Why the RelayState parameter for SAML2 POST now constraints on the 80
bytes OASIS limit, and throws a warning in the logs ?
[WARNING] Length of Relay state https://server.domain:port/resourceXXXXXXXXXXX is greater than 80 characters
Earlier, SiteMinder was not reporting the length of the RelayState
value. However, now it will log an error message for all use cases
where RelayState is greater than 160 bytes. The transaction would
still run successfully and a warning message will be logged in
The following error message warning will be logged in the FWSTrace
Warning: Length of Relay state <URL> is greater than 80 characters,
where URL is the RelayState URL.
Siteminder doesn't set a maximum value for the RelayState value. Keep
in mind that :
- OASIS specification specify that RelayState value should not exceed 80
- Some Browsers or Web Servers might impose a limit in the length of
RelayState data MAY be included with a SAML protocol message transmitted with this binding. The value
MUST NOT exceed 80 bytes in length and SHOULD be integrity protected by the entity creating the
message independent of any other protections that may or may not exist during message transmission.