Warning: Length of Relay state URL is greater than 80 characters (SPS)
search cancel

Warning: Length of Relay state URL is greater than 80 characters (SPS)

book

Article ID: 22808

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

 

Why does the RelayState parameter for SAML2 POST now have constraints on the 80 bytes OASIS limit, and throws a warning in the logs?

Log extract:

  [WARNING] Length of Relay state https://_host.example.com:port/resourceXXXXXXXXXXX is greater than 80 characters

 

Resolution

 

Earlier, SiteMinder was not reporting the length of the RelayState value. However, now it will log an error message for all use cases where RelayState is greater than 160 bytes. The transaction would still run successfully and a warning message will be logged in the Federation log.

The following error message warning will be logged in the FWSTrace log:

  Warning: Length of Relay state <URL> is greater than 80 characters,

where URL is the RelayState URL.
  
Siteminder doesn't set a maximum value for the RelayState value. Keep in mind that:

  - OASIS specification specifies that the RelayState value should not exceed 80 bytes (1).
        
  - Some Browsers or Web Servers might impose a limit on the length of the URL.

 

Additional Information

 

(1)

    3.4.3 RelayState
    
      RelayState data MAY be included with a SAML protocol message transmitted with this binding. The value
      MUST NOT exceed 80 bytes in length and SHOULD be integrity protected by the entity creating the
      message independent of any other protections that may or may not exist during message transmission.
Powered by Wolken Software