We have some users who are not able to login through WSFederation, and we found out that the WSFederation response generated for these users is getting truncated, as they have huge group information that needs to be sent as part of the response.
When checking the logs we see in the assertion the group information being interrupted with the characters: .]
...<ns1:AttributeValue>SampleAttributeValue-351</ns1:AttributeValue><ns1:AttributeValue>SampleAttributeValue-352</ns1:AttributeValue> .] It could be the Policy Server is truncating it as it is a very long assertion? How can we fix this?
When IDP generates the assertion, and if it is very long exceeding 48K, the assertion is truncated on Policy Server side and the truncated assertion is sent to WAOP on IDP side.
This is fixed in R12.52 SP1 CR06:
00236681 DE102140 Policy Server truncates assertion data if the size of active response in assertion exceeds 48K.
R12.52 SP1 CR06 Defects fixed
KD : TEC1112648