character limit on REMOTE_USER

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

character limit on REMOTE_USER

Andrew Petro-3
Hi,

Anyone aware of a character limit on REMOTE_USER in a uPortal context?

Here's what happened: MyUW serves all of UW System. There's a new IdP in the Wisconsin Federation, with namespace @uwss.wisconsin.edu . That new IdP issues EPPNs with prefixes firstname.lastname . So I'd be something like [hidden email] .

In a my.wisconsin.edu context we use EPPN as REMOTE_USER.

So we suddenly have unprecedently long REMOTE_USER in some cases.

It's looking like users with 35-characters-or-fewer EPPN works fine, but with 36-characters-or-more it doesn't work.

I think it's REMOTE_USER that's implicated because when the problem happens, via Snooper, it's REMOTE_USER that's not set. EPPN is there, at least as a header.

I haven't proven this is the problem, but it's a strong working hypothesis at this point.

Running uPortal 4.2.1-ish.

Anyone seen anything like this?

-Andrew

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/dc616761-ccef-4551-beff-5a56a4dd409d%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

RE: character limit on REMOTE_USER

Andrey Postoyanets

Hi Andrew,

 

Our campus might be moving into this direction (federated logins with longer namespaces). Pretty sure, we will encounter something similar.

 

With best regards,

Andrey P, CUNY / Brooklyn College

 

From: 'Andrew Petro' via uPortal Community [mailto:[hidden email]]
Sent: Friday, January 24, 2020 11:10 AM
To: uPortal Community
Subject: [uportal-user] character limit on REMOTE_USER

 

CAUTION: This email is from outside BC, so examine it closely before opening attachments or clicking on links

 

Hi,

 

Anyone aware of a character limit on REMOTE_USER in a uPortal context?

 

Here's what happened: MyUW serves all of UW System. There's a new IdP in the Wisconsin Federation, with namespace @uwss.wisconsin.edu . That new IdP issues EPPNs with prefixes firstname.lastname . So I'd be something like [hidden email] .

 

In a my.wisconsin.edu context we use EPPN as REMOTE_USER.

 

So we suddenly have unprecedently long REMOTE_USER in some cases.

 

It's looking like users with 35-characters-or-fewer EPPN works fine, but with 36-characters-or-more it doesn't work.

 

I think it's REMOTE_USER that's implicated because when the problem happens, via Snooper, it's REMOTE_USER that's not set. EPPN is there, at least as a header.

 

I haven't proven this is the problem, but it's a strong working hypothesis at this point.

 

Running uPortal 4.2.1-ish.

 

Anyone seen anything like this?

 

-Andrew

 

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/dc616761-ccef-4551-beff-5a56a4dd409d%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/DBCC2266F6A26A46B17855670DE3FB9602EE9B8939%40explorer.BrooklynCollege.local.
Reply | Threaded
Open this post in threaded view
|

Re: character limit on REMOTE_USER

Andrew Petro-3
Resolved:

It turns out in MyUW's local uPortal implementation UP_USER.USER_NAME was a VARCHAR(35);

I think that's shorter width than uPortal 4.2.1 out of the box would generate -- maybe it was inherited from some older version in our local environment and that detail of the schema wasn't updated on upgrade. Dunno.

Anyway, in practice, 35 characters was enough. Until it wasn't. uPortal couldn't create entries for these "new" users in its user table so they couldn't fully log in.

Resolution was to widen that column. I doubled it to 70 characters. (I also widened the corresponding column in UP_PERSONDIR, for good measure, but that may not have been necessary.) Testing and initial reports from affected users suggest this fixed it.

Andrew

PS: The command: alter table UP_USER modify USER_NAME VARCHAR2(70 char);



On Friday, January 24, 2020 at 10:21:26 AM UTC-6, andreyp wrote:

Hi Andrew,

 

Our campus might be moving into this direction (federated logins with longer namespaces). Pretty sure, we will encounter something similar.

 

With best regards,

Andrey P, CUNY / Brooklyn College

 

From: 'Andrew Petro' via uPortal Community
Sent: Friday, January 24, 2020 11:10 AM
To: uPortal Community
Subject: [uportal-user] character limit on REMOTE_USER

 

CAUTION: This email is from outside BC, so examine it closely before opening attachments or clicking on links

 

Hi,

 

Anyone aware of a character limit on REMOTE_USER in a uPortal context?

 

Here's what happened: MyUW serves all of UW System. There's a new IdP in the Wisconsin Federation, with namespace @<a href="http://uwss.wisconsin.edu" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fuwss.wisconsin.edu\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBGAsmGOJyVVnm1AIWNAskne3T7A&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fuwss.wisconsin.edu\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFBGAsmGOJyVVnm1AIWNAskne3T7A&#39;;return true;">uwss.wisconsin.edu . That new IdP issues EPPNs with prefixes firstname.lastname . So I'd be something like [hidden email] .

 

In a <a href="http://my.wisconsin.edu" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fmy.wisconsin.edu\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG6YM-_hlYlvmcJSZ3SdsLBT7FZQQ&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fmy.wisconsin.edu\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG6YM-_hlYlvmcJSZ3SdsLBT7FZQQ&#39;;return true;">my.wisconsin.edu context we use EPPN as REMOTE_USER.

 

So we suddenly have unprecedently long REMOTE_USER in some cases.

 

It's looking like users with 35-characters-or-fewer EPPN works fine, but with 36-characters-or-more it doesn't work.

 

I think it's REMOTE_USER that's implicated because when the problem happens, via Snooper, it's REMOTE_USER that's not set. EPPN is there, at least as a header.

 

I haven't proven this is the problem, but it's a strong working hypothesis at this point.

 

Running uPortal 4.2.1-ish.

 

Anyone seen anything like this?

 

-Andrew

 

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/2b063aff-891e-40ad-a0c6-587e46a626c7%40apereo.org.