Large AuthnRequest truncation

book

Article ID: 4952

calendar_today

Updated On:

Products

CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

 

I run Secure Cloud and when it processes an assertion, the Policy Server reports error:

[09/28/2016][14:16:14.657][14:16:14][5968][4013198192][AssertionGenerator.java] [invoke][a6f4f4eb-097c0e82-a7329a5c-fd148615-0d697747-c6][][][][][][][][][][] [][][][][][][][][][Error in getting configuration data. Leaving Assertion Generator Framework. Exception: java.lang.Exception: The Federation Web Service didn't send the request with a correct resource!

Internal Exception:

javax.xml.bind.UnmarshalException: Content is not allowed in prolog. and the assertion cannot be processed. 

 

AuthnRequest -> Truncated to 8,191 characters -> Authnrequest CANNOT be decoded using online decoder

 

Cause

 

It appears that there is a hard set buffer of 8192 bytes to store this AuthnRequest.

 

Environment

Secure Cloud 1.55;

Resolution

 

Hotfix provided by SE to resolve the issue:

 

CASecureCloud-1-55-Hotfix008.zip available at page:

 

http://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/technical-document-index/ca-secure-cloud-cumulative-hotfix-packages.html