.shibboleth.idp.attribute.resolver.dc.rdbms.impl.DataSourceValidator.validate(DataSourceValidator.java:165)
Caused by: java.sql.SQLException: An SQLException was provoked by the following failure: java.lang.InterruptedException
    at com.mchange.v2.sql.SqlUtils.toSQLException(SqlUtils.java:118)
Caused by: java.lang.InterruptedException: null
    at java.lang.Object.wait(Native Method)
2018-02-02 21:24:44,543 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:183] - Service 'shibboleth.AttributeResolverService': Continuing to poll configuration
2018-02-02 21:24:44,543 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:199] - Service 'shibboleth.AttributeResolverService': Reload time set to: 900000, starting refresh thread
2018-02-02 21:24:44,544 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:484] - Finished creating instance of bean 'shibboleth.AttributeResolverService'

and

018-02-02 21:24:44,580 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:251] - Returning cached instance of singleton bean 'shibboleth.IdentifiableBeanPostProcessor'
2018-02-02 21:24:44,583 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:251] - Returning cached instance of singleton bean 'shibboleth.NameIdentifierGenerationResources'
2018-02-02 21:24:44,584 - TRACE [org.springframework.beans.TypeConverterDelegate:438] - Converting String to [interface org.springframework.core.io.Resource] using property editor [org.springframework.core.io.ResourceEditor@800d065]
2018-02-02 21:24:44,586 - TRACE [org.springframework.beans.TypeConverterDelegate:438] - Converting String to [interface org.springframework.core.io.Resource] using property editor [org.springframework.core.io.ResourceEditor@800d065]
2018-02-02 21:24:44,592 - DEBUG [org.springframework.beans.TypeConverterDelegate:315] - Original ConversionService attempt failed - ignored since PropertyEditor based conversion eventually succeeded
org.springframework.core.convert.ConversionFailedException: Failed to convert from type [java.util.ArrayList<?>] to type [@javax.annotation.Nonnull @javax.annotation.Nullable java.util.List<org.springframework.core.io.Resource>] for value '[C:/Program Files (x86)/Shibboleth/IdP/conf/saml-nameid.xml, C:/Program Files (x86)/Shibboleth/IdP/system/conf/saml-nameid-system.xml]'; nested exception is org.springframework.core.convert.ConverterNotFoundException: No converter found capable of converting from type [java.util.ArrayList<?>] to type [@javax.annotation.Nonnull @javax.annotation.Nullable org.springframework.core.io.Resource]
    at org.springframework.core.convert.support.ConversionUtils.invokeConverter(ConversionUtils.java:42)
Caused by: org.springframework.core.convert.ConverterNotFoundException: No converter found capable of converting from type [java.util.ArrayList<?>] to type [@javax.annotation.Nonnull @javax.annotation.Nullable org.springframework.core.io.Resource]
    at org.springframework.core.convert.support.GenericConversionService.handleConverterNotFound(GenericConversionService.java:313)
2018-02-02 21:24:44,596 - DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory:1678] - Invoking init method  'initialize' on bean with name 'shibboleth.NameIdentifierGenerationService'
2018-02-02 21:24:44,597 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:172] - Service 'shibboleth.NameIdentifierGenerationService': Performing initial load
2018-02-02 21:24:44,598 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:258] - Service 'shibboleth.NameIdentifierGenerationService': Reloading service configuration

When i use local postgres for fetching attributes in attribute-resolver.xml and for Authentication when i use JAAS with the same postgres server configuration that works fine.

com.tagish.auth.DBLogin required debug=true dbDriver="org.postgresql.Driver"
dbURL="jdbc:postgresql://TPA1238.enterprise.org:5444/cpe_admin" dbUser="admin_temp" dbPassword="temp2018"
userTable="user_details" userColumn="user_id" passColumn="user_id";

Solution

  • There was some compatibility issue for which i just upgraded my postgres driver to latest one and it worked. Link to download the driver. https://jdbc.postgresql.org/download.html

    I was using postgresql-9.4.1211.jre6.jar i tried with postgresql-42.2.1.jar and it worked.