Steps to Reproduce: 1. open portal with mysql and sign in as a root 2. go to Group -> Organization -> Users and groups management 3. go to Group Management tab 4. add group with name test_prl_03_02_005 5. click "level up icon" 6. add group with name TEST_PRL_03_02_005
Created attachment 577578 [details] log
Created attachment 577579 [details] screenshot
Marek Posolda <mposolda> made a comment on jira GTNPORTAL-2475 Added option "allowNotCaseSensitiveSearch" into IDM configuration with default value true, which solves the MySQL case-sensitivity issue
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: CAUSE: When you creating new group, UI layer is trying to look if group with same name already exists and if yes, it shows message in UI and it won't try to creatre such group. MySQL is not case-sensitive by default. But when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. Then it tries to create group "TEST_group" but it is failing. FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. We need to document it and I am going to create separate Bugzilla for the documentation.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,7 +1,7 @@ -CAUSE: When you creating new group, UI layer is trying to look if group with same name already exists and if yes, it shows message in UI and it won't try to creatre such group. +CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows message in UI and it won't try to creatre such group. -MySQL is not case-sensitive by default. But when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. Then it tries to create group "TEST_group" but it is failing. +MySQL DB is not case-sensitive by default, but Picketlink IDM is doing case-sensitive comparison of group names. So when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. But when it tries to create group "TEST_group", then it is failing because MySQL DB is not case-sensitive. FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. -RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. We need to document it and I am going to create separate Bugzilla for the documentation.+RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,7 +1,7 @@ -CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows message in UI and it won't try to creatre such group. +CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows message in UI and it won't try to create such group. MySQL DB is not case-sensitive by default, but Picketlink IDM is doing case-sensitive comparison of group names. So when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. But when it tries to create group "TEST_group", then it is failing because MySQL DB is not case-sensitive. FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. -RESULT: So it's still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6.+RESULT: So IDM is still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,7 +1 @@ -CAUSE: When you are creating new group, UI layer is trying to look if group with same name already exists. If it exists, it shows message in UI and it won't try to create such group. +Picketlink IDM was performing case-sensitive comparison of group names with information stored in MySQL DB. Because MySQL DB does not record group names in a case-sensitive manner by default, cased group names such as "TEST_group" were not distinguishable from the group name "test_group". This issue affected search retrieval, as well as group creation. The issue can be fixed by configuring Picketlink IDM to compare group names in case-insensitive way. In picketlink-idm-config.xml, change the HibernateIdentityStore option "allowNotCaseSensitiveSearch" to true. Setting this option will prevent any Picketlink IDM exceptions relating to case insensitivity.- -MySQL DB is not case-sensitive by default, but Picketlink IDM is doing case-sensitive comparison of group names. So when you try to search group "TEST_group" and you already have "test_group", Picketlink IDM will return that group doesn't exist as it compares with respect to case-sensitivity by default. But when it tries to create group "TEST_group", then it is failing because MySQL DB is not case-sensitive. - -FIX: It's possible to fix it by configure Picketlink IDM to compare group names in case-insensitive way. This can be done by switch option "allowNotCaseSensitiveSearch" of HibernateIdentityStore in picketlink-idm-config.xml file to true. - -RESULT: So IDM is still case-sensitive by default. But customers have possibility to use the option and switch it to true to avoid exception. For now, it's documented here https://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ in Q6/A6.
Verified again at 5.2.2 CR01
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.