Policy Server fails to insert data into Session Store due to varname column length in ss_sessionvar5 table
search cancel

Policy Server fails to insert data into Session Store due to varname column length in ss_sessionvar5 table

book

Article ID: 435978

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

When running a SiteMinder Policy Server with an ODBC Session Store, transaction failures may occur if a Federation Attribute (FED_ATTR) name exceeds 64 characters.

For example, an attribute formatted as:

FED_ATTR.http://schemas.example.org/<path-to-an-application>/<sub-path>/<sub-path-id>

If the string following the dot "." is longer than 64 characters, the Policy Server cannot insert the record into the Session Store because the value exceeds the schema definition for the varname column.

Environment

Policy Server: 12.8 / 12.9 (and higher)
Session Store: MySQL Enterprise (ODBC)
Table: ss_sessionvar5

Cause

In the default SiteMinder schema for MySQL (sm_mysql_ss.sql.unicode), the ss_sessionvar5 table is defined with a 64-character limit for the varname field:

CREATE TABLE ss_sessionvar5
(
    [...]
    sessionid       VARCHAR(255)    NOT NULL,
    varname         VARCHAR(64)     NOT NULL, -- FED_ATTR.name will be written in this one
    varvalue        VARCHAR(4000)   NOT NULL,
    datasize        INT DEFAULT 0,
    PRIMARY KEY     (sessionid, varname)
    [...]
)

Modern federation use cases may (but this is rare) involve long URIs as attribute names, which easily exceed this 64-character threshold.

Resolution

To resolve this issue, increase the length of the varname column to 200 characters.

This provides enough overhead for long Federation attributes while remaining safely within MySQL’s architectural limits.

Implementation Steps

Run the following SQL command against your Session Store database:

SQL> ALTER TABLE ss_sessionvar5 MODIFY varname VARCHAR(200) NOT NULL;

Critical Technical Note: Avoid Excessive Length

While it may be tempting to set the varname to a much larger value (e.g., VARCHAR(3000)), this is strongly discouraged due to MySQL InnoDB row size limits.

  1. Row Size Limit: MySQL InnoDB has a maximum row size limit of 8,126 bytes.
  2. Current Calculation:

    varvalue is already VARCHAR(4000).
    sessionid is VARCHAR(255).
    datasize (INT) uses 4 bytes.

  3. The Risk: If you set varname to 3,000, the total potential row size (accounting for multi-byte character sets) could exceed 8,126 bytes.
    This can lead to database crashes or "Row size too large" errors when the Policy Server attempts to write data.

Recommendation: Increasing varname to VARCHAR(200) is sufficient for most Federation use cases and ensures the table remains stable and performant.

Powered by Wolken Software