Bug 812657

Summary:

error when add new group the same with existing but different with lower and upper case on mysql

Product:

[JBoss] JBoss Enterprise Portal Platform 5

Reporter:

vramik

Component:

Portal

Assignee:

mposolda

Status:

VERIFIED ---

QA Contact:

Severity:

high

Docs Contact:

Priority:

unspecified

Version:

5.2.1.CR02

CC:

epp-bugs

Target Milestone:

---

Target Release:

5.2.2.ER01

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Picketlink IDM was performing case-sensitive comparison of group names with information stored in MySQL DB. Because MySQL DB does not record group names in a case-sensitive manner by default, cased group names such as "TEST_group" were not distinguishable from the group name "test_group". This issue affected search retrieval, as well as group creation. The issue can be fixed by configuring Picketlink IDM to compare group names in case-insensitive way. In picketlink-idm-config.xml, change the HibernateIdentityStore option "allowNotCaseSensitiveSearch" to true. Setting this option will prevent any Picketlink IDM exceptions relating to case insensitivity.

Story Points:

---

Clone Of:

Environment:

Last Closed:

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
log	none
screenshot	none

Description vramik 2012-04-15 19:16:49 UTC

Steps to Reproduce:
1. open portal with mysql and sign in as a root
2. go to Group -> Organization -> Users and groups management
3. go to Group Management tab
4. add group with name test_prl_03_02_005
5. click "level up icon"
6. add group with name TEST_PRL_03_02_005

Comment 1 vramik 2012-04-15 19:17:33 UTC

Created attachment 577578 [details]
log

Comment 2 vramik 2012-04-15 19:18:19 UTC

Created attachment 577579 [details]
screenshot

Comment 3 JBoss JIRA Server 2012-06-19 14:08:21 UTC

Marek Posolda <mposolda> made a comment on jira GTNPORTAL-2475

Added option "allowNotCaseSensitiveSearch" into IDM configuration with default value true, which solves the MySQL case-sensitivity issue

Comment 4 mposolda 2012-06-19 15:00:42 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
CAUSE: When you creating new group, UI layer is trying to look if group with same name already exists and if yes, it shows  message in UI and it won't try to creatre such group. 

MySQL is not case-sensitive by default. But when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. Then it tries to create group "TEST_group" but it is failing.

FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. 

RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. We need to document it and I am going to create separate Bugzilla for the documentation.

Comment 5 mposolda 2012-06-19 15:03:36 UTC

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,7 +1,7 @@
-CAUSE: When you creating new group, UI layer is trying to look if group with same name already exists and if yes, it shows  message in UI and it won't try to creatre such group. 
+CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows  message in UI and it won't try to creatre such group. 
 
-MySQL is not case-sensitive by default. But when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. Then it tries to create group "TEST_group" but it is failing.
+MySQL DB is not case-sensitive by default, but Picketlink IDM is doing case-sensitive comparison of group names. So when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. But when it tries to create group "TEST_group", then it is failing because MySQL DB is not case-sensitive.
 
 FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. 
 
-RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. We need to document it and I am going to create separate Bugzilla for the documentation.+RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6.

Comment 6 mposolda 2012-06-20 12:01:56 UTC

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,7 +1,7 @@
-CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows  message in UI and it won't try to creatre such group. 
+CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows  message in UI and it won't try to create such group. 
 
 MySQL DB is not case-sensitive by default, but Picketlink IDM is doing case-sensitive comparison of group names. So when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. But when it tries to create group "TEST_group", then it is failing because MySQL DB is not case-sensitive.
 
 FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. 
 
-RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6.+RESULT: So IDM is still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6.

Comment 7 Jared MORGAN 2012-08-21 00:57:30 UTC

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,7 +1 @@
-CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows  message in UI and it won't try to create such group. 
+Picketlink IDM was performing case-sensitive comparison of group names with information stored in MySQL DB. Because MySQL DB does not record group names in a case-sensitive manner by default, cased group names such as "TEST_group" were not distinguishable from the group name "test_group". This issue affected search retrieval, as well as group creation. The issue can be fixed by configuring Picketlink IDM to compare group names in case-insensitive way. In picketlink-idm-config.xml, change the HibernateIdentityStore option "allowNotCaseSensitiveSearch" to true. Setting this option will prevent any Picketlink IDM exceptions relating to case insensitivity.-
-MySQL DB is not case-sensitive by default, but Picketlink IDM is doing case-sensitive comparison of group names. So when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. But when it tries to create group "TEST_group", then it is failing because MySQL DB is not case-sensitive.
-
-FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. 
-
-RESULT: So IDM is still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6.

Comment 8 vramik 2012-08-27 15:13:19 UTC

Verified again at 5.2.2 CR01