Long assertion being truncated on Policy Server
search cancel

Long assertion being truncated on Policy Server


Article ID: 15587


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We have some users who are not able to login through WSFederation, and we found out that the WSFederation response generated for these users is getting truncated, as they have huge group information that needs to be sent as part of the response.

When checking the logs we see in the assertion the group information being interrupted with the characters: .]

It could be the Policy Server is truncating it as it is a very long assertion? How can we fix this?


Policy Server R12.52 SP1 CR00 on Windows 2008 R2


When IDP generates the assertion, and if it is very long exceeding 48K, the assertion is truncated on Policy Server side and the truncated assertion is sent to WAOP on IDP side.

This is fixed in R12.52 SP1 CR06:

00236681 DE102140 Policy Server truncates assertion data if the size of active response in assertion exceeds 48K.


Additional Information

R12.52 SP1 CR06 Defects fixed