Warning: Length of Relay state URL is greater than 80 characters.


Article ID: 22808


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On CA Single Sign On Federation (SiteMinder) SITEMINDER



Why the RelayState parameter for SAML2 POST now constraints on the 80
bytes OASIS limit, and throws a warning in the logs ?

Log extract:

  [WARNING] Length of Relay state https://server.domain:port/resourceXXXXXXXXXXX is greater than 80 characters



Earlier, SiteMinder was not reporting the length of the RelayState
value. However, now it will log an error message for all use cases
where RelayState is greater than 160 bytes. The transaction would
still run successfully and a warning message will be logged in
Federation log.

The following error message warning will be logged in the FWSTrace

  Warning: Length of Relay state <URL> is greater than 80 characters,
  where URL is the RelayState URL.

Siteminder doesn't set a maximum value for the RelayState value. Keep
in mind that :

  - OASIS specification specify that RelayState value should not exceed 80
    bytes (1).
  - Some Browsers or Web Servers might impose a limit in the length of
    the URL.


Additional Information



    3.4.3 RelayState
      RelayState data MAY be included with a SAML protocol message transmitted with this binding. The value
      MUST NOT exceed 80 bytes in length and SHOULD be integrity protected by the entity creating the
      message independent of any other protections that may or may not exist during message transmission.