Content length of the SOAP request is too long

This topic has 3 replies, 3 voices, and was last updated 4 years, 9 months ago by dhorbyspringer.

  • Author
    Posts
  • #12885
     Fakhruddin
    Participant

    Dears,

    Below is the scenario:

    SP : OpenAm
    IdP: PingFed

    Steps:
    1. SP Initiated SSO and sends SAML request.
    2. IdP verified and ask for authentication and shows login page.
    3. On successful login, it returns back to SP with SAML response having SAML attributes.
    4. In logs, I can see successful communication and SALM response also says
    <samlp:Status>
    <samlp:StatusCode Value=”urn:oasis:names:tc:SAML:2.0:status:Success” />
    </samlp:Status>

    But due to length of the response, I get the error : Content length of the SOAP request is too long

    Is there any way to configure the length or fix this issue ?

    Can anyone please help ?

    Regards,
    Fakhruddin

    #14848
     dhorbyspringer
    Participant

    We had the same problem here which caused problems with a lot of institutional logins. I found that the problem was in ./saml2/jsp/spAssertionConsumer.jsp where it does the following check on the response size:

        // to avoid dos attack
        // or use SAML2Utils?
        try {                       
            SAMLUtils.checkHTTPContentLength(request);
        } catch (ServletException se) {
            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
                "largeContentLength", se.getMessage());
            saml2Auditor.auditAccessFailure(String.valueOf(response.SC_BAD_REQUEST),
                    se.getMessage());
            return;
        }

    It gets the max value from a property ‘com.sun.identity.saml.request.maxContentLength’ which is set as 20480. I failed to find where it was set and to increase it. So in the end I just removed the code.

    #14850
     Rogerio Rondini
    Participant

    Hi,

    There is a configuration attribute “Maximum allowed content length” which is the number of bytes for Federation communications.

    You can find in OpenAM console “Configuration > global > common federation configuration > maximum allowed content length. The default is set at 20480 (bytes)”.

    At.
    Rogerio Rondini

    #14854
     dhorbyspringer
    Participant

    Ah, that’s where it is.

    Thanks Rogerio

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?