Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't index binary tokens #194

Closed
yurem opened this issue Mar 28, 2016 · 3 comments
Closed

Don't index binary tokens #194

yurem opened this issue Mar 28, 2016 · 3 comments
Milestone
CE 3.0.2

Comments

@yurem
Copy link
Contributor

yurem commented Mar 28, 2016
edited by tecoholic
Loading

According to CE configuration there is index for attribute 'oxAuthTokenCode'

But not all oxAuthTokenCode values are GUID or simple string. Exmple:

oxAuthTokenCode: eyJ0eXAiOiJKV1QiLCJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2In0.CtyWJYmptQnJZ2xL_T1h4ClnlyEzsr_xYGsrLwfmVHW6-Uk7xrj4KbIa6-5IdCCTlce93FiYf5YhpxxKr5Umwc5W4Hnwn4mCMnizSyuQSINlS0VYhfUdN2iEgcCAH7LglyFfNSJFdYU_1BReauuTkU9L4KR0e-GpNOMM5gCArldoCtZd8T9f8ztDfMMY5A3jzGy-2NyR6i1z-YjHl7txZdswOHv0XAispPOAA8Qx1rNGlcs8rc_Tfosv5HdGRMW1_UoCSiGvZyxSpSBQ-PTruDdqvMhWs8hYesDraWcW7kKG0xofBIcxunf9ai9RlsaSXprayhZ5clUpuXIYXKxIcg.AyZJBo9rSvEGapROK48iRA.i_aOmpeksbgn-8kowdPbUCsAGsICatL9acKDnkUHNTBzxvpMrQkepYWUKfwrx-Bhrfx9EhaMlP-INndmYU0jtDsnrV3VNy_lhwBQ3KspmWe2Xz2YuHplDz25Q234xdkhu6kx-6WFYnfqhF9bl5VX_fz6rO3ppOGvbOZVetypNxQFBx9ogRZB5BhtsadM5Nf3wzzh0slRJ26h7RgipfHdZdN5n4nrqze_MwKNH8n4VK270h7TQrScm_yutGhdT36kh-3_0DDC3zeEz1Bcuv1H4r0RmMCKarEBZeYLTQGolOQM8GXJsVoKzXlhni_VQi4l4u8b4BrA1tnFLpm7yDKl7ohPpy2LprFcEaRk1TxX0kcZl6KcMLfB8I-jbHDvOfNl4NK95WvmMhT9EskPkeMQiXqRMFwhsLNhomSOp6GDySABMXXzVNp9P11w54CpRJ4Ig8G8RLl8GI216lE3QuzlKsOOdedy96bEjIJ5hy1xO831CDo9OE5GCR8r_T_Kr4xVIazTWy_RL2zofoPTe6QX5Ergu3ewkWXTN1W6U4cmTpWH0QiMasb71xCJb5gwfM5PY0J_Nk97mfq0syRO8cMH0QeFbEz_8DO6-aXFoBL54Qbyu3zAv8OKNUZ4HjpDMhuzqwO4qEwmYHkgZCSZtK9pybFaUS-7xNiD0EEMCbMZIMAcCl9lF35eg3oifCNiuB8ve55v43o0veGzq399BVtotWtC0MRM7HSsTNFlF3yxN7hpVwlojFVhb8D2k21PQK_znLptpzNNaQIQt0AibQHLgd7D0ysMJoisvbOTk4JEpGGm_ySLYdZAkqjZHng-ksUD5SiMFdWjbodYuFnEAd3w5Xvf0FtVOCi5vdxzHpZb0KowDBBMkPYPI1N_gTkyCo4r4Zy3xXNAvWDXxVPBY_CBQWWDJZd2gV04ZhXNdcKK62bbqWIfYEojozVxl65Eim20j2NgAryRh4mPdtx-d46iXDHDFPJ6NAmE-zq77TkCFISRO2iTvavVR4F-JsasS7WpnXnSRck0zS412IEMYviTJf8-f2xJs8fZ3EZJDsmAHjPHSMKtpYnAimZEwcGguVXkEr0HZ574D3YRRdrq0TBH6pAFPKySFOJIzC8L1wMjMcLnmTh6WrCoq-8GJHZwoFCFaVcxE522pdwtDOXqWZDpKMNnlwdTnzGRPj7V9L7mO2IrvhmCLGVmVI0_BZoFaUqR1f-INfZNpRx9ReHjOW0anr5YX2Y5wAMlZo03s0ae9-hncIEg3WC3PtqkAcQTJlJL0ANY5RXVd0ThYY8bBgKKqEOePCfTRlz3vVqPL-nkokBSCvyvAD5KFbemmPPaBjODKpKc7PwrXQMhf2G-QMIHrA3e7VpV0yDufs7T8XDPEKZtZFuZDHxqln-nNjF-sxqGZS5nna-6hhNnIPIlqZUqoQ3ThjqCbFATC-raSefua9f7AMjYp6C3P13Yt9d2Zt2PALxuquxxvMSpN23KqYB5cybkQXLdfXHp0ZVSUilAGK0EecnZmrfqDa-9Jad3em_NqgD0YHj287VC0m3XQsp1ayIr4LKt2x-9nqsEjtYKvSUmgvzx6HcU65t6iq6dVHdul5D02dVfcqL7o4G4ucjCuxyJzSlFEY9RuQm2nXXySOlzqHZOFd51FjYBs7J5qb4GEsinS1KV6KugAtC-Zf8bKwWcl0cM7G-F7TiServPeQR1FUUj4NQ-KlVnn9YcYKrfzLGyOBGsBcmYkWLYXOHZmBpJu18bFZerCHotq4Qs6yL5XBFqSJxKXJ8G_xYGBntF.vefz12dKxsbS4qosaeyY6K7RGspv_8zkZh-h-jH9rgA
oxAuthTokenType: id_token

It's not right approach to index such values.
For example we can generate SHA2 hashcode of this value and use it to search by token.
@yurem
Copy link
Contributor Author

yurem commented Mar 28, 2016

Also OpenDJ 3 PDB backend doesn't allow to insert such long values into index fields:
LDAP: error code 80 - Unchecked exception during database transaction: Maximum size=2047 original size=0

@yuriyz
Copy link
Contributor

yuriyz commented Mar 29, 2016

our jwt are quite long. Indeed it's good idea to hash it. Also it may be good time to write index tests according to:
http://idmdude.com/2014/01/01/opendj-indexes-explained/

@nynymike nynymike added this to the CE 3.0.2 milestone Apr 7, 2017
@willow9886 willow9886 mentioned this issue Apr 10, 2017
Closed
@willow9886
Copy link
Contributor

Closed and re-opened as a CE Setup issue: GluuFederation/community-edition-setup#284

yurem added a commit that referenced this issue Jun 9, 2020
@yurem
Add new persistence custom script oxAuth #194
336aa97
yurem added a commit that referenced this issue Jun 9, 2020
@yurem
Add new persistence custom script oxCore #194
3120325
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
CE 3.0.2
Development

No branches or pull requests
4 participants
@yuriyz @nynymike @willow9886 @yurem