o365-moodle icon indicating copy to clipboard operation
o365-moodle copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Data too long for column 'sid'

Open christianabila opened this issue 3 years ago • 2 comments

Plugin version: v3.9.10 Moodle version: 3.9.16 IdP type: WSO2 (I hope to have answered this question right...:/) session_state value: please see the attached screenshot below

Since auth_oidc v3.9.10 a customer of ours is getting the following error message when logging into Moodle via OIDC:

Data too long for column 'sid'

Screenshot from 2022-09-09 10-40-07

christianabila avatar Sep 09 '22 08:09 christianabila

Hi @christianabila,

This is the first time we have an issue reported for a WSO2 IdP. A brief research suggests the IdP is oidc compliant too, so all good on this end.

The OIDC front channel logout document (https://openid.net/specs/openid-connect-frontchannel-1_0-06.html) states that for the sid claim in the logout functionality, Its syntax is the same as an OAuth 2.0 Client Identifier. And the OAuth 2.0 RFC document (https://datatracker.ietf.org/doc/html/rfc6749#page-15) states that The client identifier string size is left undefined by this specification. The client should avoid making assumptions about the identifier size. The authorization server SHOULD document the sizeof any identifier it issues.

In Azure AD, where most testing of the plugins were performed, the sid claim happens to be 36 characters long using hexadecimal encoding. I had a brief look at the WSO2 documentation but didn't find their sid claim format, in some examples, they do look like 36 characters hexadecimal encoded string. Could you get in touch with their support team to confirm the format of sid please. Once it's confirmed, the plugin can be updated to support it.

At the meantime, you can temporarily change the precision of the sid column in the DB to be something longer than the sid token received, e.g. 200, to see if it works. I think the limit is only applied to the database, and is not in the code, therefore it should just work.

Regards, Lai

weilai-irl avatar Sep 09 '22 09:09 weilai-irl

Thank you for the fast response time. @weilai-irl!

I have changed the column length to 200 and am awaiting a confirmation from our customer that the error has stopped appearing.

I also contacted the WSO2 support team - also awaiting their reply! Will keep you updated on that matter!

Regards, Chris

christianabila avatar Sep 09 '22 10:09 christianabila