New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SAMLv2 Identity Provider - RelayState MUST NOT exceed 80 bytes #2467
Comments
Thanks for opening this issue @konvergence . This looks to be working as designed. The SAML spec is old, and I don't know that anyone enforces this limitation. Are you opening this issue because FusionAuth is not functioning with another service provide due to this length, or are you just stating that we are creating a |
The saml provider that i need use, apply the limit of 80 characters on the relaystate. He justify this limit with the SAML spécification. If i understand your design, you use relaystate to keep some fusionauth contexts. But from a point of view of SAML exchanges there is no reason to do it. May be you could manage some contexts into server side sessions instead of to put them in the realystate. Anyway at these step this is a breaking point for us. |
Thanks for the additional detail @konvergence. FusionAuth is currently using the value encoded in the Can you share what IdP you are attempting to integrate with that is enforcing this limit? |
The IdP is an internal DEV of a Bank. So I can't give you a Product or a doc . |
Hi, |
SAMLv2 Identity Provider - RelayState MUST NOT exceed 80 bytes
Description
Non conformance with https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf
As well in "HTTP Redirect Binding" or "HTTP POST Binding", The RelayState value MUST NOT exceed 80 bytes
In "HTTP POST Binding" mode, the size of RelayState is shorter that in "HTTP Redirect Binding" mode but the size is more than 1100 characters
Affects versions
all and latest : 1.47.1
Steps to reproduce
Steps to reproduce the behavior:
Expected behavior
Why Fusionauth use a RelayState , specially in POST mode ?
Is there a way to reduce the RelayState to not exceed 80 chars ? specially in POST mode ?
Screenshots
If applicable, add screenshots to help explain your problem.
Platform
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
Additional context
The text was updated successfully, but these errors were encountered: