Il 14/11/2017 21:48, Tom Poage ha scritto:
This is why the most common profile for SAMLResponse is POST. That, or use SAML
Attribute Query (uncommon with SAML 2.0).
Hi Tom, thank you Tom for your answer.
I completely agree with you but ... the strange thing is that the *SP is
using POST* *binding* to send me the AuthnRequest.
Is there a way to force CAS IdP to some useful behavior?
Thank you in advance.
BR,
F.
Tom.
On Nov 14, 2017, at 8:59 AM, Fabio Martelli <fabio.marte...@gmail.com> wrote:
Hi All, I have some trouble with SAML Authentication through mod_proxy_http.
It seems that there is a strong limitation to 8k for http response headers: in
particular, my issue is about a redirect URL generated by CAS 5.2_RC4 [1].
As you know, this redirection requests results in a specific response header
specification: Location.
Unfortunately, the redirection URL results to be of ~13k. For this reason, the
Location header is truncated by mod_proxy and the SAML authentication fails
(authentication request results in an invalid XML).
Is there a known way to address this problem or I need to implement some custom
string compression somewhere?
I'm quite sure I cannot be alone facing with this kind of problem .... Please,
let me have your help.
Best regards,
F.
[1]
https://github.com/apereo/cas/blob/master/support/cas-server-support-saml-idp/src/main/java/org/apereo/cas/support/saml/web/idp/profile/AbstractSamlProfileHandlerController.java#L386-L403
--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html
Tirasa - Open Source Excellence
http://www.tirasa.net/index.html?pk_campaign=email&pk_kwd=fm
Apache Syncope PMC
http://people.apache.org/~fmartelli/
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/63e1b4dd-e8b6-8cb4-eb1d-7af4ad2b9e91%40gmail.com.
--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html
Tirasa - Open Source Excellence
http://www.tirasa.net/index.html?pk_campaign=email&pk_kwd=fm
Apache Syncope PMC
http://people.apache.org/~fmartelli/
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4939f4fa-26ac-94d6-aec4-19fadbd2501a%40gmail.com.
