Size of SAML Attribute Name in Session Store as varname

book

Article ID: 8098

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

SAML Attribute does not persist properly and at the time of retrieval the attribute value is blank. We noticed that this happens when teh attribute name is pretty  long string.

<ns2:Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">

Cause

Problem seems to be with Column Length limitation on SessionStore Schema. Variable Name is restricted to 64 Characters (Table Schema given below).  In this usecase Assertion Attribute Name contains more than 64 characters ( e.g http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname), hence while storing assertion attributes in Session Store value truncation is happening. 

 

REATE TABLE [ss_sessionvar5] (

        [sessionid] [varchar] (64) NOT NULL ,

        [varname] [varchar] (64) NOT NULL ,

        [varvalue] [varchar] (4000) NOT NULL ,

        [chunkgroupid] [varchar] (256) ,

        [datasize] [int] ,

         PRIMARY KEY  CLUSTERED

        (

                [sessionid],

                [varname]

        )  ON [PRIMARY] ,

         FOREIGN KEY

        (

                [sessionid]

        ) REFERENCES [ss_sessionspec5] (

                [sessionid]

        )

 

) ON [PRIMARY]

Environment

ProductName=CA SiteMinder Policy Server FullVersion=12.52.104.2032

Resolution

As a workaround, we could increase [varname] [varchar] (64) NOT NULL in the above schema to 128 or 256 and test.