<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>
<div>I know about GET/POST. Just trying to explain why we started with POSTMAN. The last step requires a POST, not sure how to do it straight from Chrome/Firefox without a plugin.</div>
<div><br>
</div>
<div>You are right, it’s the "authorization holder”. The retrieved JSON was too large (80+ MB) and a bit hard to follow things.</div>
<div><br>
</div>
<div>Yes, we are running the cleaner, however the version in production is missing the JTI for ID tokens, which causes an exception in the cleanup task when duplicates are found, which in turn prevents part of the cleanup task to execute :(</div>
<div><br>
</div>
<div>Regards,</div>
<div>Luiz</div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE"></div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>Justin Richer <<a href="mailto:jricher@mit.edu">jricher@mit.edu</a>><br>
<span style="font-weight:bold">Date: </span>Thursday, December 10, 2015 at 1:57 PM<br>
<span style="font-weight:bold">To: </span>Luiz Omori <<a href="mailto:luiz.omori@dm.duke.edu">luiz.omori@dm.duke.edu</a>><br>
<span style="font-weight:bold">Cc: </span>"<a href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a>" <<a href="mailto:mitreid-connect@mit.edu">mitreid-connect@mit.edu</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [mitreid-connect] Upgrade DB schema from 1.1.x to 1.2.x<br>
</div>
<div><br>
</div>
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
The “GET” extracts the data, the “POST” uploads the data.
<div class=""><br class="">
</div>
<div class="">What that means is that you’ve got a lot of “user approved sites” on that server. You should have only one per user/site pair. However, the object you have listed below isn’t a “grant” it’s an “authorization holder” which should be getting cleaned
up by the server’s timed scripts. Are you running those?</div>
<div class=""><br class="">
</div>
<div class="">They should expire as the tokens and other objects that they help run expire.</div>
<div class=""><br class="">
</div>
<div class=""> — Justin</div>
<div class=""><br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Dec 10, 2015, at 1:34 PM, Luiz Omori <<a href="mailto:luiz.omori@duke.edu" class="">luiz.omori@duke.edu</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-size: 14px; font-family: Calibri, sans-serif;" class="">
<div class="">
<div class="">Yes, we were not planning to use the old schema. It occurred by mistake when we were testing the newer version.</div>
<div class=""><br class="">
</div>
<div class="">I was testing the upgrade procedure by extracting the data from one of our production servers and send it to a test server. Since a POST is need, was using POSTMAN but it kept crashing. Then tried a simple GET from the browser after logging in
and got an extremely large JSON. It has 67038+ entries under “grants”. See example below. Any idea of what could be wrong? We will debug it otherwise. Our concern is that this info is being stored there and if unbounded the server is going to blow up at some
point.</div>
<div class="">
<pre style="line-height: normal; widows: 1; word-wrap: break-word; white-space: pre-wrap;" class=""> {
"id": 67038,
"ownerId": null,
"authentication": {
"clientAuthorization": {
"requestParameters": {
"grant_type": "password",
"client_secret": <removed>,
"client_id": <span style="font-family: Calibri, sans-serif;" class=""><removed></span><span style="font-family: Calibri, sans-serif;" class="">,</span><br class=""> "username": <removed>
},
"clientId": <span style="font-family: Calibri, sans-serif;" class=""><removed></span><span style="font-family: Calibri, sans-serif;" class="">,</span><br class=""> "scope": [
"openid",
"profile"
],
"resourceIds": [],
"authorities": [],
"approved": true,
"redirectUri": null,
"responseTypes": [],
"extensions": {},
"extensionStrings": {}
},
"userAuthentication": "rO0ABXNyAE9vcmcuc3ByaW5nZnJhbWV3b3JrLnNlY3VyaXR5LmF1dGhlbnRpY2F0aW9uLlVzZXJuYW1lUGFzc3dvcmRBdXRoZW50aWNhdGlvblRva2VuAAAAAAAAATYCAAJMAAtjcmVkZW50aWFsc3QAEkxqYXZhL2xhbmcvT2JqZWN0O0wACXByaW5jaXBhbHEAfgABeHIAR29yZy5zcHJpbmdmcmFtZXdvcmsuc2VjdXJpdHkuYXV0aGVudGljYXRpb24uQWJzdHJhY3RBdXRoZW50aWNhdGlvblRva2Vu06oofm5HZA4CAANaAA1hdXRoZW50aWNhdGVkTAALYXV0aG9yaXRpZXN0ABZMamF2YS91dGlsL0NvbGxlY3Rpb247TAAHZGV0YWlsc3EAfgABeHABc3IAJmphdmEudXRpbC5Db2xsZWN0aW9ucyRVbm1vZGlmaWFibGVMaXN0_A8lMbXsjhACAAFMAARsaXN0dAAQTGphdmEvdXRpbC9MaXN0O3hyACxqYXZhLnV0aWwuQ29sbGVjdGlvbnMkVW5tb2RpZmlhYmxlQ29sbGVjdGlvbhlCAIDLXvceAgABTAABY3EAfgADeHBzcgATamF2YS51dGlsLkFycmF5TGlzdHiB0h2Zx2GdAwABSQAEc2l6ZXhwAAAAAncEAAAAAnNyAEJvcmcuc3ByaW5nZnJhbWV3b3JrLnNlY3VyaXR5LmNvcmUuYXV0aG9yaXR5LlNpbXBsZUdyYW50ZWRBdXRob3JpdHkAAAAAAAABNgIAAUwABHJvbGV0ABJMamF2YS9sYW5nL1N0cmluZzt4cHQAClJPTEVfQURNSU5zcQB-AAt0AAlST0xFX1VTRVJ4cQB-AApwcHNyAEFvcmcuc3ByaW5nZnJhbWV3b3JrLnNlY3VyaXR5LmxkYXAudXNlcmRldGFpbHMuTGRhcFVzZXJEZXRhaWxzSW1wbAAAAAAAAAFAAgAKWgARYWNjb3VudE5vbkV4cGlyZWRaABBhY2NvdW50Tm9uTG9ja2VkWgAVY3JlZGVudGlhbHNOb25FeHBpcmVkWgAHZW5hYmxlZEkAFGdyYWNlTG9naW5zUmVtYWluaW5nSQAUdGltZUJlZm9yZUV4cGlyYXRpb25MAAthdXRob3JpdGllc3EAfgADTAACZG5xAH4ADEwACHBhc3N3b3JkcQB-AAxMAAh1c2VybmFtZXEAfgAMeHABAQEBf____3____9zcQB-AAVzcQB-AAkAAAACdwQAAAACcQB-AA1xAH4AD3hxAH4AFHQATmNuPUNBVFNfZGFzaHNydixvdT1TZXJ2aWNlQWNjb3VudHMsb3U9RW50ZXJwcmlzZUFjY291bnRzLGRjPWRoZSxkYz1kdWtlLGRjPWVkdXB0AAxDQVRTX2Rhc2hzcnY=",
"savedUserAuthentication": {
"name": <span style="font-family: Calibri, sans-serif;" class=""><removed></span><span style="font-family: Calibri, sans-serif;" class="">,</span><br class=""> "sourceClass": "org.springframework.security.authentication.UsernamePasswordAuthenticationToken",
"authenticated": true,
"authorities": [
"ROLE_ADMIN",
"ROLE_USER"
]
}
}
},</pre>
</div>
<div class=""><br class="">
</div>
<div class="">Regards,</div>
<div class="">Luiz</div>
<div class="">
<div id="" class=""></div>
</div>
</div>
<div class=""><br class="">
</div>
<span id="OLK_SRC_BODY_SECTION" class="">
<div style="font-family: Calibri; font-size: 12pt; text-align: left; border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in; border-top-color: rgb(181, 196, 223);" class="">
<span style="font-weight:bold" class="">From: </span>Justin Richer <<a href="mailto:jricher@mit.edu" class="">jricher@mit.edu</a>><br class="">
<span style="font-weight:bold" class="">Date: </span>Thursday, December 10, 2015 at 10:48 AM<br class="">
<span style="font-weight:bold" class="">To: </span>Luiz Omori <<a href="mailto:luiz.omori@dm.duke.edu" class="">luiz.omori@dm.duke.edu</a>><br class="">
<span style="font-weight:bold" class="">Cc: </span>"<a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a>" <<a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a>><br class="">
<span style="font-weight:bold" class="">Subject: </span>Re: [mitreid-connect] Upgrade DB schema from 1.1.x to 1.2.x<br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
You cannot run a new server against the old schema, this is completely unsupported.
<div class=""><br class="">
</div>
<div class="">You need to export the data from the old server, drop the schemas, load the new schema from the appropriate DB file, and re-import the data. Upgrade instructions are here:</div>
<div class=""><br class="">
</div>
<div class=""><a href="https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Upgrading-to-1.2" class="">https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Upgrading-to-1.2</a></div>
<div class=""><br class="">
</div>
<div class="">UserInfo is not exported or imported as most instances of MITREid Connect handle user account management externally.</div>
<div class=""><br class="">
</div>
<div class=""> — Justin</div>
<div class=""><br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On Dec 10, 2015, at 9:46 AM, Luiz Omori <<a href="mailto:luiz.omori@duke.edu" class="">luiz.omori@duke.edu</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-size: 14px; font-family: Calibri, sans-serif;" class="">
<div class="">Hi,</div>
<div class=""><br class="">
</div>
<div class="">Are there any scripts to upgrade the DB schema from 1.1.x to 1.2.x? By chance we run into some issues, for example with the new column client_details::clear_access_tokens_on_refresh, when trying to run a newer server against an old schema.</div>
<div class=""><br class="">
</div>
<div class="">Regards,</div>
<div class="">Luiz</div>
<div class="">
<div id="" class=""></div>
</div>
</div>
_______________________________________________<br class="">
mitreid-connect mailing list<br class="">
<a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a><br class="">
<a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect" class="">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a><br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</div>
</span></div>
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</div>
</span>
</body>
</html>