Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Describe the issue:
When a user tries to log in to the application using the SSO, it produces an error saying that a constraint has not been added for the IDN_AUTH_SESSION_APP_INFO and hence the following query cannot be executed,
INSERT INTO IDN_AUTH_SESSION_APP_INFO(SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID,IDP_NAME)VALUES (?, ?, ?, ?, ?, ?) ON CONFLICT(SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID,IDP_NAME) DO UPDATE SET SESSION_ID = EXCLUDED.SESSION_ID, SUBJECT = EXCLUDED.SUBJECT, APP_ID = EXCLUDED.APP_ID, INBOUND_AUTH_TYPE = EXCLUDED.INBOUND_AUTH_TYPE, USER_ID = EXCLUDED.USER_ID, IDP_NAME = EXCLUDED.IDP_NAME;
due to the following error,
Caused by: org.postgresql.util.PSQLException: ERROR: there is no unique or exclusion constraint matching the ON CONFLICT specification ...
After adding a constraint for the SESSION_ID, SUBJECT, APP_ID, INBOUND_AUTH_TYPE, USER_ID and IDP_NAME, by using the following query,
ALTER TABLE IDN_AUTH_SESSION_APP_INFO ADD CONSTRAINT constraint_name UNIQUE (SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID,IDP_NAME);
the above error is getting resolved.
But, if an IdP has been set up(e.g. google) and user is logging the first time there is no issue, but if the same user is again trying to log out the following issue is generated.
Caused by: org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException: Error in performing Database query: '%s'INSERT INTO IDN_AUTH_SESSION_APP_INFO(SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID,IDP_NAME)VALUES (?, ?, ?, ?, ?, ?) ON CONFLICT(SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID,IDP_NAME) DO UPDATE SET SESSION_ID = EXCLUDED.SESSION_ID, SUBJECT = EXCLUDED.SUBJECT, APP_ID = EXCLUDED.APP_ID, INBOUND_AUTH_TYPE = EXCLUDED.INBOUND_AUTH_TYPE, USER_ID = EXCLUDED.USER_ID, IDP_NAME = EXCLUDED.IDP_NAME; ... Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "idn_auth_session_app_info_pkey"...
This is because if theIDP_NAME or USER_ID value is changed between two login attempts it is trying to insert the new values to the database by checking whether there is a conflict between SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID and IDP_NAME columns. And since there is no conflict with them if IDP_NAME or USER_ID values have been changed, the query is trying to insert the record to the database. But since the primary key has been defined only using SESSION_ID, SUBJECT, APP_ID and INBOUND_AUTH_TYPE, the duplicate key value violation is raised.
How to reproduce:
Add an Idp using Identity Providers → Add
Provide a name for the Idp and go to Federated Authenticators → Google Configuration
After providing client-id and client-secret register the Idp.
Add an SP using Service Providers → Add (e.g. travelocity.com)
Provide a name for the SP and go to Local & Outbound Authentication Configuration and select the Federated Authentication (The Idp we created) as the Authentication Type.
Then go to Inbound Authentication Configuration → SAML2 Web SSO Configuration → Configure
Give as issuer name (travelocity.com) and assertion consumer URL.
Enable IdP Initiated SSO and add the SP configurations.
Describe the issue: When a user tries to log in to the application using the SSO, it produces an error saying that a constraint has not been added for the IDN_AUTH_SESSION_APP_INFO and hence the following query cannot be executed,
INSERT INTO IDN_AUTH_SESSION_APP_INFO(SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID,IDP_NAME)VALUES (?, ?, ?, ?, ?, ?) ON CONFLICT(SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID,IDP_NAME) DO UPDATE SET SESSION_ID = EXCLUDED.SESSION_ID, SUBJECT = EXCLUDED.SUBJECT, APP_ID = EXCLUDED.APP_ID, INBOUND_AUTH_TYPE = EXCLUDED.INBOUND_AUTH_TYPE, USER_ID = EXCLUDED.USER_ID, IDP_NAME = EXCLUDED.IDP_NAME;
due to the following error,Caused by: org.postgresql.util.PSQLException: ERROR: there is no unique or exclusion constraint matching the ON CONFLICT specification ...
After adding a constraint for the SESSION_ID, SUBJECT, APP_ID, INBOUND_AUTH_TYPE, USER_ID and IDP_NAME, by using the following query,ALTER TABLE IDN_AUTH_SESSION_APP_INFO ADD CONSTRAINT constraint_name UNIQUE (SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID,IDP_NAME);
the above error is getting resolved.But, if an IdP has been set up(e.g. google) and user is logging the first time there is no issue, but if the same user is again trying to log out the following issue is generated.
Caused by: org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException: Error in performing Database query: '%s'INSERT INTO IDN_AUTH_SESSION_APP_INFO(SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID,IDP_NAME)VALUES (?, ?, ?, ?, ?, ?) ON CONFLICT(SESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID,IDP_NAME) DO UPDATE SET SESSION_ID = EXCLUDED.SESSION_ID, SUBJECT = EXCLUDED.SUBJECT, APP_ID = EXCLUDED.APP_ID, INBOUND_AUTH_TYPE = EXCLUDED.INBOUND_AUTH_TYPE, USER_ID = EXCLUDED.USER_ID, IDP_NAME = EXCLUDED.IDP_NAME; ... Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "idn_auth_session_app_info_pkey"...
This is because if theIDP_NAME
orUSER_ID
value is changed between two login attempts it is trying to insert the new values to the database by checking whether there is a conflict betweenSESSION_ID,SUBJECT,APP_ID,INBOUND_AUTH_TYPE,USER_ID
andIDP_NAME
columns. And since there is no conflict with them ifIDP_NAME
orUSER_ID
values have been changed, the query is trying to insert the record to the database. But since the primary key has been defined only usingSESSION_ID, SUBJECT, APP_ID
andINBOUND_AUTH_TYPE
, the duplicate key value violation is raised.How to reproduce:
Expected behavior: There should be no errors.
Environment information (Please complete the following information; remove any unnecessary fields) :