Australian Access Federation Support Desk

Shared Token fails to generate/release with DB errors

by Dean Nottingham Follow

By default MySQL has a built in timeout that terminates connections when no data is sent over it for some defined period of time. A weekend with an IDP that doesn't get any use is more then enough to trigger this. The result is:


13:42:57.909 - ERROR [] - null 
Failed to get SharedToken from database 
13:42:57.910 - ERROR [] - Failed to resolve auEduPersonSharedToken 
13:42:57.910 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:307] - Resolved attribute auEduPersonSharedToken containing 0 values

of course the other part of the result is that you can't login to services that require this anymore :(.

There are a couple of ways to work around this currently

  1. Extend the timeout value specified in your my.cnf - 'timeout'/'connect-timeout' (MySQL version specific)
  2. Automate a restart of your IDP on a weekly basis with cron, say Monday morning at 4am

We're currently looking at reworking the shared token code and are in discussions with the current owners ARCS to progress this. By changing to a JNDI based datasource we'll eliminate the need for these workarounds altogether.

Have more questions? Submit a request

Was this article helpful?
0 out of 0 found this helpful


Powered by Zendesk