On Thu, Aug 31, 2017 at 7:51 AM, Francesco Chicchiriccò <ilgro...@apache.org > wrote:
> > Anyway, I see several SAML 2.0 implementations out there not enforcing the > 80 chars limit: would removing all but the AuthnRequestID from the current > JWT-based Relay State be an acceptable compromise? > Yeah, let's just leave it for now. We can always revisit if becomes a problem. +1 on removing the deflate encoding switch from the token. I'm not sure about removing the expiration, it's probably a good idea to reject stale RelayStates. Colm. > Regards. > > [1] https://github.com/apache/syncope/blob/2_0_X/ext/saml2sp/ >> logic/src/main/java/org/apache/syncope/core/logic/SAML >> 2SPLogic.java#L327-L329 >> [2] https://github.com/apache/syncope/blob/2_0_X/ext/saml2sp/ >> logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java#L408 >> > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com