SQL Data too long error for table `authentication_holder_request_parameter` with high group length during token exchange

[DonaldChung-HK]

Hi,

I was made aware of a problem when user have around 30 groups, the token exchange will fail with a HTTP 500. Upon investigation, The AccesstokenIssued event of the exchange have showed up in the AUDIT log but the following happened.

I don't think this is necessary tied to the number of groups but rather the amount of character in the groups causing the subject_token state or request to be too long to exceed the limit of varchar(2048) in the table. Could you please investigate?

<timestamp>  INFO 8 --- [nio-8080-exec-3] i.i.m.i.c.o.g.TokenExchangeTokenGranter  : Client '<client-id>' requests token exchange from client '<client-id>' to impersonate user '<user>' on audience '<audience>' with scopes '<Scopes list>'
[EL Warning]: <timestamp>--UnitOfWork(<number>)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.7.9.v20210604-2c549e2208): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: com.mysql.cj.jdbc.exceptions.MysqlDataTruncation: Data truncation: Data too long for column 'val' at row 1
Error Code: 1406
Call: INSERT INTO authentication_holder_request_parameter (owner_id, val, param) VALUES (?, ?, ?)
        bind => [3 parameters bound]
Query: DataModifyQuery(sql="INSERT INTO authentication_holder_request_parameter (owner_id, val, param) VALUES (?, ?, ?)")

Thanks

[enricovianello]

Hi @DonaldChung-HK , this problem depends on the MitreID dependency which is storing the Authentication user's info into database. We should fix this as soon as we'll move away from it (we expect to migrate to latest Spring Security libraries during 2025, hopefully before June).

[robbarnsley]

Hi @enricovianello, is there any workaround for this in the interim?