By default MySQL has a built in timeout that terminates connections when no data is sent over it for some defined period of time. A weekend with an IDP that doesn't get any use is more then enough to trigger this. The result is:
13:42:57.909 - ERROR [au.org.arcs.shibext.sharedtoken.SharedTokenDataConnector:226] - null
Failed to get SharedToken from database
13:42:57.910 - ERROR [au.org.arcs.shibext.sharedtoken.SharedTokenDataConnector:227] - Failed to resolve auEduPersonSharedToken
13:42:57.910 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:307] - Resolved attribute auEduPersonSharedToken containing 0 values
of course the other part of the result is that you can't login to services that require this anymore :(.
There are a couple of ways to work around this currently
- Extend the timeout value specified in your my.cnf - 'timeout'/'connect-timeout' (MySQL version specific)
- Automate a restart of your IDP on a weekly basis with cron, say Monday morning at 4am
We're currently looking at reworking the shared token code and are in discussions with the current owners ARCS to progress this. By changing to a JNDI based datasource we'll eliminate the need for these workarounds altogether.