Layer7 Access Management

Expand all | Collapse all

Question about MaxUserAttributeLength Setting

Jump to Best Answer
  • 1.  Question about MaxUserAttributeLength Setting

    Posted 03-09-2015 11:26 AM

    In order to accommodate the large number of groups our users are in, when we implemented the SharePoint Agent, we had to increase the default value of MaxUserAttributeLength in the wsfed.properties file on the policy servers. Would this setting also apply to SAML assertions generated by Federation agents using the same policy servers?



  • 2.  Re: Question about MaxUserAttributeLength Setting

    Posted 03-09-2015 05:13 PM

    brodginskicc

     

    What version of SiteMinder is being used?

     

    The reason I ask this is because when SharePointAgent Program was delivered on early R12SP3 during that time; WSFED code logic used to look at wsfed.properties file. This file was used only for WSFED journey's.

     

     

    However a change was introduced in SiteMinder (starting R12 SP3 CR10) we have a different properties file called EntitlementGenerator.properties; this properties file is applicable for all Protocols.

     

    #################################################

    Default values for user assertion attribute length in EntitlementGenerator.properties are provided as follows: 

          For WS-FED:

    Property name      : com.netegrity.assertiongenerator.wsfed.MaxUserAttributeLength

    Property Type       : integer

    Default value        : 1024

     

          For SAML1.1:

    Property name      : com.netegrity.assertiongenerator.saml1.MaxUserAttributeLength

    Property Type       : integer

    Default value        : 1024

     

          For SAML2.0:

    Property name      : com.netegrity.assertiongenerator.saml2.MaxUserAttributeLength

    Property Type       : integer

    Default value        : 1024

     

    If user configures a value < 0 or value = 0 for any of the above attributes, then default value of 1024 will be used.

    ####################################################




    I would recommend you test these value properly and carefully. As I am unsure what version is being used on your end.




    Hope this helps!



    Regards


    Hubert



  • 3.  Re: Question about MaxUserAttributeLength Setting

    Posted 03-10-2015 08:49 AM

    Our policy servers are 12.0 SP3 CR12. We do not want our assertions generated for SAML to use this setting. It’s only needed for our  SharePoint users Sounds like what you are saying is, if we leave the value in the wsfed.prodperties file, we are getting what we want. Is that correct?



  • 4.  Re: Question about MaxUserAttributeLength Setting
    Best Answer

    Posted 03-10-2015 09:45 AM

    brodginskicc

     

    Yes as long as it works with wsfed.properties in the current release it is good. Hence you are all set from SharePoint SSO perspective in R12 SP3 CR09. From R12 SP3 CR10 onwards use EntitlementGenerator.properties.

     

    Until R12SP3CR09 wsfed.properties is used.

    Post R12SP3CR10 wsfed.properties is ignored and only EntitlementGenerator.properties is honored.

    The crux is only one of the properties file is honored, not both (wsfed.properties is the older way and EntitlementGenerator.properties is future).

     

    However if it does stop working using wsfed.properties in latest release when you upgrade e.g. the product does not ship or use wsfed.properties anymore - in such an event you do have a fall back alternative to use EntitlementGenerator.properties.

     

    Agent for SharePoint Integrated Documents

     

    SNIP>

    Different File Location for Fixing Truncated Attributes in SharePoint

    The Agent for SharePoint uses the MaxUserAttributeLength setting to control the length of the attributes displayed in SharePoint.

    For 12.0.3 and 12.5.0, this setting was in the following file:

    policy_server_home\config\properties\wsfed.properties  

    For 12.5.1, the MaxUserAttributeLength is located in a different file:

    policy_server_home\config\properties\EntitlementGenerator.properties  

    Update the MaxUserAttributeLength setting in the EntitlementGenerator.properties file so that it matches the one that you used in the older version of the Agent for SharePoint.

    <SNIP

     

     

    Hope this helps and if it helped resolved the query; kindly mark the thread closed.

     

     

    Regards

     

    Hubert