Bug 812657
Summary: | error when add new group the same with existing but different with lower and upper case on mysql | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Portal Platform 5 | Reporter: | vramik | ||||||
Component: | Portal | Assignee: | mposolda | ||||||
Status: | VERIFIED --- | QA Contact: | |||||||
Severity: | high | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 5.2.1.CR02 | CC: | epp-bugs | ||||||
Target Milestone: | --- | ||||||||
Target Release: | 5.2.2.ER01 | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: |
Picketlink IDM was performing case-sensitive comparison of group names with information stored in MySQL DB. Because MySQL DB does not record group names in a case-sensitive manner by default, cased group names such as "TEST_group" were not distinguishable from the group name "test_group". This issue affected search retrieval, as well as group creation. The issue can be fixed by configuring Picketlink IDM to compare group names in case-insensitive way. In picketlink-idm-config.xml, change the HibernateIdentityStore option "allowNotCaseSensitiveSearch" to true. Setting this option will prevent any Picketlink IDM exceptions relating to case insensitivity.
|
Story Points: | --- | ||||||
Clone Of: | Environment: | ||||||||
Last Closed: | Type: | Bug | |||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
vramik
2012-04-15 19:16:49 UTC
Created attachment 577578 [details]
log
Created attachment 577579 [details]
screenshot
Marek Posolda <mposolda> made a comment on jira GTNPORTAL-2475 Added option "allowNotCaseSensitiveSearch" into IDM configuration with default value true, which solves the MySQL case-sensitivity issue Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: CAUSE: When you creating new group, UI layer is trying to look if group with same name already exists and if yes, it shows message in UI and it won't try to creatre such group. MySQL is not case-sensitive by default. But when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. Then it tries to create group "TEST_group" but it is failing. FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. We need to document it and I am going to create separate Bugzilla for the documentation. Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,7 +1,7 @@ -CAUSE: When you creating new group, UI layer is trying to look if group with same name already exists and if yes, it shows message in UI and it won't try to creatre such group. +CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows message in UI and it won't try to creatre such group. -MySQL is not case-sensitive by default. But when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. Then it tries to create group "TEST_group" but it is failing. +MySQL DB is not case-sensitive by default, but Picketlink IDM is doing case-sensitive comparison of group names. So when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. But when it tries to create group "TEST_group", then it is failing because MySQL DB is not case-sensitive. FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. -RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. We need to document it and I am going to create separate Bugzilla for the documentation.+RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6. Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,7 +1,7 @@ -CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows message in UI and it won't try to creatre such group. +CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows message in UI and it won't try to create such group. MySQL DB is not case-sensitive by default, but Picketlink IDM is doing case-sensitive comparison of group names. So when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. But when it tries to create group "TEST_group", then it is failing because MySQL DB is not case-sensitive. FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. -RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6.+RESULT: So IDM is still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6. Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,7 +1 @@ -CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows message in UI and it won't try to create such group. +Picketlink IDM was performing case-sensitive comparison of group names with information stored in MySQL DB. Because MySQL DB does not record group names in a case-sensitive manner by default, cased group names such as "TEST_group" were not distinguishable from the group name "test_group". This issue affected search retrieval, as well as group creation. The issue can be fixed by configuring Picketlink IDM to compare group names in case-insensitive way. In picketlink-idm-config.xml, change the HibernateIdentityStore option "allowNotCaseSensitiveSearch" to true. Setting this option will prevent any Picketlink IDM exceptions relating to case insensitivity.- -MySQL DB is not case-sensitive by default, but Picketlink IDM is doing case-sensitive comparison of group names. So when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. But when it tries to create group "TEST_group", then it is failing because MySQL DB is not case-sensitive. - -FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. - -RESULT: So IDM is still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6. Verified again at 5.2.2 CR01 |