Layer7 Access Management

Expand all | Collapse all

RelayState Limitation for SAML 2.0

  • 1.  RelayState Limitation for SAML 2.0

    Posted 10-06-2014 02:33 AM

    If I use more than 80 characters in RelayState then SPS gives me the warning stating that "RelayState is greater than 80 characters", but it's working fine.

    If I use more than 80, then will it affect my implementation in anyway may be in long run?

     

    So I would like to know that how many number of character can SiteMinder Support in RelayState Query String? Anyone have any idea on this?

     



  • 2.  Re: RelayState Limitation for SAML 2.0

    Posted 10-08-2014 09:40 AM

    It is expected to log that message about "80 characters" because it is from the SAML specification.

    But it does not mean we will truncate the value to 80 characters, so you would find longer relaystate still works.

     

    I do not know what would be the maximum length siteminder can support. You can submit a case if you need the actual limit.

    But as the URL can grow pretty long while federating, you might hit the 2000 chars limit on the IE browser before hitting siteminder limit(if there is).



  • 3.  Re: RelayState Limitation for SAML 2.0

    Posted 01-04-2017 03:50 AM

    Hi,

     

    Just wanted to do a quick addition to Kim's answer, actually SSO/SiteMinder do not have any limit for the length of RelayState, so it just logs the warning message as Kim mentioned because of SAML specifications.

    So, actually it may have an effect depending on the browser when too long RelayState is appended to the redirecting URL, but there is no limit on SSO/SiteMinder.

     

    Best regards,

     

    Albert F.