Why does the RelayState parameter for SAML2 POST now have constraints on the 80 bytes OASIS limit, and throws a warning in the logs?
[WARNING] Length of Relay state https://server.domain:port/resourceXXXXXXXXXXX is greater than 80 characters
Earlier, SiteMinder was not reporting the length of the RelayState value. However, now it will log an error message for all use cases where RelayState is greater than 160 bytes. The transaction would still run successfully and a warning message will be logged in the Federation log.
The following error message warning will be logged in the FWSTrace log:
Warning: Length of Relay state <URL> is greater than 80 characters,
where URL is the RelayState URL.
Siteminder doesn't set a maximum value for the RelayState value. Keep in mind that:
- OASIS specification specifies that the RelayState value should not exceed 80 bytes (1).
- Some Browsers or Web Servers might impose a limit on the length of the URL.
RelayState data MAY be included with a SAML protocol message transmitted with this binding. The value
MUST NOT exceed 80 bytes in length and SHOULD be integrity protected by the entity creating the
message independent of any other protections that may or may not exist during message transmission.