[mitreid-connect] Upgrade DB schema from 1.1.x to 1.2.x

Justin Richer jricher at mit.edu
Thu Dec 10 13:57:27 EST 2015 

The “GET” extracts the data, the “POST” uploads the data.

What that means is that you’ve got a lot of “user approved sites” on that server. You should have only one per user/site pair. However, the object you have listed below isn’t a “grant” it’s an “authorization holder” which should be getting cleaned up by the server’s timed scripts. Are you running those?

They should expire as the tokens and other objects that they help run expire.

 — Justin

> On Dec 10, 2015, at 1:34 PM, Luiz Omori <luiz.omori at duke.edu> wrote:
> 
> Yes, we were not planning to use the old schema. It occurred by mistake when we were testing the newer version.
> 
> I was testing the upgrade procedure by extracting the data from one of our production servers and send it to a test server. Since a POST is need, was using POSTMAN but it kept crashing. Then tried a simple GET from the browser after logging in and got an extremely large JSON. It has 67038+ entries under “grants”.  See example below. Any idea of what could be wrong? We will debug it otherwise. Our concern is that this info is being stored there and if unbounded the server is going to blow up at some point.
>      {
>         "id": 67038,
>         "ownerId": null,
>         "authentication": {
>           "clientAuthorization": {
>             "requestParameters": {
>               "grant_type": "password",
>               "client_secret": <removed>,
>               "client_id": <removed>,
>               "username": <removed>
>             },
>             "clientId": <removed>,
>             "scope": [
>               "openid",
>               "profile"
>             ],
>             "resourceIds": [],
>             "authorities": [],
>             "approved": true,
>             "redirectUri": null,
>             "responseTypes": [],
>             "extensions": {},
>             "extensionStrings": {}
>           },
>           "userAuthentication": "rO0ABXNyAE9vcmcuc3ByaW5nZnJhbWV3b3JrLnNlY3VyaXR5LmF1dGhlbnRpY2F0aW9uLlVzZXJuYW1lUGFzc3dvcmRBdXRoZW50aWNhdGlvblRva2VuAAAAAAAAATYCAAJMAAtjcmVkZW50aWFsc3QAEkxqYXZhL2xhbmcvT2JqZWN0O0wACXByaW5jaXBhbHEAfgABeHIAR29yZy5zcHJpbmdmcmFtZXdvcmsuc2VjdXJpdHkuYXV0aGVudGljYXRpb24uQWJzdHJhY3RBdXRoZW50aWNhdGlvblRva2Vu06oofm5HZA4CAANaAA1hdXRoZW50aWNhdGVkTAALYXV0aG9yaXRpZXN0ABZMamF2YS91dGlsL0NvbGxlY3Rpb247TAAHZGV0YWlsc3EAfgABeHABc3IAJmphdmEudXRpbC5Db2xsZWN0aW9ucyRVbm1vZGlmaWFibGVMaXN0_A8lMbXsjhACAAFMAARsaXN0dAAQTGphdmEvdXRpbC9MaXN0O3hyACxqYXZhLnV0aWwuQ29sbGVjdGlvbnMkVW5tb2RpZmlhYmxlQ29sbGVjdGlvbhlCAIDLXvceAgABTAABY3EAfgADeHBzcgATamF2YS51dGlsLkFycmF5TGlzdHiB0h2Zx2GdAwABSQAEc2l6ZXhwAAAAAncEAAAAAnNyAEJvcmcuc3ByaW5nZnJhbWV3b3JrLnNlY3VyaXR5LmNvcmUuYXV0aG9yaXR5LlNpbXBsZUdyYW50ZWRBdXRob3JpdHkAAAAAAAABNgIAAUwABHJvbGV0ABJMamF2YS9sYW5nL1N0cmluZzt4cHQAClJPTEVfQURNSU5zcQB-AAt0AAlST0xFX1VTRVJ4cQB-AApwcHNyAEFvcmcuc3ByaW5nZnJhbWV3b3JrLnNlY3VyaXR5LmxkYXAudXNlcmRldGFpbHMuTGRhcFVzZXJEZXRhaWxzSW1wbAAAAAAAAAFAAgAKWgARYWNjb3VudE5vbkV4cGlyZWRaABBhY2NvdW50Tm9uTG9ja2VkWgAVY3JlZGVudGlhbHNOb25FeHBpcmVkWgAHZW5hYmxlZEkAFGdyYWNlTG9naW5zUmVtYWluaW5nSQAUdGltZUJlZm9yZUV4cGlyYXRpb25MAAthdXRob3JpdGllc3EAfgADTAACZG5xAH4ADEwACHBhc3N3b3JkcQB-AAxMAAh1c2VybmFtZXEAfgAMeHABAQEBf____3____9zcQB-AAVzcQB-AAkAAAACdwQAAAACcQB-AA1xAH4AD3hxAH4AFHQATmNuPUNBVFNfZGFzaHNydixvdT1TZXJ2aWNlQWNjb3VudHMsb3U9RW50ZXJwcmlzZUFjY291bnRzLGRjPWRoZSxkYz1kdWtlLGRjPWVkdXB0AAxDQVRTX2Rhc2hzcnY=",
>           "savedUserAuthentication": {
>             "name": <removed>,
>             "sourceClass": "org.springframework.security.authentication.UsernamePasswordAuthenticationToken",
>             "authenticated": true,
>             "authorities": [
>               "ROLE_ADMIN",
>               "ROLE_USER"
>             ]
>           }
>         }
>       },
> 
> Regards,
> Luiz
> 
> From: Justin Richer <jricher at mit.edu <mailto:jricher at mit.edu>>
> Date: Thursday, December 10, 2015 at 10:48 AM
> To: Luiz Omori <luiz.omori at dm.duke.edu <mailto:luiz.omori at dm.duke.edu>>
> Cc: "mitreid-connect at mit.edu <mailto:mitreid-connect at mit.edu>" <mitreid-connect at mit.edu <mailto:mitreid-connect at mit.edu>>
> Subject: Re: [mitreid-connect] Upgrade DB schema from 1.1.x to 1.2.x
> 
> You cannot run a new server against the old schema, this is completely unsupported.
> 
> You need to export the data from the old server, drop the schemas, load the new schema from the appropriate DB file, and re-import the data. Upgrade instructions are here:
> 
> https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Upgrading-to-1.2 <https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Upgrading-to-1.2>
> 
> UserInfo is not exported or imported as most instances of MITREid Connect handle user account management externally.
> 
>  — Justin
> 
>> On Dec 10, 2015, at 9:46 AM, Luiz Omori <luiz.omori at duke.edu <mailto:luiz.omori at duke.edu>> wrote:
>> 
>> Hi,
>> 
>> Are there any scripts to upgrade the DB schema from 1.1.x to 1.2.x? By chance we run into some issues, for example with the new column client_details::clear_access_tokens_on_refresh, when trying to run a newer server against an old schema.
>> 
>> Regards,
>> Luiz
>> _______________________________________________
>> mitreid-connect mailing list
>> mitreid-connect at mit.edu <mailto:mitreid-connect at mit.edu>
>> http://mailman.mit.edu/mailman/listinfo/mitreid-connect <http://mailman.mit.edu/mailman/listinfo/mitreid-connect>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20151210/edf00315/attachment-0001.html

More information about the mitreid-connect mailing list