OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] IdP initiated SSO and RelayState

On 5/25/16, 1:48 PM, "Antonio Di Maio" <info@antoniodimaio.com> wrote:

>Actually I don't understand why there is this limitation in Relay State of 80 bytes.

One reason was to avoid people embedding arbitrarily long URLs that combined with an already encoded AuthnRequest would likely exceed browser limits.

The other reason was to encourage SPs to avoid leaking unnecessary information to the IdP that it doesn't need to know.

> Acutually it's part of the spec and nobody is respecting this, google as well.

I don't know what Google has to do with anything, but there aren't too many if any implementations that enforce it. And if you blow through the URL size limit it really doesn't matter what the server does, so it has more to do with what somebody would try and send in the first place.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]