Size of SAML Attribute Name in Session Store as varname

Document ID : KB000008098
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

SAML Attribute does not persist properly and at the time of retrieval the attribute value is blank. We noticed that this happens when teh attribute name is pretty  long string.

<ns2:Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">

Environment:
ProductName=CA SiteMinder Policy Server FullVersion=12.52.104.2032
Cause:

Problem seems to be with Column Length limitation on SessionStore Schema. Variable Name is restricted to 64 Characters (Table Schema given below).  In this usecase Assertion Attribute Name contains more than 64 characters ( e.g http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname), hence while storing assertion attributes in Session Store value truncation is happening. 

 

REATE TABLE [ss_sessionvar5] (

        [sessionid] [varchar] (64) NOT NULL ,

        [varname] [varchar] (64) NOT NULL ,

        [varvalue] [varchar] (4000) NOT NULL ,

        [chunkgroupid] [varchar] (256) ,

        [datasize] [int] ,

         PRIMARY KEY  CLUSTERED

        (

                [sessionid],

                [varname]

        )  ON [PRIMARY] ,

         FOREIGN KEY

        (

                [sessionid]

        ) REFERENCES [ss_sessionspec5] (

                [sessionid]

        )

 

) ON [PRIMARY]

Resolution:

As a workaround, we could increase [varname] [varchar] (64) NOT NULL in the above schema to 128 or 256 and test.