Limitation On Size Or Url Length With Target In OIF

(Doc ID 1357981.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version: 11.1.1.1 and later   [Release: No Release Description and later ]
Information in this document applies to any platform.

Symptoms


HI,
We are using OIF11g and using OAM10g as authentication engine. We have integrated one SP which is using SAML1.1. For redirecting the user to a deep link in the SP we are using TARGET attribute in the URL. This target attribute is getting populated correctly by SP and send to IDP for authentication. Below is the URL format that SP is using to redirect the user to IDP for authentication purpose.

https://<>:443/fed/idp/samlv11sso?providerid=XXXXX&TARGET=XXXXXXXXXXXX

We are seeing two behaviors with OIF for TARGET url, when SP is sending a TARGET url around 66 characters OIF is able to send back the TARGET URL correctly, however when SP is sending the TARGET URL with more than 200 characters then OIF is truncating some part of the TARGET url and sending it to SP.

I looked at the oracle documentation there is no specific information on TARGET url length or size. Could you please let me know if there are any restrictions on size or length of the TARGET url. We have configured database as session store for OIF.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms