Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1350

IdP fails to initialize if single quote included in property values

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.4.0
    • Fix Version/s: 3.4.1
    • Component/s: Configuration
    • Labels:
      None
    • Operating System:
      Windows
    • Java Version:
      Oracle Java 8
    • Servlet Container:
      Apache Tomcat 8.5

      Description

      As of version 3.4.0, the Shibboleth IdP fails to properly initialize if mismatched parenthesis are included in configuration property values.

      In certain environments, the password for our DataSealer key contains special characters, including standalone parenthesis. Example config follows (with a sanitized password demonstrating the same pattern):

      # Settings for internal AES encryption key
      #idp.sealer.storeType = JCEKS
      #idp.sealer.updateInterval = PT15M
      #idp.sealer.aliasBase = secret
      idp.sealer.storeResource = %{idp.home}/credentials/sealer.jks
      idp.sealer.versionResource = %{idp.home}/credentials/sealer.kver
      idp.sealer.storePassword = PasswdRmvdXcptTrailing##)
      idp.sealer.keyPassword = PasswdRmvdXcptTrailing##)

      On startup, this leads to a SEVERE log entry in our servlet container (Tomcat 8.5), and the IdP failing to initialize:

      ... 84 more
      Caused by: org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.expression.ParseException: Expression { 'PasswdRmvdXcptTrailing##)'.isEmpty() or 'PasswdRmvdXcptTrailing##)'.isEmpty() } @28: Found closing ')' at position 28 without an opening '('

      Full container logs (once again, with a sanitized password) are attached to this report. We can go through and roll the password on relevant credentials if this wasn't a supported use case in the first place, but for the time being we're holding off on upgrading, since it feels like a regression.

        Attachments

        1. localhost.2018-10-24.log
          23 kB
          mdomingues@uiowa.edu

          Issue Links

            Activity

              People

              Assignee:
              cantor.2@osu.edu Scott Cantor
              Reporter:
              mdomingues@uiowa.edu mdomingues@uiowa.edu
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 30 minutes
                  1h 30m